Dave Anderson <[EMAIL PROTECTED]> writes: > Or take advantage of the (by default) 25 minute window to use other > means to detect that this address is sending spam. Perhaps spamd should > be extended to look for excessive attempts to send messages from an > address during that period? (How often do spammers' lists contain only > one or two addresses from a domain?)
You could probably use straight rdr instead of rdr pass to feed spamd, then in the relevant pass rule apply your source tracking options and overload and some table magic for that -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
