Hi! I use TMDA (www.tmda.net) together with SA in order to sort out most of the spam in my system... The few mails, that arent blocked by RBL or caught/rejected by SA all seem to have one thing in common: They reside on teh same chinese server. Is it somehow possible to create a filter to do an IP lookup on all URL's in a message, and if a URL then matches a specific IP range, then this should add e.g. 3 to the score ?
More exactly, the hostnames I've noticed the last to times are www.tedchders.com and www.returness.com - both resolves to 61.128.193.125, and as far as I remember when reporting to SpamCop, the abuse contact for spam slipping though always seems to be the same. I suspect this 61.128.193.0/24 range to host a lot of spammer-sites and would therefore like to add a score if any URL's in the message is located on a server on that particular subnet... Anyone ? /Brian
