From: "Rob Skedgell" <[EMAIL PROTECTED]>
On Tuesday 13 Sep 2005 21:15, Markus Eskola wrote:
[...]
Just a quick question regarding the reporting... Do you guys report
all spam (including the once that SA allready caught) or only the
ones that got thru the net?
Currently in my setup I have 3-4 diffrent users who move all the spam
that got thru into certain folders eg SPAM under IMAP. These folders
are scanned, emptied and reported once a night thru a script.
If someone has a more effectie way, I'd appreciate a hint in the right
direction.
Most of it (5.0 <= score <= 30.0) gets LARTed by a java program that
goes through the "confirmed spam" IMAP folder to the contacts.abuse.net
addresses for the IP address that sent to my MX, SpamCop and is also
posted to NANAS. If it scores over 30 it hits a discard ACL in exim.
Anything that sneaks through under 5.0 or went to a role account is also
singled out for extra vindictiveness and LARTed manually to anything
SpamTool missed and whois data checked very carefully for RFCI whois
eligibility (and a WDPRS report).
Oh, and I have a patched Mail::SpamAssassin::Plugin::URIDNSBL to pass
the domain names scanned over UDP to another listening application that
tests for "missing" entries in RFCI bogusmx and automatically sends the
submission by email. It also sends BCCs to postmaster@ and abuse@ so
that victims of "friendly fire" (through inadvertently using a CNAME
for their MX rather then deliberately registering 127.0.0.1) can get
unlisted.
++++++
Ah, you are one of the people polluting the BLs. Thanks.... not.
Why not be a little saner and adopt a score higher than 5.0, a very
marginal spam score, for reporting. That way you are not reporting
false alarms and injuring innocent people.
{^_^}
