ram wrote:
I get a lot of spam on my servers which get detected by SA though are
generated by innocent mail servers.
We see a lot of mail users have insanely simple passwords , spammers are
using these accounts and send spam. By the time the administrator
realizes the server has sent 1000's of spam
If spamassassin had an option to send abuse report to servers
automatically and send mails to abuse@<server-admin> the moment the
first sure spam comes in the admin could be warned before much damage
has been done. Obviously we limit to only 1 or 2 reports in an hour to a
particular id
The problem is, where spamassassin ties into the mail chain, it doesn't
have any power to generate emails. It's a message filter, any action
beyond modifying the message at hand would be inappropriate.
You might want to look at a log watcher like swatch to handle this.
In my own setup, I use prelude IDS for log monitoring, and have Nagios
configured to fire off alarm emails when the prelude event rate gets too
high. However, that's probably very over-complicated if you don't
already use both tools for other network monitoring needs.
