Milter-greylist

reschauzier <reschauzier@...> wrote:
 
> To take this approach one step further with milter-greylist, my
> suggestion is to include the option to work with a honeypot account,
> and use the connecting IP addresses to automatically build a black
> list (which will expire within a given number of days to avoid the
> list growing out of control).

As of today you can do that by feeding a local DNSRBL and using it
within milter-greylist. What's wrong withthis approach, and what would
we win with having milter-greylist doing the job?

Is it to avoid the greylisting delay before your DNSRBL feeder sees the
message? Then perhaps hacking a plugin to the urlcheck feature would
make the deal:

urlcheck "autoblack" "http://www.example.net/blacklist.cgi?addr=%i" 5
acl greylist rcpt "spamtrap@..." urlcheck "autoblack" flushaddr

Then blacklist.cgi gets the sender IP in addr and can feed a DNSRBL on
first send, without suffering the greylisting delay. 

NB: urlcheck is available in CVS version.
 
> I expect autoblacklisting in combination with greylisting to be
> extremely effective. Spam assaults from a particular (hijacked) host
> seem to come in mega-bursts, with hundreds of messages sent to a wide
> range of users on my machine. In all cases both sender and receiver
> addresses vary, as does the message. The common thread is the fact
> that they come from a single host.

Hmmm... They use botnets, they can attack from thousands of different IP
at once, and they probably will soon.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...