Milter-greylist

egcrosser <egcrosser@...> wrote:

> Anyway, as this information is used to update peer rating rather than
> to make firm decisions, I think this approach still *can* be used: if
> the remote regularily tries to send messages that MTA find completely
> unacceptable, this is a hint that it may be wrong-doing.

In my opinion the easiest way to catch spammer is to use honeypot
addresses. Publish such an address in an HTML comment on your website,
and you'll get spam in it within 3 days.

So you can discover which IP sends you spam. With DST
(ftp://ftp.espci.fr/pub/dst), you can exchange this information with
other sites in real time, and you can feed a DNSRBL with it. For now the
DNSRBL only gets the IP, but we can immagine storing the number of bad
mails or other informations.

Once you have the info in the DNSRBL, then we can start thinking about
funny applications. The information is easy to access. Your idea would
be to increase the greylist delay? But the spam will always finnally hit
your machine, won't it?
 
-- 
Emmanuel Dreyfus
Il y a 10 sortes de personnes dans le monde: ceux qui comprennent 
le binaire et ceux qui ne le comprennent pas.
manu@...