Alan Knowles
Posts: 390
Nickname: alank
Registered: Sep, 2004
|
Alan Knowles is Freelance Developer, works on PHP extensions and PEAR.
|
|
|
|
1c Spam - the fight continues.. 15
|
Posted: Sep 18, 2004 10:57 AM
|
|
735
Defer unknowns has proved very successful, with success rates of more than 1000 spams per day removed from my email box.
My original code parsed the exim log, and built black,white and greylists by selecting checkboxes ona web page. It was effective, but involved a little maintenaince. (daily review, and mostly blacklisting IP addresses.)
By looking at the general pattern of this, it became clear, that most spammers fire off a large number of hijacked PC's and just run through a big email list. If it fails (eg. defer), they just give up on that machine, and pass it along to the next (often changing the signature). - It's a known trick to do defer greylisting on this. Basically first time that ip contacts you, you respond, defer, try later.. next time, you let it through. (In my new scheme, I only black/grey/white list the ones that tried more than once - which should significantly reduce the amount of maintenance, and makes spotting good IP addresses alot easier.
The other beauty of the new solution is that it doesnt involve parsing logs anymore, it's almost a pure exim/mysql solutions, with my manual categorizing a considerably simpler web page.
The exim config I'm using is available in the extended entry.
or have a look at the simple spam manager interface
I guess if you want to run this on a bigger site, you might want to go to the mysql conference where you can find out reall answers form mysql developers, and experts. (and if you go to the php conference at the same place/time, you can see me talking about php5 and pear.)
20
Read: 1c Spam - the fight continues.. 15
|
|
Previous Topic
