Milter-greylist

--- In milter-greylist@yahoogroups.com, manu@... wrote:
> 
> Let's try to move forward on the autoblack idea: what would you expect
> it to do? Do you want to feed a DNSRBL? Do you want to start refusing
> any mail coming from the sender IP for some period?  
>

I have been giving autoblacklisting a lot of thought, so please allow
me to give my ideas about this topic.

Currently, I run a setup with a 'honeypot' account; an account that I
have deliberately published on the web to attract spam, but that will
never receive a legitimate email message.

So far, I have been using the incoming undetected spam to train the
Spamassassin Bayesian filter ('train-on-error'). This has proven very
effective, especially with the honeypot account running with less
greylisting delay than the normal user accounts. The reduced delay
makes sure any spam training will have taken place before the spam
gets delivered to the regular accounts.

To take this approach one step further with milter-greylist, my
suggestion is to include the option to work with a honeypot account,
and use the connecting IP addresses to automatically build a black
list (which will expire within a given number of days to avoid the
list growing out of control).

I expect autoblacklisting in combination with greylisting to be
extremely effective. Spam assaults from a particular (hijacked) host
seem to come in mega-bursts, with hundreds of messages sent to a wide
range of users on my machine. In all cases both sender and receiver
addresses vary, as does the message. The common thread is the fact
that they come from a single host.

By delaying the user accounts for a little while, while allowing the
honeypot account to build its black list in real time, these bursts of
messages should effectively be countered.

I am very excited about the idea and love to hear any reactions.

Rudy.