info about spam messages

[Tayfun ASKER]

Hi Greg,
  You are absolutely right. Building the access list, unfortunately, will
never be a fully automated process and it will consume some sysadm time. 
I'm not planning to add every single ip or email adress found in the 
logs to the access list. Blocking the persistent spam senders will be 
enough.

Regards,

Tayfun



Greg McCann wrote:
> Tayfun,
> 
> 
>>i would like to feed the access list
> 
>>from the results of bogofilter.
> 
> I would think twice about automatically blocking any address classified as spam by bogofilter.  Bogofilter cannot be 100% accurate, and before long you may end up blocking messages from your own server!  For example, I send out a monthly summary of spam blocking activity to the rest of the people in my office.  This message invariably ends up getting classified as spam by bogofilter.  If I was automatically blocking based on bogofilter results it would lead to disaster.  (Yes, I need to add something to .procmailrc to allow this message to bypass bogofilter.)
> 
> The only automatic blocking I do is for spamtrap addresses.  I have a dynamic blackhole zone set up on my dns server, and any email to a spamtrap bypasses bogofilter and goes straight to a script that extracts the sender's IP address and updates the dynamic dns zone.  I use a sendmail rbl check to block mail from any address listed in the blackhole zone.  To keep the zone from getting much too big, I keep a database of blocked addresses and automatically expire them after n days of inactivity.
> 
> 
> Greg McCann
> 
> 
> _______________________________________________
> Bogofilter mailing list
> Bogofilter at bogofilter.org
> http://www.bogofilter.org/mailman/listinfo/bogofilter
>