info about spam messages
David Relson
relson at osagesoftware.com
Thu Jun 17 15:06:00 CEST 2004
On Thu, 17 Jun 2004 15:44:51 +0300
Tayfun ASKER wrote:
> Hi Tom,
>
> on our systems,
>
> number of users: ~25k
> daily emails: ~100k
> blocked by MTA: ~3k
> blocked by procmail filters: ~3k
> caught by bogofilter as spam: ~20k
>
> some From addresses (bogus or not) repeat themselves over and over
> again. six months ago, a single ip address sent us 250k spam messages
> in one day. fortunatelly that ip address had been already on the
> access list. i think there is no harm in filtering
> known-validated-manually edited addresses.
>
> i have been looking for a way to extend our current access list for
> MTA level blocking and since bogofilter can catch most of the spam
> traffic, using the logs of bogofilter seemed to be the most direct way
> for this.
>
> Regards,
>
> Tayfun
>
>
> >
> > But the lesson I got here is that unless you are dealing with
> > >>1,000
> > emails a day, you probably won't find many repeat customers when it
> > comes to catching IP addresses that send spam.
> >
Tayfun,
I've taken a look at the code and recognizing/saving/printing an email
address is much harder than dealing with an ip address. As a first
issue, bogofilter already had the idea of IPADDR. It doesn't have any
concept of EMAIL_ADDR. In fact, "@" is a delimiter, so
"username at domain.com" becomes two separate tokens "username" and
"domain.com".
Sorry.
David
More information about the Bogofilter
mailing list