Question about spamassassin using MySQL

Steven W. Orr steveo at syslang.net
Tue Apr 26 10:54:01 EDT 2005


On Tuesday, Apr 26th 2005 at 10:19 -0400, quoth Bruce Dawson:

=>On Mon, 2005-04-25 at 21:54 -0400, Benjamin Scott wrote:
=>> On Apr 25 at 3:13pm, Bruce Dawson wrote:
=>> > Steven: Thanks for the clarification. I was under the impression that the 
=>> > milter is called only after the message had been received.
=>>      Obviously, in order to do content analysis or other magic on a message, you 
=>> have to receive the content.  As I understand it, what these tools do is allow 
=>> the SMTP "DATA" verb to be sent, and to receive some or all of the data from 
=>> the sender.  Then, before the SMTP result code 250 ("Message accepted for 
=>> delivery") code is sent, the filter runs and makes a decision.  If the message 
=>> fails, an SMTP error status code is sent instead.
=>
=>Hmmm. So milters actually won't be much good for reducing the amount of
=>bandwidth occupied by spam - most of the message comes through before a
=>decision is made.
=>
=>My observation has been that some spammers don't wait for the 250 reply,
=>and will just cut the connection after sending the "dot" command.
=>
=>--Bruce
=>

One of the solutions to that problem is to use the new greet_pause 
feature. It attacks the problem at the begging instead of at the end:

greet_pause     Adds the greet_pause ruleset which enables open proxy
                and SMTP slamming protection.  The feature can take an
                argument specifying the milliseconds to wait:

                        FEATURE(`greet_pause', `5000')  dnl 5 seconds

                If FEATURE(`access_db') is enabled, an access database
                lookup with the GreetPause tag is done using client
                hostname, domain, IP address, or subnet to determine the
                pause time:

                        GreetPause:my.domain    0
                        GreetPause:example.com  5000
                        GreetPause:10.1.2       2000
                        GreetPause:127.0.0.1    0

                When using FEATURE(`access_db'), the optional
                FEATURE(`greet_pause') argument becomes the default if
                nothing is found in the access database.  A ruleset called
                Local_greet_pause can be used for local modifications, 
e.g.,

                        LOCAL_RULESETS
                        SLocal_greet_pause
                        R$*             $: $&{daemon_flags}
                        R$* a $*        $# 0



-- 
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net



More information about the gnhlug-discuss mailing list