On 1/29/2006 10:27 PM, William Leibzon wrote:
What I'm thinking for one of the next stages is change this whitelisting
ip database into (IP,score) where score is updated and is medium of the
scores of the emails that came from the system before - i.e. it basicly
is a real-time updated reputation system.
I did some work on something like this a while back by overloading the
SpamAssassin auto-whitelist database--tuples and reputation information is
already stored there, and I pass most incoming mail through SA while the
session is still active, so I get to reuse some of that info for free.
http://www.ehsco.com/misc/sagrey/ is where the SA plugin lives if you want
to look at it.
Right now I'm only using it to add an extra score for mail that appears to
be spam and originated from an unknown tuple, but what I want to do is
defer acceptance based on whether or not the rule fired (essentially
allowing me to restrict greylisting to mail that is likely spam from
unknown tuples). I couldn't do that with Postfix last time I looked
(header checks could not generate a DEFER action) and I haven't had time
to rebuild my whole mail system yet.
As to what you are pursuing, a similar approach would let you leverage the
reputation score associated with the tuple in the AWL, which seems to be
mostly what you are looking for.
--
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg