On Wed, 27 Jul 2005 13:35:58 -0600, Ruud wrote:
What would you define as the "sender address"?
You could go for the same triple as greylisting uses:
{SERVER-IP, SMTP-MAIL-FROM (=Sender), SMTP-RCPT-TO
(=Recipient)}
and treat every new triple as a potential spammer. Deliver
a report of a
stalled message to the Recipient(s) and let them click on
Block / Maybe OK / Accept
where Block will insert the triple into the blocklist,
Accept will
insert the triple into the greenlist and deliver the
message, and Maybe
OK will only deliver the message but not change any list.
If the elements of the triple are not given to procmail
(like by
Sendmail, through parameters), then you'll have to try to
reconstruct
them from the message. There are often only limited ways
to do that.
My mail server is very cooperative and I think will be willing to fix
sendmail so as to give the message envelope information to procmail as
parameters, which will set environment variables. The mail server people
previously (Siteworks) expressed willingness to cooperate. For reasons
not related to blocking spam, I am very interested in having access to the
envelope recipient information as well.
I like your idea very much. Once spam is positively identified as coming
from a given SERVER-IP, then all mail coming from that server could
automatically be assigned a degree of suspicion. Any legitimate email
correspondents who mail is sent by that server could be notified of the
fact that their server is a spammer.
I understand that the envelope SMTP-MAIL-FROM might easily be forged, the
same as the message headers - correct?
(I'm receiving list mails in digest mode, so I can't make my replies
follow threads, sorry.)
--
Regards, Lloyd
(1st email to me should contain "Standish" in message subject or body.)
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail