25 setembro, 2007
mailsys - a toolkit based on
When I first published gsinlistd (the co-operative anti-spam tool) I didn't realize it was so effective.
Started with v0.3-pre (indeed stable!), now I am continuing to work along with v0.5.
gMailSys started firstly with gsinlistd, now started to grow, and formed the mailsys toolkit.
The mailsys toolkit has a nice tool (gspamcompare) to measure spam. One of the interesting services of this tool is the so called "dig-service": it shows at once the SBL listings for IP(s).
This toolkit will be published soon; it uses the following libs:
Back to gspamcompare: take a look on the poa_check_ips.sh script output for my small server:
These are rats trying to drop spam, caught by greylistd; they are not polite, just close the TCP connection instead of issuing the QUIT command. By logging and processing these entries, alone, or again, in a co-operative way (like gsinlistd does by itself, and in addition!) it is possible to make short and real-time black-lists.
By the time I am writting this, I did run the same script in a big server online (from a friend) -- and caught two or three white-list entries. For those who know how greylist works, it is rather obvious greylist did its job, but now we have to enter with intrusive schemes like SpamAssassin. To avoid this extra work you can just monitor the Exim logs (say in each 15 mins) and black-list the unexpected rats.
This period is important: if it is too wide (beyond 60 mins, which is the usual greylist no-grace period) it is ineffective; if it is too narrow the process is too frantic searching for log dates. 15 min is fair and effective.
Removing these rats after one week of good behaviour seems rational. I.e., as long as the rats are no longer listed during the whole week, the black-list entries are removed; they have, however, to pass again to the regular grey-list stage. And the story comes back to the begining...
One great advantage: no real need of SpamAssassin for those kinds of unpolite rats.
Started with v0.3-pre (indeed stable!), now I am continuing to work along with v0.5.
gMailSys started firstly with gsinlistd, now started to grow, and formed the mailsys toolkit.
The mailsys toolkit has a nice tool (gspamcompare) to measure spam. One of the interesting services of this tool is the so called "dig-service": it shows at once the SBL listings for IP(s).
This toolkit will be published soon; it uses the following libs:
- libgmail
a library to dig mail boxes, and in general to deal with mail stuff; - liblowstream
the cyphered protocol used also by gsinlistd; - libgobj (refer to xpfweb_v2x)
- libgobjeio
(just an small lib for some dummy interfaces)
Back to gspamcompare: take a look on the poa_check_ips.sh script output for my small server:
These are rats trying to drop spam, caught by greylistd; they are not polite, just close the TCP connection instead of issuing the QUIT command. By logging and processing these entries, alone, or again, in a co-operative way (like gsinlistd does by itself, and in addition!) it is possible to make short and real-time black-lists.
By the time I am writting this, I did run the same script in a big server online (from a friend) -- and caught two or three white-list entries. For those who know how greylist works, it is rather obvious greylist did its job, but now we have to enter with intrusive schemes like SpamAssassin. To avoid this extra work you can just monitor the Exim logs (say in each 15 mins) and black-list the unexpected rats.
This period is important: if it is too wide (beyond 60 mins, which is the usual greylist no-grace period) it is ineffective; if it is too narrow the process is too frantic searching for log dates. 15 min is fair and effective.
Removing these rats after one week of good behaviour seems rational. I.e., as long as the rats are no longer listed during the whole week, the black-list entries are removed; they have, however, to pass again to the regular grey-list stage. And the story comes back to the begining...
One great advantage: no real need of SpamAssassin for those kinds of unpolite rats.
