Re: connection level whitelist/blacklists anyone?

[Sam Robertson]

No, and SA already has the ability to white/blacklist either by using 
RBLs or using email address based lists.

My thinking was kind of 'authoritative' white/black lists that would 
allow you to short-circuit spamassassin entirely.  In other words, if 
connecting ip is in the blacklist, just /dev/null|NDR|deny the receiving 
of the message.

Of course it does add a 'configuraton' file that would need to be read 
by the milter, but that in and of itself is not entirely a 'bad' thing.

This could be extended to support blacklisting/whitelisting envelope 
senders and recipients and stuff, but that can also be done within 
Sendmail using virtusertable or other means.  And, yeah, you could also 
blacklist connecting ips in your firewall.

Eventually, what I would like to build is something that monitors all 
incoming mail.  When it hits a certain threshold of connections in a 
given time, it would automatically short-term blacklist the connecting 
ip, or possibly just temp_fail them.  In any case, one could add some 
analysis to make the blacklisting/whitelisting somewhat intelligent, but 
it's down the road.

Sam

Dan Nelson wrote:
> In the last episode (Mar 11), Sam Robertson said:
>
> > Would this be useful to anyone?  Has it already been proposed?
>
>
> Are you looking for a modification to spamassassin to allow the
> connecting IP to be passed to it so you can have rules trigger off it? 
> I agree that would be nice.

smime.p7s
Description: S/MIME Cryptographic Signature