Discussion:
[SA-exim] Identifying repeat offenders using the tuplets
Matt Bostock
2007-06-23 18:22:36 UTC
Permalink
Hello all,

I've been using SA-Exim for a few months and it has been BRILLIANT. I just recently increased the score weightings for the Razor2 and DCC plugins for SA, and combined with SA-Exim and effect has been phenomenal.

I want to parse the tuplets dir to search for 'repeat offenders', i.e. IP addresses that send high-scoring spam to multiple recipients. What do I need to look for in the tuplets files? For example, what does the 'Query Count' represent?

Many thanks for your help,
Matt :-)
Marc MERLIN
2007-06-25 22:31:04 UTC
Permalink
Post by Matt Bostock
Hello all,
I've been using SA-Exim for a few months and it has been BRILLIANT. I just recently increased the score weightings for the Razor2 and DCC plugins for SA, and combined with SA-Exim and effect has been phenomenal.
I want to parse the tuplets dir to search for 'repeat offenders', i.e. IP addresses that send high-scoring spam to multiple recipients. What do I need to look for in the tuplets files? For example, what does the 'Query Count' represent?
You can look at the perl module, it's pretty simple really.

Query Count shows how many times that greylist combo made a connection since
the file was created on disk.

Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/
Matt Bostock
2007-06-26 01:33:39 UTC
Permalink
Thanks Marc!

Matt
Post by Matt Bostock
Post by Matt Bostock
Hello all,
I've been using SA-Exim for a few months and it has been BRILLIANT. I
just recently increased the score weightings for the Razor2 and DCC
plugins for SA, and combined with SA-Exim and effect has been phenomenal.
Post by Matt Bostock
I want to parse the tuplets dir to search for 'repeat offenders', i.e.
IP addresses that send high-scoring spam to multiple recipients. What do I
need to look for in the tuplets files? For example, what does the 'Query
Count' represent?
You can look at the perl module, it's pretty simple really.
Query Count shows how many times that greylist combo made a connection since
the file was created on disk.
Marc
--
"A mouse is a device used to point at the xterm you want to type in"
Loading...