From matt at mattbostock.com Sat Jun 23 11:22:36 2007 From: matt at mattbostock.com (Matt Bostock) Date: Sat, 23 Jun 2007 18:22:36 +0000 Subject: [SA-exim] Identifying repeat offenders using the tuplets Message-ID: Hello all, I've been using SA-Exim for a few months and it has been BRILLIANT. I just recently increased the score weightings for the Razor2 and DCC plugins for SA, and combined with SA-Exim and effect has been phenomenal. I want to parse the tuplets dir to search for 'repeat offenders', i.e. IP addresses that send high-scoring spam to multiple recipients. What do I need to look for in the tuplets files? For example, what does the 'Query Count' represent? Many thanks for your help, Matt :-) From marc at merlins.org Mon Jun 25 15:31:04 2007 From: marc at merlins.org (Marc MERLIN) Date: Mon, 25 Jun 2007 15:31:04 -0700 Subject: [SA-exim] Identifying repeat offenders using the tuplets In-Reply-To: References: Message-ID: <20070625223104.GA3253@merlins.org> On Sat, Jun 23, 2007 at 06:22:36PM +0000, Matt Bostock wrote: > Hello all, > > I've been using SA-Exim for a few months and it has been BRILLIANT. I just recently increased the score weightings for the Razor2 and DCC plugins for SA, and combined with SA-Exim and effect has been phenomenal. > > I want to parse the tuplets dir to search for 'repeat offenders', i.e. IP addresses that send high-scoring spam to multiple recipients. What do I need to look for in the tuplets files? For example, what does the 'Query Count' represent? You can look at the perl module, it's pretty simple really. Query Count shows how many times that greylist combo made a connection since the file was created on disk. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ From matt at mattbostock.com Mon Jun 25 18:33:39 2007 From: matt at mattbostock.com (Matt Bostock) Date: Tue, 26 Jun 2007 1:33:39 +0000 Subject: [SA-exim] Identifying repeat offenders using the tuplets In-Reply-To: <20070625223104.GA3253@merlins.org> References: <20070625223104.GA3253@merlins.org> Message-ID: Thanks Marc! Matt On Mon, 25 Jun 2007 15:31:04 -0700, Marc MERLIN wrote: > On Sat, Jun 23, 2007 at 06:22:36PM +0000, Matt Bostock wrote: >> Hello all, >> >> I've been using SA-Exim for a few months and it has been BRILLIANT. I > just recently increased the score weightings for the Razor2 and DCC > plugins for SA, and combined with SA-Exim and effect has been phenomenal. >> >> I want to parse the tuplets dir to search for 'repeat offenders', i.e. > IP addresses that send high-scoring spam to multiple recipients. What do I > need to look for in the tuplets files? For example, what does the 'Query > Count' represent? > > You can look at the perl module, it's pretty simple really. > > Query Count shows how many times that greylist combo made a connection > since > the file was created on disk. > > Marc > -- > "A mouse is a device used to point at the xterm you want to type in"