[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: abuse report management system

Aaron Thoreson wrote:
procmail, arffilter (http://wordtothewise.com/products/arffilter.html), perl, mysql

We use procmail to filter the inbound messages through 'arffilter' (to read ARF - formatted attachments/messages) which then goes on to a perl script that fetches certain header information. Then we process it daily and watch for spikes, new sources, etc. I agree that a human need examine the content and make final decisions, as the subject lines and formatting of various organizations' abuse complaints vary wildly. You'll be constantly amending your procmail rules and modifying your perl scripts.

The only affordable system I've seen out there is Word to the Wise's Abacus system. I'm sure Remedy or something similar has a product, but as far as open source, I'm not sure.

Please don't kill me for this but we offer this capability with MPP. It is not open source but affordable. We can do all kinds of custom processing based on email content.

M Katz


Wojciech Ziniewicz wrote:
2009/8/11 Andy Davidson <andy@nosignal.org>:
This is dangerous, you wouldn't want your customers to see the original
abuse request, and you wouldn't like outsiders to be able to cut off your customers by filing invented abuse emails that trigger the threshold in your automated system. Serious allegations need to be checked with the use of,
for example, netflow records, and you may require to build a different
process based on messages from law enforcement agencies or similar.

Abuse handling is a specialist skill and should be done by humans.

I dont want any of theese.
What i want is a system that will trap abuse emails and notify me when
certain client reaches the trigger of let's say 10 abuse emails per
month. Then i would analyze the records and decide about warning him
about the sittuation and finally possibly cutting him of. We often do
such things to our bussiness customers - if they send tons of spam
using our ip addrs we can cut them off  after 2 warnings (in Poland
sending spam is a crime) .


Reply to: