Re: spam avoidance (was Re: cpu speed problem)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Somebody in the thread at some point said:
> On Mon, 2007-07-30 at 11:25 +0100, Andy Green wrote:
>> I found this to be really effective for over a year now:
>>
>>  - greylisting (I use gps + sqlite)
> 
> I'm not enamoured of greylisting, though that might be down to the poor
> implementations of it that've held my mail up for hours, rather than
> greylisting in itself.

The first time you get mail from someone it will hold it up for some
minutes, and then for as long as it takes the other server to retry,
usually some hours.  After that, the sender/server/recipient triplet is
held in a sqlite database whitelist automatically, so there is no delay.

>>  - Spamhaus RBL lookup (IPs that are detected by Spamhaus as sending
>> spam to their fake emails get blacklisted here)
> 
> Do they get false positives added by malicious people?  One of my hosts
> uses a RBL system, but I don't think it's spamhaus.

They don't specify their fake email addresses and don't accept external
recommendations for the blacklist.

>>  - tight rules on postfix:
>>
>>     - insist that the server has reverse DNS
> 
> Not all do, nor do they really have to, even if it's a damn good idea.
> This could be a problem.

As I said I've had over a year to assess what this set of rules performs
like: I had to whitelist only two real servers in that time to work
around the rules.  That's fine by me.  I didn't see any false positives
from the blackhole either, although I guess you wouldn't.

>>     - insist that the recipient user actually exists (end of most
>> virus mails)
> 
> Does it also reject if the message has more than one recipient, and
> they're not all real users?

It rejects the whole mail if any of the recipients are not valid users
on my mailserver.

> I put a bait address into a HTML comment on my website, anything that
> spammed that (along with any other address) got trashed.  No real user
> would have seen the bait, but HTML trawlers would.  I could kill that
> mail with 100% certainty.

That's what the Spamhaus blackhole list is doing, except they publish
their "winners" by a faked up DNS server.

-Andy


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux