From: "Genes MailLists" <lists@xxxxxxxxxxxx>
Sent: Sunday, 2010/June/27 19:08
> On 06/27/2010 09:47 PM, Tim wrote:
>> On Sun, 2010-06-27 at 14:08 -0400, Genes MailLists wrote:
>>> So if you're gonna gray list - please whitelist all the standard ISP
>>> outbound mx hosts ...
>>
>> That's gotta be a huge list. And won't some of them be spam sources,
>> anyway?
>>
>
> Not huge at all - I'm doing this for the outbound MX's of trusted mail
> senders. Google uses about 2,700 outbound .. they are all readily
> available. So we're talking a few thousand hosts.
>
> And not doing this only causes a 3 second delay anyway.
>
> Your question if gmail official hosts sends spam - even if it does,
> the greet pause is not going to help in this case anyway - because gmail
> servers follow the correct smtp protocols.
>
> Spammer machines often dont - they send out the mail and ignore all
> protocols - that why greet pause is so effective.
>
> This splat-with-no wait is classic of spammers - e.g. a pc bot - they
> program them to send the header, send the body. close. This kind of bot
> will not get through the greet pause delay.
Gene, Ed mentioned this and I will, too. The "DUH", the really serious
"DUH" here, is that you do not realize that it is REALLY easy to forge
most of the lines of the email header. All the lines you normally see
with the "Received" headers hidden can be forged and are routinely
forged.
This is why blocking yahoo or google or earthlink for that matter is
foolish. It won't help nearly as much as you think AND you may miss
important and informative emails doing so. It's your call. But you had
best know exactly what you are doing.
And if you are going to "bounce" spam "back to the sender" note that
this is something you cannot recover from the headers if "Reply-to: "
and "Sender: " are forged. You WILL get installed in permanent block
lists for that one. (I have a half dozen such <censoreds> in my procmail
rules before the messages even get to SpamAssassin. Procmail can be told
to drop an email on the floor by delivering it to /dev/null. SpamAssassin
NEVER deletes email. It simply tags it with a score along with some
optional additional metadata that can help diagnosing what SpamAssassin
is doing for you.)
SpamAssassin tracks back the Received headers and deals with them.
Greylisting simply inserts a retry delay in the message loop. (Hey,
senderthatIdon'tknow, I'm too busy just at the moment, please try
again in half an hour.) Most of the time that kills spam dead leaving
little for SpamAssassin to do. SA plus greylisting is a very powerful
setup. SpamAssassin alone can be very powerful, too. As I have it tuned
at the moment "it's good enough" with maybe one message a week I want
(out of as many as 10000) is mismarked as spam, spam is all marked
according to scores, and about one spam email a week escapes being marked
as spam. It's even really easy to cull my spam mailbox that way.
AND nowhere in there is a blanket block to anybody, even sapience.com.
I do have a fair number of specifically whitelisted people since some topics
tend to trigger the Bayes filter in SpamAssassin.
{^_^}
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
