On Wed, 2004-07-21 at 20:21, Craig White wrote: > > > > And I agree with you that the majority of the spam comes from > > compromised zombie windows clients. I recently setup greylisting on the > > mail server and this alone reduced spam by 98 to 99% (was 2000 to 6000 > > spam messages a day and now we get 3 to 8 spam messages a day). > > Greylisting works by telling the remote MTA that there is a temporary > > error (451). A real MTA will wait a few minutes and try to connect > > again. Virtually all the zombie machines out there are not that smart, > > they get an error and just move on and don't retry. Amazingly quiet on > > the email server now. :) > ---- > why is it that I feel this is only a temporary fix? > > ;-( > > Craig Ah! If/when they change their mode of operation you combine this with a realtime block list. The idea being that when a new system starts spamming it will hit you where you delay delivery. Then it moves on and sends a spam to one of the many spam traps on the Internet which reports the spam and adds that address to a realtime block list (rbl). Once your time out has expired and the spammer comes back around to deliver that message your system checks the rbl which has it listed and you deny delivery at that point. The only downside is the amount of time email will be delayed. But for a fairly simple system that can virtually eliminate almost all spam I think it will be very effective. -- Scot L. Harris webid@xxxxxxxxxx Newlan's Truism: An "acceptable" level of unemployment means that the government economist to whom it is acceptable still has a job.