On Mon, 2005-04-04 at 16:17 -0400, Scot L. Harris wrote: > On Mon, 2005-04-04 at 15:34, David Hoffman wrote: > But I don't understand your last sentence. Not sure if you are talking > about the recipient of a TMDA message or the user that implemented it? > > Either way you can achieve similar results that reduce spam by 99%+ by > using greylisting and spamassassin with a well trained bayes database > which does not require the sender to do anything new or different. Yes, > at some point the spammers can start retrying messages to get around > greylisting but they have not done so yet and when they do it will cost > them more to maintain the list of messages to retry, consuming more > resources on the bots they are using, making it more likely that they > will be discovered. It also slows down the delivery of more spam to > someone else since they now need to send the message at least twice > possibly more than that. > > Because of this I don't think the spammers will change anytime soon as > it will start costing them to much to send spam, which is the basic > idea. > > And if they do start retrying messages in large numbers greylisting can > utilize various RBLs which will most likely catch such spammers during > the wait period and the next time they come in you reject their messages > due to the RBLs that were populated from spam collectors. ---- FWIW - RBL's sometimes blacklist rather idiotically and cause issues and it can be hard to get off the lists once on it. That said though, I agree with your thoughts on RBL's We have been having a rather interesting discussion on CentOS mail list - I will take credit for starting the thread called 'Postfix tightening' and what I thought seemed to be a rather simple question turned into a real eye opening experience for me as I have found postfix to be an extremely granular system - much more configurable and comprehendible than sendmail and I'm actually starting to wonder if I am needing greylisting at all in a setup that includes MailScanner, Clamav, SpamAssassin and a well planned set of rules within Postfix. The thing that opened my eyes is the amazing amount of qualifications that you can put into smtp-accept/reject within postfix itself. My disillusionment with greylisting came last week when I had to explain to a fairly important end user why a particular person couldn't get an email through...search the logs I found that this person tried 3 times on 3 separate occasions to send her an email. Evidently the smtp server doesn't accept the mail for delivery until the end point accepts the mail and she got a tempfail (450) and gave up each time. Her system gave her a different smtp server each time so each attempt was separately greylisted for 1 minute and each time, she gave up before the 1 minute passed. Though I have installed greylisting on a number of systems that I handle for my clients, I am seriously watching the impact - and fine tuning the rule sets in Postfix and will probably turn off greylisting at some point to see if it ultimately makes a difference. My thinking is that the RBL's and an expansive use of Postfix rules will pick off the same low hanging fruit that greylisting handles. As for bayes training - I'm not convinced that users are going to actively participate and I'm struggling to find a way that is simple enough for them. ---- > > The problem is solvable. Of course the best solution is to hunt down > the few people that actually buy stuff from the spam email and take > their computers away and have all ISP's ban them for life. Then there > will be no reason for spam anymore. :) ---- it's simply not possible to idiot proof things. The problem is ALWAYS gonna be - that some people don't inherently distrust things in their mailbox - why should they? It is probably their nature to trust things. For example - many of the phishing schemes have an official looking email from a bank, completely with logos and reasonable looking email address. PT Barnum was a man ahead of his time. Craig
