sendmail issue.

Scot L. Harris webid at cfl.rr.com
Thu Jul 22 00:35:57 UTC 2004


On Wed, 2004-07-21 at 20:21, Craig White wrote:

> > 
> > And I agree with you that the majority of the spam comes from
> > compromised zombie windows clients.  I recently setup greylisting on the
> > mail server and this alone reduced spam by 98 to 99% (was 2000 to 6000
> > spam messages a day and now we get 3 to 8 spam messages a day). 
> > Greylisting works by telling the remote MTA that there is a temporary
> > error (451).  A real MTA will wait a few minutes and try to connect
> > again.  Virtually all the zombie machines out there are not that smart,
> > they get an error and just move on and don't retry.  Amazingly quiet on
> > the email server now.  :)
> ----
> why is it that I feel this is only a temporary fix?
> 
> ;-(
> 
> Craig

Ah!  If/when they change their mode of operation you combine this with a
realtime block list.  The idea being that when a new system starts
spamming it will hit you where you delay delivery.  Then it moves on and
sends a spam to one of the many spam traps on the Internet which reports
the spam and adds that address to a realtime block list (rbl).  Once
your time out has expired and the spammer comes back around to deliver
that message your system checks the rbl which has it listed and you deny
delivery at that point.  

The only downside is the amount of time email will be delayed.  But for
a fairly simple system that can virtually eliminate almost all spam I
think it will be very effective.
-- 
Scot L. Harris
webid at cfl.rr.com

Newlan's Truism:
	An "acceptable" level of unemployment means that the 
	government economist to whom it is acceptable still has a job. 





More information about the users mailing list