spam avoidance (was Re: cpu speed problem)

Tony Nelson tonynelson at georgeanelson.com
Mon Jul 30 20:11:32 UTC 2007


At 8:25 PM +0930 7/30/07, Tim wrote:
>On Mon, 2007-07-30 at 11:25 +0100, Andy Green wrote:
>> I found this to be really effective for over a year now:
>>
>>  - greylisting (I use gps + sqlite)
>
>I'm not enamoured of greylisting, though that might be down to the poor
>implementations of it that've held my mail up for hours, rather than
>greylisting in itself.

I'm not sure about greylisting either, but AIUI, the usual holdup is from
the sending MTA's retry interval, which for sendmail seems to default to 1
hour.  An MTA with exponential backoff might well be worse.

I mostly notice greylisting with recipients I don't send mail to often.


>>  - tight rules on postfix:
>>
>>     - insist that the server has reverse DNS
>
>Not all do, nor do they really have to, even if it's a damn good idea.
>This could be a problem.

Every server should have rDNS, not just MTAs.  RDNS might not map to the
server's FQDN.  The MTA's FQDN should be real.  Currently I'm trying
insisting that the hello name resolve in DNS for external connections.

I also prohibit relaying through dynamic IPs, by requiring the envelope
sender domain for connections whose rDNS looks dynamic resolve to the
connect address.  That seems to work well, rejecting about 95% of the
messages (with no obvious false positives, judging by the subject lines).


>>     - insist that the recipient user actually exists (end of most
>> virus mails)
>
>Does it also reject if the message has more than one recipient, and
>they're not all real users?
>
>I put a bait address into a HTML comment on my website, anything that
>spammed that (along with any other address) got trashed.  No real user
>would have seen the bait, but HTML trawlers would.  I could kill that
>mail with 100% certainty.

Hmm.  AFAIK, sendmail only rejects the recipients that don't exist, and
allows the others through.  Bait seems like a good idea, and could be
easily implemented in the milter I use, but as most incoming spams have
only a single recipient I don't think it would help much.
-- 
____________________________________________________________________
TonyN.:'                       <mailto:tonynelson at georgeanelson.com>
      '                              <http://www.georgeanelson.com/>




More information about the users mailing list