State of the art spam control?

Taavi Burns jaaaarel-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Thu Jan 12 16:28:26 UTC 2006


On 1/9/06, Fraser Campbell <fraser-eicrhRFjby5dCsDujFhwbypxlwaOVQ5f at public.gmane.org> wrote:
> For the past few years I have been using TMDA and I have been very happy
> with it (perhaps 20 pieces of non-mailing-list spam in that time).  I
> have had no complaints from people emailing me just the odd person who
> was not in my whitelist being confused by my verification message.
...
> Last night (23:30) I finally disabled TMDA, by 06:30 I already had 54
> pieces of spam.
>
> I rather like the idea of an anti-spam solution that rejects mail during
> SMTP transaction.  I'm not happy with the idea of any system that
> directs mail to /dev/null or even a folder that I will never read ... if
> I am not going to read it I'd like that to be explicit by issuing an
> SMTP reject, that way any unfortunate sender who gets blocked will know.
> I'm open to differing opinions on this though ...

I've been using greylist for a while now, and it seems to work pretty
well.  The greylist scheme is:
* The first time address A sends mail from IP B to address C, it is
rejected with a temporary failure.
* If A tries again form B to C within a certain timeframe (there is a
minimum and maximum time limit, configurable), then the mail is
accepted.

Most spammers will try to send mail once, and then never again (at
least, not with the same source address).  I get a spam or two every
few days.  Maybe a spam or two a week?  It's now completely
unobtrusive to my inbox.

It can have the same problem as TMDA where automated messages get
caught, but only when they do not retry, or when they retry from a
different address every time.  Systems such as gmail and yahoo are
susceptible to this, but it's straightforward to add google and yahoo
(and others) to your whitelist.

I suggest monitoring the greylist list ("greylist list --grey") for
the first few weeks to determine if anyone is being caught by changing
mail server IPs.  I also do that when I don't receive a confirmation
as quickly as I'd expect.  Most mailservers will retry in a few
minutes for the first few retries, and then less often for a few days.
 The worst outcome is that someone's mail (hopefully) gets returned as
undeliverable due to recurring errors, at which point you'd hope that
they'd try to contact you some other way.  The temporary failure
message may even explain that greylist is in use.  I've never
checked...

The package I use is for debian an exim4, but there may be similar
packages for postfix.

http://packages.debian.org/greylistd

--
taa
/*eof*/
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list