[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: spews Was: seeking input on rbls and anti-spam measures

On Thu, 6 Mar 2003 10:26, Miroslav Zervan wrote:
> <snip>
> Neither I nor any of my users know anybody
> from cz, and the only email I would ever get from there is spam. I put
> those blocks up in response to spam received. And I see daily rejects
> as a result of them (including relay attempts). None of this is desired
> traffic, and I can't see that it will ever change.
> </snip>
> I can't figure out how can someone judge if it is "desired" traffic, if
> server drop SMPT before reading content?

It is possible to configure a mail server to wait until after the "mail from:" 
and "rcpt to:" phases of the SMTP protocol are complete before dropping the 
connection.  When "mail from:" contains hot-sexy-babes@nodomain.com then you 
can be pretty sure it's spam.  Also relay attempts are easy to spot, along 
with email to fake addresses at your domain.

Spews are a bit radical.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page
Reply to: