Re: spews Was: seeking input on rbls and anti-spam measures
On Thu, 6 Mar 2003 10:26, Miroslav Zervan wrote:
> <snip>
> Neither I nor any of my users know anybody
> from cz, and the only email I would ever get from there is spam. I put
> those blocks up in response to spam received. And I see daily rejects
> as a result of them (including relay attempts). None of this is desired
> traffic, and I can't see that it will ever change.
> </snip>
> I can't figure out how can someone judge if it is "desired" traffic, if
> server drop SMPT before reading content?
It is possible to configure a mail server to wait until after the "mail from:"
and "rcpt to:" phases of the SMTP protocol are complete before dropping the
connection. When "mail from:" contains hot-sexy-babes@nodomain.com then you
can be pretty sure it's spam. Also relay attempts are easy to spot, along
with email to fake addresses at your domain.
Spews are a bit radical.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: