Re: Defeating SPAM Using Debian
Boyd Stephen Smith Jr. wrote:
New blog post that might be useful for some out there:
<http://iguanasuicide.net/node/13>.
It's got some very specific configurations, so it might even help those out
there that already have a solution like this.
Feedback is *encouraged*. Of course, comments would be great, but the site is
a bit looked down due to comment SPAM[1]. If you don't want to sign up to
leave comments, shoot me an email on-list or off. I'm nearly always checking
my email. >:)
[1] Is that irony?
I use only exim4 without content checking, and the mail client. I get
typically 2000-5000 attempted SMTP connections a day (of which about 100
are genuine, mostly mailing lists), and an average of about a dozen
spams a week make it into the inbox. Icedove spots at least 80% of those.
Reverse DNS lookup is the best single measure, enabled by default in
Debian. I also look for a matching PTR-A record pair, refuse a (by now)
quite large collection of CIDR blocks and do some tests on PTR and HELO
strings. I refuse about fifteen countries, a couple of large national
ISPs by name (they have many CIDR blocks) and try to spot dynamic
PTR/HELO strings by digit pattern. I also block a large fraction of
APNIC at the firewall, but unfortunately it is continuously acquiring
many small CIDR blocks from other regions' former allocations.
Spam that does make it into the inbox is saved up, and I spend about a
minute a day looking up their CIDR blocks and adding them to my list.
Unfortunately, that's not easy to automate due to the wide variation in
material returned by whois.
--
Joe
Reply to: