Re: Virus emails
On Mon, Sep 22, 2003 at 04:53:16PM +0200, Matthias Urlichs wrote:
> Hi, Mike Hommey wrote:
> > helps catching 95%... But the bandwidth is still used... I'm still looking for
> > a pure MTA solution...
> A pure MTA solution would still need to scan the body and thus would still
> eat your bandwidth.
So I noticed. Very few (only 2-3 out of about 500/day for about 5 days
now) actually managed to get past my bogofilter+SA setup, but it's using
up a lot of bandwidth. I'd hate to have to pay for wasted bandwidth.
> The list of hardware required to stop this spam unfortunately seems to
> include a time machine.
I've resorted to blocking port 25 to subnets from which these spams
originate. Currently I have about 45 subnets (/24 and a few /16) on my
blacklist, and so far 409 connections have been dropped. This is only
since 2pm today.
The problem with this is that you have to hand-pick subnets to prevent
inadvertently blocking legitimate mails. I hate to be spending so much
time on this, but I really can't see myself paying for extra bandwidth
caused by this spam. It's sorta a last-resort thing. Unfortunately, this
is not a safe thing to do on the Debian mailing list servers.
Long, long ago, the ancient Chinese invented a device that lets them see
through walls. It was called the "window".