Re: spam sent to debian.org addresses
Matt Zimmerman wrote:
> Adrian 'Dagurashibanipal' von Bidder wrote:
> > A big part of the spam can be trivially blocked at the point where
> > it enters the Debian servers, using DNSRBLs and other sensible
> > restrictions. When it enters my mailer, it can not be trivially
> > blocked as it comes from murphy.debian.org which is a mail server I
> > want to accept mail from.
> A lot of legitimate mail can be trivially blocked this way, as well,
> which is why it doesn't make sense to drop it on the server side.
My solution to this problem is to temporary reject the message but also
keep a cookie identifing it. If the message is still being retried
after a certain amount of time (e.g. 24 hours) then it is allowed.
This technique has been very effective for me. A lot of spam is sent
directly and is not retried. Open relays are often fixed before the
time is reached. Spammers that connect directly cannot keep retrying
for a long time. They need to hit and run otherwise the IP address they
are using will be blackholed.