[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: spam sent to debian.org addresses

Matt Zimmerman wrote:
> Adrian 'Dagurashibanipal' von Bidder wrote:
> > A big part of the spam can be trivially blocked at the point where
> > it enters the Debian servers, using DNSRBLs and other sensible
> > restrictions. When it enters my mailer, it can not be trivially
> > blocked as it comes from murphy.debian.org which is a mail server I
> > want to accept mail from.
> A lot of legitimate mail can be trivially blocked this way, as well,
> which is why it doesn't make sense to drop it on the server side.

My solution to this problem is to temporary reject the message but also
keep a cookie identifing it.  If the message is still being retried
after a certain amount of time (e.g. 24 hours) then it is allowed.

This technique has been very effective for me.  A lot of spam is sent
directly and is not retried.  Open relays are often fixed before the
time is reached.  Spammers that connect directly cannot keep retrying
for a long time.  They need to hit and run otherwise the IP address they
are using will be blackholed.


Reply to: