Re: Blocking spam by IP number
On Fri, 15 Aug 1997, Remco van de Meent wrote:
> On Fri, 15 Aug 1997, Craig Sanders wrote:
>
> : that's one of the reasons i prefer packet filtering to
> : tcp-wrappers. block it out in the kernel before it gets to the
> : application level.
>
> Hmm.. I don't agree with you on your last sentence. Why should the
> kernel take care of something which has absolutely nothing to do with
> the kernel itself?
because some sites/networks send nothing but spam....so it's simpler,
faster, and less cpu/disk/memory load to just block their packets.
packet filtering with firewall rules does the same thing as tcp
wrappers, but it works regardless of which MTA is in use.
For other sites, spam-filtering in the MTA and/or delivery agent (e.g.
using procmail's system-wide /etc/procmailrc) is more appropriate.
> Blocking mail is something that, imho, the MTA should do. That is, the
> MTA handles 'mail', like the kernel handles 'packets'. And the spam is
> in the 'mail', not in the 'packets'. Do you understand what I mean?
yes, i certainly understand what you mean. i also understand that there
are scumbags out there who have paid for net connections with the sole
purpose of sending junk mail. i don't want to ever receive any email
from these vermin, and i want my system to waste as little time as
possible processing their garbage.
> : can any of the MTAs reject mail based on arbitrary headers? or even just
> : the To: header (e.g. "To: friend@public.com")?
>
> Nope. At least none I'm aware of.
>
> : I know i can do this easily enough with procmail (in fact, I do), but
> : IMO this is a job for the mail transfer agent, not the delivery agent.
>
> I don't have an opinion on this.
I'd like to have it done in the MTA so that I am not tied to procmail (or
any delivery agent, for that matter).
I use something like the following in /etc/procmailrc to catch most junkmail
which slips through my packet filtering and sendmail envelope filtering:
VERBOSE=OFF
LOGFILE=/root/Mail/from-all
LOCKFILE=$HOME/.lockmail
# marketing dickheads think that people are impressed by
# "personalisation" like 'friend@public.com'.
:0
* ^TO.*friend@public.com
/root/Mail/probable.junkmail
:0 E
* ^TO.*@free4u2.com
/root/Mail/probable.junkmail
# X-UID and X-UIDL seem to only occur on spam messages, so block
# any message containing them.
:0 E
* ^X-UID:
/root/Mail/probable.junkmail
:0 E
* ^X-UIDL:
/root/Mail/probable.junkmail
# some junkmailers are starting to use an X-Advertisement header.
# i wish they'd all do it...makes filtering out spam a bit easier.
:0 E
* ^X-Advertisement:
/root/Mail/probable.junkmail
Anything which gets through this is caught in my personal ~/.procmailrc.
DEFAULT=$HOME/mail/potential-junkmail
in ~/.procmailrc delivers all mail which isn't caught by a rule to my
potential-junkmail folder. I have rules to sort mail into different folders
according to mailing list, to address, from address, subject, and other
rules.
I also have a final rule which delivers mail directly addressed to me to
/var/spool/mail/cas - anything not sent to one of my known mailing lists
and not sent to me personally is probably junkmail. I could just send
it to /dev/null instead of ~/mail/potential-junkmail but occasionally i
get BCC-ed legitimate mail which i don't want to lose.
--
craig sanders
networking consultant Available for casual or contract
temporary autonomous zone system administration tasks.
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: