[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Possible anti-spam reject host

On Sat, Jun 01, 2002 at 10:07:13AM -0700, Walter Reed wrote:
| On Sat, Jun 01, 2002 at 12:00:39AM -0500, dman wrote:
| <snip snip>
| > No.  Only if they choose to.  They _could_ be checking an "inputs" RBL
| > and denying them the ability to abuse the swbell system like that.
| > 
| > | I have a whole sh*t pot full of filter defs.
| > 
| > Spamassassin is much more effective than that.
| SA is great in addition to MTA level access lists / RBL's.
| The problem with SA alone is that spam still wastes my bandwidth. I
| get so much spam that my bandwidth would suffer if I didn't use
| RBL's and local access lists. I need to stop them before they body
| is sent. SA can't do that.


| Generating a 550 after you receive the entire email is kinda
| pointless except for the additional burden it puts on the clueless
| sysadmins running open relays / proxies.

The point is the situation where you get a false-positive.  Do you
really want to drop them on the floor?  If not, then sending a bounce
back to the sender is necessary.  If you send a bounce back for every
"spam" message, you'll be stuck with lots of undeliverable bounces.
Since that's no fun, you can instead stick that burden on the upstream
MTA.  The other option is to deliver all the spam (in case there's a
false-postive), and that still wastes your bandwidth and defeats much
of the purpose.

| There is also the issue of MTA's that don't respect a 550 after DATA
| so they keep pounding you with mail over and over. I don't need that
| crap.

Yeah, some of them are crap.
| Then you have companies like etracks, monsterhut, outblaze, etc.
| that are PURE spam houses.  I see no reason to accept any traffic
| from them at all. From my logs, it's clear that they don't respect
| the fact that all users they attempt are undeliverable.  Outblaze
| for example has been pounding my mail server about 20 times per day
| for over a year, and I have not been able to get any response from
| their abuse / support staff.

Certainly the earlier you can reject the junk the better, but SA is
really quite effective in tagging spam, and can be plugged in before
you've accepted responsibility for the message.
| The bottom line is that people that run open relays are a very large
| part of the spam problem. If they can't take the time to secure
| their systems, I can't be bothered to accept mail from them.

One additional check you can add (at RCPT time) is a callout to see
whether or not the sender address is reachable.  If there is no server
or the server doesn't accept mail for that sender you can reject it
right there.

| Spam is not new. Everyone knows it's a problem.  There is no excuse
| anymore to be ignorant.

I recently learned something about open relays.  Installing anti-virus
software (eg Norton) on your MS server (that isn't an open relay) can
turn it into an open relay.  :-).  Nice of them, isn't it?



(E)ventually (M)allocs (A)ll (C)omputer (S)torage
GnuPG key : http://dman.ddts.net/~dman/public_key.gpg

Attachment: pgpXiG0UoIBMP.pgp
Description: PGP signature

Reply to: