smtp time spam filtering (was: How does Cron send email?)

To: debian-user@lists.debian.org
Subject: smtp time spam filtering (was: How does Cron send email?)
From: David Hart <debian@tonix.org>
Date: Thu, 22 Feb 2007 16:38:08 +0000
Message-id: <[🔎] 20070222163808.GD4332@yan.jynn.tonix.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 1172158414.28933.27.camel@princess.gregfolkert.net>
References: <[🔎] 45DCE3E4.90103@gmail.com> <[🔎] 45DCE50F.9000001@meetinghouse.net> <[🔎] 45DCE978.8020308@gmail.com> <[🔎] 200702211604.37344.joshua@eeinternet.com> <[🔎] 45DCF5C4.3010401@gmail.com> <[🔎] erk5ep$8p0$1$8302bc10@news.demon.co.uk> <[🔎] 1172158414.28933.27.camel@princess.gregfolkert.net>

On Thu 2007-02-22 10:33:34 -0500 Greg Folkert wrote:
> 
> The real problem I see now, is SPAM zombies delivering mail to the ISP
> mail server, then it becomes RFC-822 compliant. I fix that by slowing
> down the conversation in the beginning by using SA-Exim which scan for
> SPAM on SMTP time. If it detects SPAM, it rejects... or then drops if
> the sending server doesn't comply with the conversation rules.

If ISPs are allowing much spam through their servers then they're
going to get blacklisted pretty quickly.  Most spam I've sampled lately
appears to come directly from compromised end user boxes and the rest I
haven't been able to identify.

I can't see any advantage in scanning during smtp connect time.
By the time you've got the DATA you've used up the bandwidth and might
as well accept it.  It also doesn't scale well at the receiving end
and hurts the good guys at the sending end by keeping the connection
open for longer.

> Again, I know I am breaking RFC compliance by rejecting at SMTP time.
> Once again though, I have reduced my traffic a hundred fold, from SPAM.

What RFC is it breaking?  Not that I really care.  If it's my server
I'll accept or reject mail from whoever I want to.  I do keep postmaster
open though, for any problems.

> Yes, I also know I use my e-mail address publicly and scraper-bots find
> my e-mail all the time. I just deal with the SPAM.

That's my attitude too.  I have always refused to obfuscate my email
address.  Doing so would feel too much like giving in.

> My last problem is how-to whitelist murphy.debian.org, but still reject
> SPAM that gets through the Debian SPAM traps... I used to not whitelist
> murphy, but that got me auto-unsub'd from (most) Debian lists I
> subscribe to, for "bouncing" the SPAM.

This is an example of hurting the good guys.  I think once you've
got past the RCPT TO: you might just as well accept the email and
deal with it later.

> I guess it is a fine, fine line.

We have to deal with the world as we find it, not as we'd like it to be.

-- 
David Hart <debian@tonix.org>

Reply to:

Follow-Ups:
- Re: smtp time spam filtering
  - From: Greg Folkert <greg@gregfolkert.net>

References:
- How does Cron send email?
  - From: Grok Mogger <linuximp@gmail.com>
- Re: How does Cron send email?
  - From: Miles Fidelman <mfidelman@meetinghouse.net>
- Re: How does Cron send email?
  - From: Grok Mogger <linuximp@gmail.com>
- Re: How does Cron send email?
  - From: "Joshua J. Kugler" <joshua@eeinternet.com>
- Re: How does Cron send email?
  - From: Grok Mogger <linuximp@gmail.com>
- Re: How does Cron send email?
  - From: Joe <joe@jretrading.com>
- Re: How does Cron send email?
  - From: Greg Folkert <greg@gregfolkert.net>

Prev by Date: Re: autostart applications
Next by Date: ALSA + ac97 + Logitech v10?
Previous by thread: Re: How does Cron send email?
Next by thread: Re: smtp time spam filtering
Index(es):
- Date
- Thread