> > Here is what I do, for a mail environment of about 5000 users,
> > using MIMEDefang and SpamAssassin:
> >
> > * Reject any SMTP connection where the relay forges the HELO statement
> > with one of my domains
>
> what's your mta and if sendmail, how do you do that?
It is sendmail, and I enable milter and use it. We used to run HPUX and I was using a milter called spamass-milter, a single C++ program, to interface sendmail with SpamAss. It could not handle our load. I switched to linux on intel and dumped that milter for MimeDefang, and our MTAs haven't even hiccuped since.
Last time I looked the milter APIs in sendmail were considered unsupported but they seem to work really really well.
[...]
> > * Use a greylist of "troublesome domains" to reject spam based on a
> > forged address. Since spammers love to forge aol.com, hotmail.com,
> > yahoo.com, etc. as the sender, I check those senders' relays to
> > reverse-resolve to the right domain. This catches a lot of spam
> > but it also breaks all those sites that have "forward this to a
> > friend by email" if the person gives it a source address in my
> > greylist (since those sites basically forge the mail). Since this
> > is a prime method to collect addresses for spamming list, I don't
> > feel bad about discouraging this behavior.
>
> code?
I'll send you a copy offlist of our mimedefang-filter that performs all the above checks.
[snip]
Matt
-- PGP RSA Key ID: 0x1F6A4471 aim: beyondzero123 PGP DH/DSS Key ID: 0xAFF35DF2 icq: 120941588 http://blogdayafternoon.com yahoo msg: beyondzero123
My top-level question about Sept. 11 is, do we really want to live in a world in which U.S. intelligence can detect every half-million-dollar, 20-person, two-year activity?
-Whitfield Diffie