[lbo-talk] spam subjects

Matt lbo at beyondzero.net
Wed Jun 18 06:58:59 PDT 2003


On Tue, Jun 17, 2003 at 04:26:49PM -0500, budge wrote:


> > Here is what I do, for a mail environment of about 5000 users,
> > using MIMEDefang and SpamAssassin:
> >
> > * Reject any SMTP connection where the relay forges the HELO statement
> > with one of my domains
>
> what's your mta and if sendmail, how do you do that?

It is sendmail, and I enable milter and use it. We used to run HPUX and I was using a milter called spamass-milter, a single C++ program, to interface sendmail with SpamAss. It could not handle our load. I switched to linux on intel and dumped that milter for MimeDefang, and our MTAs haven't even hiccuped since.

Last time I looked the milter APIs in sendmail were considered unsupported but they seem to work really really well.

[...]


> > * Use a greylist of "troublesome domains" to reject spam based on a
> > forged address. Since spammers love to forge aol.com, hotmail.com,
> > yahoo.com, etc. as the sender, I check those senders' relays to
> > reverse-resolve to the right domain. This catches a lot of spam
> > but it also breaks all those sites that have "forward this to a
> > friend by email" if the person gives it a source address in my
> > greylist (since those sites basically forge the mail). Since this
> > is a prime method to collect addresses for spamming list, I don't
> > feel bad about discouraging this behavior.
>
> code?

I'll send you a copy offlist of our mimedefang-filter that performs all the above checks.

[snip]

Matt

-- PGP RSA Key ID: 0x1F6A4471 aim: beyondzero123 PGP DH/DSS Key ID: 0xAFF35DF2 icq: 120941588 http://blogdayafternoon.com yahoo msg: beyondzero123

My top-level question about Sept. 11 is, do we really want to live in a world in which U.S. intelligence can detect every half-million-dollar, 20-person, two-year activity?

-Whitfield Diffie



More information about the lbo-talk mailing list