|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Spam Elimination
|
On Thursday 20 January 2005 2:17 am, Doug Crompton wrote:
> I am curious what methods others are using to fight spam? I have been
> using SpamAssassin for a few years and I got tired of actually accepting
> this junk rather then rejecting it. I recently set up spam filtering rules
> in sendmail - access.db using spamlist.org, also my own local additions
> and also dnsbl's - abuseat.org and relays.orbs.org and some custom rules I
> found to enhance access.db lookup.
I'm using postfix, not sendmail, so I don't know if any of this helps:
- I'm getting about 14,000 dictionary attack spam a day. I have the global
account turned off, but I also keep a list of all the addresses used
(periodially generated from the logs) so that any mail to those addresses can
be dropped at the initial phase (and doesn't eat CPU going through
spamassassin, or bandwidth actually accepting the mail for processing).
- Greylisting. The server sends a temporary delivery error on the first
attempt from any machine-from-to triplet, and lets any that is resent after a
few minutes through. As most of the spambots aren't running through real
mailservers that retry mails, this blocks most of the spam but not anything
coming from a legitmate server (with the exception of yahoo, which sends
listmail out with unique bounce addresses every time, so they have to be
whitelisted). This has reduced inbound spam significantly. (At least with
postfix, it's in the auth phase, so it's not even checking headers, so much
lower bandwidth usage).
- Amavisd with spamassassin, (version 3, makes quite a diffference; with a
subset of rules-je-jour) and razor. Razor gets a lot of it. That generally
takes care of most of the rest. I've gone from a few hundred spam a day to
live addresses, half of which got through the filters, to maybe one a week
getting through.
- I'm also not getting any false positives at this point.
> My real reason in sending this is to ask if anyone has lists they would
> like to share, especially of domain blocks. I am currrently blocking a lot
> of the world outside of the US and my list is growing!
I don't use any DNS blocks (though I do have spamassassin set up to use
content-based domain black holes - which hits a significant fraction of the
spam).
> I also actively send abuse messages to mostly US ISP's that I don't block
> after looking at headers. I am not sure how much good that does but I like
> doing it!
I've never gotten a response from doing such. Does anyone know if it makes any
difference at all?
> I firmly believe that the way to eliminate this crap is to NOT accept it
> rather then accept it, test it, and then dump it. As long as we accept it
> it will keep coming!
That's where greylisting makes a big difference.
--
"If you're never scared, you're not trying."
- Llewellyn (www.ozyandmillie.org/2003/om20030124.html)
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|