Re: spam avoidance (was Re: cpu speed problem)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At 8:25 PM +0930 7/30/07, Tim wrote:
>On Mon, 2007-07-30 at 11:25 +0100, Andy Green wrote:
>> I found this to be really effective for over a year now:
>>
>>  - greylisting (I use gps + sqlite)
>
>I'm not enamoured of greylisting, though that might be down to the poor
>implementations of it that've held my mail up for hours, rather than
>greylisting in itself.

I'm not sure about greylisting either, but AIUI, the usual holdup is from
the sending MTA's retry interval, which for sendmail seems to default to 1
hour.  An MTA with exponential backoff might well be worse.

I mostly notice greylisting with recipients I don't send mail to often.


>>  - tight rules on postfix:
>>
>>     - insist that the server has reverse DNS
>
>Not all do, nor do they really have to, even if it's a damn good idea.
>This could be a problem.

Every server should have rDNS, not just MTAs.  RDNS might not map to the
server's FQDN.  The MTA's FQDN should be real.  Currently I'm trying
insisting that the hello name resolve in DNS for external connections.

I also prohibit relaying through dynamic IPs, by requiring the envelope
sender domain for connections whose rDNS looks dynamic resolve to the
connect address.  That seems to work well, rejecting about 95% of the
messages (with no obvious false positives, judging by the subject lines).


>>     - insist that the recipient user actually exists (end of most
>> virus mails)
>
>Does it also reject if the message has more than one recipient, and
>they're not all real users?
>
>I put a bait address into a HTML comment on my website, anything that
>spammed that (along with any other address) got trashed.  No real user
>would have seen the bait, but HTML trawlers would.  I could kill that
>mail with 100% certainty.

Hmm.  AFAIK, sendmail only rejects the recipients that don't exist, and
allows the others through.  Bait seems like a good idea, and could be
easily implemented in the milter I use, but as most incoming spams have
only a single recipient I don't think it would help much.
-- 
____________________________________________________________________
TonyN.:'                       <mailto:tonynelson@xxxxxxxxxxxxxxxxx>
      '                              <http://www.georgeanelson.com/>

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux