From owner-freebsd-questions@FreeBSD.ORG  Tue Apr 27 21:42:56 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DC31F106564A
	for <freebsd-questions@freebsd.org>;
	Tue, 27 Apr 2010 21:42:56 +0000 (UTC)
	(envelope-from john@starfire.mn.org)
Received: from elwood.starfire.mn.org (starfire.skypoint.net [173.8.102.29])
	by mx1.freebsd.org (Postfix) with ESMTP id A7D3D8FC08
	for <freebsd-questions@freebsd.org>;
	Tue, 27 Apr 2010 21:42:56 +0000 (UTC)
Received: from elwood.starfire.mn.org (john@localhost [127.0.0.1])
	by elwood.starfire.mn.org (8.14.3/8.14.3) with ESMTP id o3RLgtGF093321; 
	Tue, 27 Apr 2010 16:42:55 -0500 (CDT)
	(envelope-from john@elwood.starfire.mn.org)
Received: (from john@localhost)
	by elwood.starfire.mn.org (8.14.3/8.14.3/Submit) id o3RLgtSv093320;
	Tue, 27 Apr 2010 16:42:55 -0500 (CDT) (envelope-from john)
Date: Tue, 27 Apr 2010 16:42:55 -0500
From: John <john@starfire.mn.org>
To: "Randal L. Schwartz" <merlyn@stonehenge.com>
Message-ID: <20100427214255.GA93302@elwood.starfire.mn.org>
References: <20100427193106.GA91570@elwood.starfire.mn.org>
	<861ve0he9d.fsf@red.stonehenge.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <861ve0he9d.fsf@red.stonehenge.com>
User-Agent: Mutt/1.4.2.3i
Cc: freebsd-questions@freebsd.org
Subject: Re: Really simple spam trap - /dev/pf permissions?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Apr 2010 21:42:56 -0000

On Tue, Apr 27, 2010 at 12:44:14PM -0700, Randal L. Schwartz wrote:
> >>>>> "John" == John  <john@starfire.mn.org> writes:
> 
> John> (Obviously, I'll want to add to my cron scripts to age entries out
> John> of the spammers table, just to keep it down to a manageable size.
> John> I already have two dozen entries.)
> 
> You'll have a lot of collateral damage.  I've worked with a lot of
> schemes over the years for spamfighting.  A lot of spam is sourced
> inside corporate or educational choke points, meaning that a spam
> message from inside a company would block all remaining mail from that
> company.  So, for this to work, you really need to time out your blocks
> no more than an hour or two later, or legit mail will get unnecessarily
> delayed.

Grr.  I just expired the first address, at four hours old, and
IMMEDIATELY got a bunch Pfizer spams that were just delayed...

This is certainly not an easy nut to crack.
-- 

John Lind
john@starfire.MN.ORG