From owner-freebsd-questions@FreeBSD.ORG Tue Apr 3 04:49:36 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2BE9A16A405 for ; Tue, 3 Apr 2007 04:49:36 +0000 (UTC) (envelope-from dan@dan.emsphone.com) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by mx1.freebsd.org (Postfix) with ESMTP id E559913C483 for ; Tue, 3 Apr 2007 04:49:25 +0000 (UTC) (envelope-from dan@dan.emsphone.com) Received: from dan.emsphone.com (dan@localhost [127.0.0.1]) by dan.emsphone.com (8.14.0/8.13.8) with ESMTP id l334nJnx022846 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 2 Apr 2007 23:49:20 -0500 (CDT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.14.0/8.14.0/Submit) id l334nJIa022837; Mon, 2 Apr 2007 23:49:19 -0500 (CDT) (envelope-from dan) Date: Mon, 2 Apr 2007 23:49:19 -0500 From: Dan Nelson To: Angelin Lalev Message-ID: <20070403044918.GH72689@dan.emsphone.com> References: <0875b56eeca4d320fd9fa7b0d940fce2@uni-svishtov.bg> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <0875b56eeca4d320fd9fa7b0d940fce2@uni-svishtov.bg> X-OS: FreeBSD 6.2-STABLE User-Agent: Mutt/1.5.14 (2007-02-12) Cc: freebsd-questions@freebsd.org Subject: Re: advice on anti-spam tools X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Apr 2007 04:49:36 -0000 In the last episode (Apr 03), Angelin Lalev said: > My e-mail server is running the latest spamassassin with all of the > blacklist enabled and etc. but I still receive over 20 spam messages > a day ("image" spam mostly). > > The situation with other users may be worse. That's why I was > thinking about some tool that > > 1. store incoming email > 2. send request to the sender of the message, requiring to go to some > address and enter the numbers (letters) from image > 3. if the puzzle is solved in time (week or so) deliver the message, > otherwise delete it. Chances are you would just be annoying innocent people with backscatter email due to the forged addresses of most spam. You say you're running the latest spamassassin, but are you downloading updated rulesets? All of the image/stock spam I get is caught by spamassassin rules. Make sure you're running sa-update on a regular basis and restarting spamd when an update is applied. Putting /usr/local/bin/sa-update && /usr/local/etc/rc.d/sa-spamd.sh restart in a nightly cron job should suffice, I think. I have also found greylisting to be very effective. greylisting penalizes "unknown" smtp sources by tempfailing the first message seen from them for 5 minutes. Spammers usually don't spend resources queueing messages, so you never see them again. Real mail servers retry the message, which gets delivered. Subsequent messages from the same server come through without delay because the source is "known". I use ports/mail/milter-greylist , which lets you adjust the greylist period and the whitelist timeout, and also can synch its database between multiple servers if you're running in a clustered setup. -- Dan Nelson dnelson@allantgroup.com