Date: Tue, 3 Apr 2007 20:24:32 -0700 From: Gary Kline <kline@tao.thought.org> To: Dan Nelson <dnelson@allantgroup.com> Cc: Angelin Lalev <lalev@uni-svishtov.bg>, freebsd-questions@freebsd.org Subject: Re: advice on anti-spam tools Message-ID: <20070404032432.GA13302@thought.org> In-Reply-To: <20070403044918.GH72689@dan.emsphone.com> References: <0875b56eeca4d320fd9fa7b0d940fce2@uni-svishtov.bg> <20070403044918.GH72689@dan.emsphone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 02, 2007 at 11:49:19PM -0500, Dan Nelson wrote:
> In the last episode (Apr 03), Angelin Lalev said:
> > My e-mail server is running the latest spamassassin with all of the
> > blacklist enabled and etc. but I still receive over 20 spam messages
> > a day ("image" spam mostly).
> >
> > The situation with other users may be worse. That's why I was
> > thinking about some tool that
> >
> > 1. store incoming email
> > 2. send request to the sender of the message, requiring to go to some
> > address and enter the numbers (letters) from image
> > 3. if the puzzle is solved in time (week or so) deliver the message,
> > otherwise delete it.
>
> Chances are you would just be annoying innocent people with backscatter
> email due to the forged addresses of most spam.
>
> You say you're running the latest spamassassin, but are you downloading
> updated rulesets? All of the image/stock spam I get is caught by
> spamassassin rules. Make sure you're running sa-update on a regular
> basis and restarting spamd when an update is applied. Putting
>
> /usr/local/bin/sa-update && /usr/local/etc/rc.d/sa-spamd.sh restart
>
> in a nightly cron job should suffice, I think. I have also found
> greylisting to be very effective. greylisting penalizes "unknown" smtp
> sources by tempfailing the first message seen from them for 5 minutes.
> Spammers usually don't spend resources queueing messages, so you never
> see them again. Real mail servers retry the message, which gets
> delivered. Subsequent messages from the same server come through
> without delay because the source is "known". I use
> ports/mail/milter-greylist , which lets you adjust the greylist period
> and the whitelist timeout, and also can synch its database between
> multiple servers if you're running in a clustered setup.
>
I've been experimenting with greylisting for months. Not
sure the regular mail filter installs or not, but the devel
version installed just now perfectly.
Is there any tutorial on this or should I just re-read the man
pages and other docs a few more times! From llooking at the
config file in /usr/local/etc/mail, the "retry" seems to default
to a #commented-out 1h. Sorry, but I have trouble parsing
this kind of grammar:
<quote>
# How long a client has to wait before we accept
# the messages it retries to send. Here, 1 hour.
# May be overridden by the "-w greylist_delay" command line argument.
#greylist 1h
</quote>
If you, Dan, or anyone else on-list could clue me in, I would
be much obliged. (Once--and only once--I think I had greylisting
working, but I screwed up my sendmail {or whatever} and yanked
everything. After many hours, mail workedd, but I didn't
re-install greylisting. It *did* cut down the SPAM
considerably. It's time to retry.
thanks much,
gary
> --
> Dan Nelson
> dnelson@allantgroup.com
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
--
Gary Kline kline@thought.org www.thought.org Public Service Unix
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070404032432.GA13302>