Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 7 Apr 1997 01:02:27 -0400 (EDT)
From:      C Matthew Curtin <cmcurtin@research.megasoft.com>
To:        Rob Hartill <robh@imdb.com>
Cc:        questions@freebsd.org
Subject:   Re: ipfw config to block sp@m
Message-ID:  <199704070502.BAA22111@goffette.research.megasoft.com>
In-Reply-To: <Pine.NEB.3.96.970406173130.8079B-100000@localhost>
References:  <Pine.NEB.3.96.970406173130.8079B-100000@localhost>

next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Rob" == Rob Hartill <robh@imdb.com> writes:

Rob> Does anyone out there have/keep a set of config lines for ipfw to
Rob> block sp@mmers ?

This approach has a number of problems.

 * Spammers often don't come from the same place.  Some bozo goes and
   gets a $20 account at an ISP, gets their machine on the 'net, and
   out goes the spam.  The account gets killed, and they don't care.
   They go out to another ISP and do the same thing.

 * You'll need to have all of your MXers (if you've got any) implement
   the same filtering rules to their mailhosts.

There are some better ways to filter the stuff out.  My (current)
favorite is to use procmail either as a local delivery agent for the
MTA, or to have users pipe their mail to procmail, and let their own
procmailrc files deal with it.  In addition to the ability to filter
things into different folders, certain telltale signs of spam can be
scanned for.  If the pattern is matched, redirect the stuff to
/dev/null.

* A number of spam packages are now identifying themselves in the 
  X-Mailer header.  If you know the name of any of these stupid
  things, you can look for the pattern ^X-Mailer:.*spam-warez-name.
  Other possibilities including scanning the top and/or bottom n lines
  for something that looks like one of those "just reply with the word
  remove in the subject, blah blah blah" notices, looking for things
  with symmetrical symbols in the subject, especially three or more $,
  >, or * characters...

For the last few months, I've been saving all of the spam that I get
into a folder.  I plan on doing some analysis of the stuff to see what
other patterns I can find, and things like that to help write some
more intelligent rules for throwing the junk away.  Has anyone else
been saving these things?  It might be useful to compare notes...

-- 
Matt Curtin  Chief Scientist  Megasoft, Inc.  cmcurtin@research.megasoft.com
http://www.research.megasoft.com/people/cmcurtin/    I speak only for myself
Death to small keys.  Crack DES NOW!   http://www.frii.com/~rcv/deschall.htm




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704070502.BAA22111>