Re: [vox-tech] spam current events
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [vox-tech] spam current events
On Thu 31 Aug 06, 2:47 PM, Rod Roark <firstname.lastname@example.org> said:
> On Thursday 31 August 2006 13:51, Peter Jay Salzman wrote:
> > i'm getting hammered with email containing text designed to trick bayesian
> > filters....
> I think content filtering is almost a waste of time. As you see,
> spammers can always design content that gets past the filters. What
> else are you doing to combat spam?
I'm using a multi-tiered approach. You'd be surprised at the most effective
(for me) anti-spam measures.
# By default, smtpd_client_restrictions is applied at the RCPT TO command.
# To have the restriction take effect ASAP, do this (may cause unexpected
# results with poorly impolemented client software):
smtpd_delay_reject = yes
# Require the HELO (or EHLO) command, and disable VRFY.
smtpd_helo_required = yes
disable_vrfy_command = yes
body_checks = pcre:/etc/postfix/checks_body
# This restricts what clients this system accepts SMTP connections from.
# ORDER IMPORTANT!!!
header_checks = regexp:/etc/postfix/checks_header
You'd be shocked at the effectiveness of rejecting email that says it comes
from "dirac.org" or email that doesn't have a valid fqdn sender.
The rules prefixed by '*' are _extremely_ effective. Also, this catches
most viruses (you most likely use the same thing):
win32 executable attachments are not accepted here.
DOS executable attachments are not accepted.
Zip file attachments are not accepted; use bzip2 (.bz2) or gzip
and lastly, these are HIGHLY effective too:
dirac.org REJECT You are not in dirac.org (1). Go away, spammer.
www.dirac.org REJECT You are not in dirac.org (2). Go away, spammer.
mail.dirac.org REJECT You are not in dirac.org (3). Go away, spammer.
localhost REJECT You are not my localhost (4). Go away, spammer.
192.168.0.1 REJECT You are not in dirac.org (5). Go away, spammer.
I also use this to filter out bogus virus messages. This really saves me a
lot of stress when the new MS virus du jour comes out. It goes into
I also drop companies that I did business with and who *relentlessly*
spammed me afterwards after repeated pleas for them to stop. Two companies
that come to mind are:
They get REJECTed for persistently spamming me.
Then of course, I use a number of RBLs that you see above.
All this stuff is done at the MTA level, so no delivery is attempted. If a
spam does get through, and this is *exceedingly* rare, it has to contend
with bogofilter, spamassassin, and procmail, in that order.
I can, literally, go months before spam reaches my inbox. I've totally
forgotten what it was like to even get spam, which is why the "image001.gif"
thing was so distressing. I forgot what spam was like.
If you're interested, I can compile a more comprehensive list including all
the nitty gritty details of my various Postfix files, procmail filters, etc.
ps- BTW, I confirmed that this is indeed some kind of MS virus, but there
doesn't seem to be a whole lot known about it currently. At least, nothing
I read after a quick Googling.
The Buddha, the Godhead, resides quite as comfortably in the circuits of a
digital computer or the gears of a cycle transmission as he does at the
top of a mountain or in the petals of a flower. To think otherwise is to
demean the Buddha, which is to demean oneself. -- Robert M. Pirsig
Peter Jay Salzman, email: email@example.com web: http://www.dirac.org/p
PGP Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D
vox-tech mailing list