advice on anti-spam tools
Dan Nelson
dnelson at allantgroup.com
Tue Apr 3 04:49:36 UTC 2007
In the last episode (Apr 03), Angelin Lalev said:
> My e-mail server is running the latest spamassassin with all of the
> blacklist enabled and etc. but I still receive over 20 spam messages
> a day ("image" spam mostly).
>
> The situation with other users may be worse. That's why I was
> thinking about some tool that
>
> 1. store incoming email
> 2. send request to the sender of the message, requiring to go to some
> address and enter the numbers (letters) from image
> 3. if the puzzle is solved in time (week or so) deliver the message,
> otherwise delete it.
Chances are you would just be annoying innocent people with backscatter
email due to the forged addresses of most spam.
You say you're running the latest spamassassin, but are you downloading
updated rulesets? All of the image/stock spam I get is caught by
spamassassin rules. Make sure you're running sa-update on a regular
basis and restarting spamd when an update is applied. Putting
/usr/local/bin/sa-update && /usr/local/etc/rc.d/sa-spamd.sh restart
in a nightly cron job should suffice, I think. I have also found
greylisting to be very effective. greylisting penalizes "unknown" smtp
sources by tempfailing the first message seen from them for 5 minutes.
Spammers usually don't spend resources queueing messages, so you never
see them again. Real mail servers retry the message, which gets
delivered. Subsequent messages from the same server come through
without delay because the source is "known". I use
ports/mail/milter-greylist , which lets you adjust the greylist period
and the whitelist timeout, and also can synch its database between
multiple servers if you're running in a clustered setup.
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-questions
mailing list