spam removal
    Kris Kennaway 
    kris at obsecurity.org
       
    Mon Feb 16 01:52:22 PST 2004
    
    
  
On Mon, Feb 16, 2004 at 04:44:25AM -0500, matthew wrote:
> 
> 
> On Mon, 16 Feb 2004, Kris Kennaway wrote:
> 
> > On Mon, Feb 16, 2004 at 01:13:16AM -0800, Olga Zenkova wrote:
> > > Hi!
> > > Some of my FreeBSD users get to much spam daily. What
> > > tools can anybody advice to stop it? Now I have
> > > sendmail with access.db, which is already used but I
> > > think it is not very effective at all. May be other
> > > mail daemon or some additional tools for sendmail?
> >
> > I recommend bogofilter for per-user filtering.  Spamassassin is also
> > highly recommended for site use.  I tend to dislike DNS-based
> > filtering because it has a high rate of false positives, and it causes
> > your users to lose legitimate mail if it's rejected at the mail
> > server.
> 
> As far as I understand it, one does "not lose email" using dns-based
> blacklists.
This is an over-generalization...I certainly have mail regularly
bounced by dns-based blacklists.
> The day i implemented it, my manager sent an email from
> someone's home whose wireless AP was not secured. My manager recieved
> a error mesg back, saying please visit this site, and it happened to be
> an easy off blacklist. He punched in his ip, was automatically removed
> and sent the email. Worked great. Too bad it got the most customer
> complaints and i canned it. I use 3 now.
You've described someone's particular blacklist that was friendly
enough to provide an escape route.  Most of the blacklists I encounter
do not, and the only way I can contact the person on the other side is
by sending mail from another (non-blacklisted) host.  However, since
most of the rejected emails are advisory and sent for the benefit of
the recipient, I usually don't bother, and their misguided attempt at
spam filtering bites them silently on the ass :)
> Feb 16 04:41:05 primx6 sm-mta-label[14301]: ruleset=check_relay,
> arg1=[61.111.22.187], arg2=61.111.22.187, relay=sPacEoP@[61.111.22.187],
> reject=550 5.7.1 Mail from 61.111.22.187 refused - see http://dsbl.org/
> 
> these 3 are now running non stop last months. not a peep from
> our customers. these machines/ips on these blacklists represent,
> the worst scum of the internet, as well as the dumbest.
Bear in mind that your customers have no way of knowing that they have
lost mail, unless the sender persists and manages to make contact some
other way.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040216/7d656279/attachment.bin
    
    
More information about the freebsd-questions
mailing list