pf overload for SMTP

[Matthew Seaman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/03/2010 16:35:07, John wrote:
> Is there any reason one couldn't do something similar for SMTP?  Maybe
> a little wider sample window, like 10/300?  Or would you end up blocking
> too any things that you don't mean to block?  Anyone played with this
> for SMTP?

You can do this with SMTP, but I'm not sure quite how useful it would be
given the different usage patterns for e-mail.  (I've applied it quite
happly for FTP servers, for example)

If you want to do some pf-level antispam stuff, then look at spamd -- in
the ports as obspamd to prevent confusion with SpamAssassin's spamd.
http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html

This implements greylisting, greytrapping and teergrube against
addresses blacklisted as spam sources.  Last I checked it only worked on
IPv4 though.

It's a fairly light-weight means of eliminating quite a lot of spam, but
it should be used in conjunction with other MTA mediated anti-spam
techniques, for example SpamAssassin

 	Cheers,

	Matthew

- -- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkuRNOEACgkQ8Mjk52CukIzcGACePJLeg/yorVq8vpVA6Nr7WBbI
FksAn0hkNVrOo/m9o5gClh7J7zGoWdvU
=JW5l
-----END PGP SIGNATURE-----