[HCoop-Discuss] Spam

Graham Freeman graham.freeman at cernio.com
Mon Dec 4 21:47:37 EST 2006 

On 04 Dec, 2006, at 17:42, Adam Chlipala wrote:

> I think the more reasonable action is to catch up with the rest of the
> world and use spam filtering. :-)


Agreed.

Here's some relevant stuff I use with Sendmail 8.13.x on my incoming  
mail servers.


/etc/mail/access:
GreetPause:comcast.net          60000

(causes my machine to wait 60 seconds before responding to incoming  
SMTP connections from comcast.net.  Most spambots won't wait this  
long, but legitimate SMTP servers will.)


/etc/mail/sendmail.mc:

define(`confCONNECTION_RATE_THROTTLE', 3)dnl
define(`confCONNECTION_RATE_WINDOW_SIZE', `10m')dnl
FEATURE(`greet_pause', `10000')dnl
FEATURE(`delay_checks')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`dnsbl',`sbl-xbl.spamhaus.org')dnl
FEATURE(`dnsbl',`list.dsbl.org')dnl
dnl #FEATURE(`dnsbl',`combined.njabl.org',`Message from $& 
{client_addr} rejected - see http://njabl.org/lookup?$&{client_addr}') 
dnl
FEATURE(`dnsbl',`combined.njabl.org')dnl
FEATURE(`dnsbl',`relays.ordb.org')dnl
INPUT_MAIL_FILTER(`clamav', `S=local:/var/clamav/clamd.socket, F=,  
T=S:4m;R:4m')dnl
dnl FEATURE(`accept_unresolvable_domains')dnl


Also, it's useful to employ SpamAssassin's bayesian filtering (with  
daily learning of spam and ham mailboxes) coupled with teaching the  
user to manually move spam to the spam mailbox.


> All it takes is one publication of an e-mail address on the web for it
> to end up on spam lists, and it's so much nicer not living in dread of
> that day coming.


It actually takes less than that.  My mail servers are hit with at  
least hundreds, and often thousands, of probes on a regular basis  
from spammers who're mapping out the functional email addresses on  
the domains that I host.  They don't just use common European/ 
American names such as 'rob', either - they also try names from other  
cultures, words found in dictionaries (and not just English  
dictionaries either), and variations of known-good email addresses.   
When, for example, the spammers found that 'foobarnut at cernio.com'  
existed, I saw them try 'foobarnut at jahiel.net' (a domain with common  
MX records to cernio.com).  Of course, they'll also try that same  
thing across domains that don't share MX records.

All in all, obscuring the email address of a common username such as  
'rob' does no good whatsoever.  Obscuring the email address of a less  
common username such as 'graham.freeman' does very little to protect  
against spam, and in fact makes it harder to use email for legitimate  
purposes because it makes it harder for honest people to get in touch  
with me.  That's why I don't obscure addresses, whether on the web,  
USENET, or elsewhere.  I get spam, of course, but I get far more  
legitimate email.


Graham Freeman
Cernio Technology Cooperative
www.cernio.com
graham.freeman at cernio.com

More information about the HCoop-Discuss mailing list