[HCoop-Discuss] Spam
Graham Freeman
graham.freeman at cernio.com
Mon Dec 4 21:47:37 EST 2006
On 04 Dec, 2006, at 17:42, Adam Chlipala wrote:
> I think the more reasonable action is to catch up with the rest of the
> world and use spam filtering. :-)
Agreed.
Here's some relevant stuff I use with Sendmail 8.13.x on my incoming
mail servers.
/etc/mail/access:
GreetPause:comcast.net 60000
(causes my machine to wait 60 seconds before responding to incoming
SMTP connections from comcast.net. Most spambots won't wait this
long, but legitimate SMTP servers will.)
/etc/mail/sendmail.mc:
define(`confCONNECTION_RATE_THROTTLE', 3)dnl
define(`confCONNECTION_RATE_WINDOW_SIZE', `10m')dnl
FEATURE(`greet_pause', `10000')dnl
FEATURE(`delay_checks')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`dnsbl',`sbl-xbl.spamhaus.org')dnl
FEATURE(`dnsbl',`list.dsbl.org')dnl
dnl #FEATURE(`dnsbl',`combined.njabl.org',`Message from $&
{client_addr} rejected - see http://njabl.org/lookup?$&{client_addr}')
dnl
FEATURE(`dnsbl',`combined.njabl.org')dnl
FEATURE(`dnsbl',`relays.ordb.org')dnl
INPUT_MAIL_FILTER(`clamav', `S=local:/var/clamav/clamd.socket, F=,
T=S:4m;R:4m')dnl
dnl FEATURE(`accept_unresolvable_domains')dnl
Also, it's useful to employ SpamAssassin's bayesian filtering (with
daily learning of spam and ham mailboxes) coupled with teaching the
user to manually move spam to the spam mailbox.
> All it takes is one publication of an e-mail address on the web for it
> to end up on spam lists, and it's so much nicer not living in dread of
> that day coming.
It actually takes less than that. My mail servers are hit with at
least hundreds, and often thousands, of probes on a regular basis
from spammers who're mapping out the functional email addresses on
the domains that I host. They don't just use common European/
American names such as 'rob', either - they also try names from other
cultures, words found in dictionaries (and not just English
dictionaries either), and variations of known-good email addresses.
When, for example, the spammers found that 'foobarnut at cernio.com'
existed, I saw them try 'foobarnut at jahiel.net' (a domain with common
MX records to cernio.com). Of course, they'll also try that same
thing across domains that don't share MX records.
All in all, obscuring the email address of a common username such as
'rob' does no good whatsoever. Obscuring the email address of a less
common username such as 'graham.freeman' does very little to protect
against spam, and in fact makes it harder to use email for legitimate
purposes because it makes it harder for honest people to get in touch
with me. That's why I don't obscure addresses, whether on the web,
USENET, or elsewhere. I get spam, of course, but I get far more
legitimate email.
Graham Freeman
Cernio Technology Cooperative
www.cernio.com
graham.freeman at cernio.com
More information about the HCoop-Discuss
mailing list