On Mon, 1 Mar 2004 08:24:01 +1000, Clemens Vermeulen <[EMAIL PROTECTED]> wrote: > This because spammers need to send their spam DIRECT TO YOU from their > dial-up/cable connection to prevent detection of their activity by > their ISP (by passing their spam through the ISPs SMTP server). > > A SINGLE Received: line. The one added by your SMTPSRCV....
Problem is that 99.999% of your clients legitimate outgoing mail are in the same situation. > 2. and/or adds the originating IP address to a timed black list so as > to reduce the load on our servers by simply not even talking to the > spammer again (for some (configurable) time at least). Mike already did something like this. Look at spamtrapping in smtprcv. I haven't had a good look at how it works but it appears to do this sort of thing (If user attempts to send more than x messages in y period then goes into temporary blacklist). > I look forward to the comments from Klint and the list. There's an article in the last ACS (australian computer society) journal on matching the rcp address to the from address in the message that says in almost all spam they dont match. In theory, you could use less intensive checking if they did match to reduce the load. klint. +---------------------------------------+-----------------+ : Klint Gore : "Non rhyming : : EMail : [EMAIL PROTECTED] : slang - the : : Snail : A.B.R.I. : possibilities : : Mail University of New England : are useless" : : Armidale NSW 2351 Australia : L.J.J. : : Fax : +61 2 6772 5376 : : +---------------------------------------+-----------------+ This is the discussion list for the IMS Free email server software. To unsubscribe send mailto:[EMAIL PROTECTED] Delivered by Rockliffe MailSite http://www.rockliffe.com/mailsite Rock Solid Software (tm)
