At 02:10 AM 11/8/2002 -0500, Michael wrote:
yeah, i've been wondering about this also. seems really not great to have the server grinding away on useless spam.
yes not only that, but all the work involved. I have a server with about 10,000 users, and I don't really want to have every one of them running python for ever piece of email. though I think TMDA is a really great piece of software, and the best anti-spam idea yet, it's still only one piece of a total anti-spam solution.
has anyone considered the juniper smtp proxy/firewall as a candidate for tmda application (somehow)?
yeah, the best thing I've seen so far, and I shudder to mention it, because I really DON'T like it, is a product from mcafee called webshield. It's an appliance (the e250/e500 models). transparent mail server, does anti-virus as well as spam, content filtering, and the rest. But, as I said, I don't much care for mcafee (having once worked for them for a few years), I'm not all that impressed. (its like they say, learning the secrets about something may spoil the magic).
/var/qmail/control/badmailfrom only goes so far...in fact, not really very far.
in postfix you can set up a reject list, but that's not much either. and lately I've been disenheartened with postfix as well.
definitely. having a dedicated box out front of your real mail server seemsthe functions of tmda should be built into smtp, closer to the edge, so email doesn't even come in one inch from blacklisted senders, and confirms go out *before* any smtp takes place... hmmmmm
a good idea, but more work and cost involved here. though I'm sure it can be
done without dedicating a machine to it.
even something as simple as having the mail filter verify forward vs reverse lookups,
rejecting from "Unknown", rejecting from pure IPs (with no domain), from "", from yourself (I love this one),
doesnt do much.
even an anti-spam list (of domains) that the mail server rejects - even a front end mail server
in front of the real one, still lacking.
piping the filter list into the front-end mail server AND also into an entry in "hosts" (route it to 127.0.0.1)
which means the machine wont even accept connections from that ip, saving the mail server a lot of work.
so far it's the best thing I can think of. but not all addresses could be filtered this way. which means
maintaining two lists.
I know! make sending spam a capital crime... anyone sending spam will be shot (well, it was a thought) :)
ps - I'm joking
Dan.
_____________________________________________
tmda-users mailing list ([EMAIL PROTECTED])
http://tmda.net/lists/listinfo/tmda-users
