On Thursday 31 August 2006 04:32 pm, p-at-dirac.org \(Peter Jay Salzman\) |lugod| wrote: > On Thu 31 Aug 06, 2:47 PM, Rod Roark <[EMAIL PROTECTED]> said: > > On Thursday 31 August 2006 13:51, Peter Jay Salzman wrote: > > > i'm getting hammered with email containing text designed to trick > > > bayesian filters.... > > > > I think content filtering is almost a waste of time. As you see, > > spammers can always design content that gets past the filters. What > > else are you doing to combat spam? > > I'm using a multi-tiered approach. You'd be surprised at the most > effective (for me) anti-spam measures. > > > > > # By default, smtpd_client_restrictions is applied at the RCPT TO > command. # To have the restriction take effect ASAP, do this (may cause > unexpected # results with poorly impolemented client software): > # > smtpd_delay_reject = yes
I've seen people say that a multiline greet also confuses some spamware. > reject_rbl_client cbl.abuseat.org > reject_rbl_client sbl.spamhaus.org, You outh to replace these two with sbl-xbl.spamhaus.org, which imports CBL. > You'd be shocked at the effectiveness of rejecting email that says it comes > from "dirac.org" or email that doesn't have a valid fqdn sender. > > The rules prefixed by '*' are _extremely_ effective. Also, this catches > most viruses (you most likely use the same thing): > > > /^TVqQAAMAAAAEAAAA\/\/8AALg/ REJECT > win32 executable attachments are not accepted here. > > /^(Wk|TV)..............\/\// REJECT > DOS executable attachments are not accepted. > > /^UEsDBAoAA/ REJECT > Zip file attachments are not accepted; use bzip2 (.bz2) or gzip > (.gz) instead. > > > and lastly, these are HIGHLY effective too: > > > dirac.org REJECT You are not in dirac.org (1). Go away, spammer. > www.dirac.org REJECT You are not in dirac.org (2). Go away, spammer. > mail.dirac.org REJECT You are not in dirac.org (3). Go away, spammer. > localhost REJECT You are not my localhost (4). Go away, spammer. > 192.168.0.1 REJECT You are not in dirac.org (5). Go away, spammer. Yeah, I get boat loads of spammers claiming to be my servers in helo too. > I also use this to filter out bogus virus messages. This really saves me a > lot of stress when the new MS virus du jour comes out. It goes into > "checks_header" > > http://www.t29.dk/header_check_notes.php > > I also drop companies that I did business with and who *relentlessly* > spammed me afterwards after repeated pleas for them to stop. Two companies > that come to mind are: > > vermontteddybear.com > cdrom2go.com > > They get REJECTed for persistently spamming me. I use sneakemail for dealing with companies on the internet. It has the nice effect of allowing me to track who's whoring out my address. Setting up a catch-all address scheme can similarly be used, but I'd rather just not have to deal with the email after I decide to deactivate an address. > All this stuff is done at the MTA level, so no delivery is attempted. If a > spam does get through, and this is *exceedingly* rare, it has to contend > with bogofilter, spamassassin, and procmail, in that order. > > I can, literally, go months before spam reaches my inbox. I've totally > forgotten what it was like to even get spam, which is why the > "image001.gif" thing was so distressing. I forgot what spam was like. > > If you're interested, I can compile a more comprehensive list including all > the nitty gritty details of my various Postfix files, procmail filters, Take a look at the imageinfo spamassassin plugin and the SARE rulesets. People have reported good results with these. -- Ryan Castellucci - http://ryanc.org/ GPG Key: http://ryanc.org/files/publickey.asc _______________________________________________ vox-tech mailing list [email protected] http://lists.lugod.org/mailman/listinfo/vox-tech
