OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Len Conrad (LConrad_at_Go2France.com)
Date: Sun Sep 01 2002 - 13:51:27 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    >However I personally thing that any attempt at simple matching of
    >content in the body, and especially in the headers, to identify spam is
    >very naive

    not only that, we find it extremely marginal. I've marked regexp hits in
    this report (thanks Craig).

           4 RBL orbs.dorkslayers.com
           5 ACL mta_clients_pipel (pipelining)
           6 ACL mta_clients_relay
           8 RBL sbl.spamhaus.org
          10 SMTP invalid recipientrecipient.domain
          13 RBL korea.services.net
          25 RBL rbl-plus.mail-abuse.org
          33 ACL from_senders_bogus
          35 SMTP invalid sendersender.domain
          59 ACL mta_clients_slet
          62 SMTP unauthorized pipelining
          79 RBL blackholes.wirehub.net
          81 ACL unauthorized relay
          81 ACL from_senders_nxdomain
         115 DNS timeout for MTA PTR hostname (forged sender.domain)
         138 RBL dynablock.wirehub.net
         139 ACL body checks <<<<<<<<<<<<<<<<<<<<<
         176 RBL proxies.relays.monkeys.com
         306 ACL mta_clients_dict
         312 RBL relays.ordb.org
         318 ACL helo_hostnames
         351 ACL mta_clients_hel
         499 ACL from_senders_black
         546 ACL header checks <<<<<<<<<<<<<<<<<<<<
         771 RBL bl.spamcop.net
         994 DNS nxdomain for MTA PTR hostname (forged sender.domain)
        1223 DNS no A/MX for sender.domain
        2718 ACL mta_clients_bogus
        3829 ACL from_senders_slet
        4699 ACL to_recipients_dead
        5308 ACL from_senders_clueless
        5398 ACL mta_clients_blaksender
        6358 ACL mta_clients_rbl
       12692 ACL mta_clients_dead

       47391 TOTAL

    Less than 1000 out of 47K rejects

    >(some simple matches catch virii and other computer generated
    >and repetitive junk once it's been uniquely identified, but spam by its
    >nature is far more random than that).

    > http://www.paulgraham.com/spam.html

    I'd like to try it but where's the code?

    Len

    ____________________________________________________________________
    www.menandmice.com/DNS-training : DNS Training
    BIND8NT.MEIway.com: Secure config ; DNS and mail interactions
    IMGate.MEIway.com : Free, proven config for anti-mail-abuse gateways

    -
    To unsubscribe, send mail to majordomopostfix.org with content
    (not subject): unsubscribe postfix-users