|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: image spam (and selective greylisting)
From: Rich Wales (richw
richw.org)
Date: Sat Sep 02 2006 - 00:38:06 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 15 August 2006, Ralf Hildebrandt posted a link to a description for
selective greylisting:
> http://www.stahl.bau.tu-bs.de/~hildeb/postfix/postfix_greylisting.shtml
I thought people might be interested in knowing that I was able to use
this technique to eliminate almost all of the recent wave of image spam
(the stuff with the presumably bogus stock market tips). I'm now using
postgrey on incoming mail if (and only if) either the client's DNS name,
or the name it supplies in the HELO command, has any of the following:
==> four or more periods
==> no periods at all (i.e., unqualified names, including "unknown")
==> four numbers in a row separated by periods
==> four numbers in a row separated by hyphens
Additionally, I'm using the "--lookup-by-host" flag to postgrey, and I've
also turned off auto-whitelisting (--auto-whitelist-clients=0).
I was already using sbl-xbl.spamhaus.org to block mail from known spammer
sites; quite a bit of mail that might otherwise have been greylisted via
the rules I just added was already being blocked via Spamhaus. But the
extra help from this selective greylisting technique has definitely made
a difference; on my (small-volume) SMTP server, I'm now seeing only one
or two "stock tips" image spam messages per day, as opposed to 10 - 20
per day previously.
Rich Wales
Palo Alto, CA, USA
richwrichw.org
http://www.richw.org
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]