Bouncing spam

Matthew Seaman m.seaman at infracaninophile.co.uk
Sat Aug 9 16:32:24 BST 2003


--PEIAKu/WMn1b1Hv9
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Aug 09, 2003 at 04:00:29PM +0100, Bruce M Simpson wrote:
> Sounds like one for ROKSO (www.spamhaus.org).
>=20
> Use SpamAssassin with amavisd, use a very tight anti-UCE Postfix
> configuration, and don't forget to floss after meals.

Hmmm... or spamcop.net.  The spamcop DNSBL is one of the better ones
I've tried.  Currently I'm getting about 20--30 rejected connections a
day from that, and spamassassin mops up anything that does scrape
through. Here's my experience of the OP's spam message:

/var/log/maillog.3.gz:Aug  5 20:47:24 happy-idiot-talk sm-mta[18121]: rules=
et=3Dcheck_relay, arg1=3Duser-0cei98v.cable.mindspring.com, arg2=3D24.233.3=
7.31, relay=3Duser-0cei98v.cable.mindspring.com [24.233.37.31], reject=3D55=
0 5.7.1 Mail from 24.233.37.31 rejected using spamcop.net DNSBL. See http:/=
/spamcop.net/w3m?action=3Dcheckblock&ip=3D24.233.37.31

There's something deeply satisfying about bouncing the spam at the
check_relay (HELO) stage -- although I am somewhat tempted to delay
the tests until the check_rcpt (RCPT TO) phase and change the bounce
message to claim that they're trying to send to a non-existant
address.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--PEIAKu/WMn1b1Hv9
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)

iD8DBQE/NRQIdtESqEQa7a0RAvocAJ9D++45c0OK1krnsM0Za0zazwaUsACeOrBD
Mn6cxmOi4y6xX6PHS4D7nN0=
=hITi
-----END PGP SIGNATURE-----

--PEIAKu/WMn1b1Hv9--




More information about the Ukfreebsd mailing list