Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 15 May 2004 13:24:16 +0200
From:      "Cyrille Lefevre" <clefevre-lists@9online.fr>
To:        "Gregory Sutter" <gsutter@zer0.org>, "Fernando Schapachnik" <fernando@mecon.gov.ar>
Cc:        freebsd-security@freebsd.org
Subject:   Re: How do fix a good solution against spam..
Message-ID:  <045a01c43a6f$290a2c90$7890a8c0@dyndns.org>
References:  <777BCABEE522D5119E3E00508B6CA0B802E9AA95@CYBHQMSX05><20040514114059.GD306@bal740r0.mecon.gov.ar> <20040515070914.GD73800@klapaucius.zer0.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
> On 2004-05-14 08:40 -0300, Fernando Schapachnik <fernando@mecon.gov.ar> wrote:
> > As everybody is throwing in their favorite anti-spam solutions, here's mine:
> >
> > http://www.paganini.net/ask/
> >
> > From the home page:
> >
> > ASK takes advantage of the fact that most spammers use invalid or
> > fake "From:" address in their messages. When a new message arrives
> > and the sender is unknown, ASK sends a "confirmation message"
> > back, informing the sender that the original message has been
> > queued, pending confirmation. When the sender confirms (a simple
> > reply), ASK delivers the original message and adds the sender to a
> > "whitelist". Further messages from this sender will be immediately
> > delivered.
>
> (I apologize for posting this O/T message.)
>
> Here's a well-thought-out argument against systems of this type:
>
> Challenge-Response Anti-Spam Systems Considered Harmful
>   http://kmself.home.netcom.com/Rants/challenge-response.html

I don't know ask, but I'm using tmda which is configured to NOT send any query.
this way, the offending messages are queued until I release or delete them using
tmda-pending.

so, such tool may not be so problematic, but the configuration or the
implementation
may be :(

the first versions of tmda don't allow to not bounce, the first thing I've done
was to patch tmda to go this way, then I submit the patch which wasn't accepted
at first. the time beeing, it was implemented differently, but the idea was kept
:P

here is the trick :

echo 'ACTION_INCOMING = "hold"' >> ~/.tmda/config

don't know if ask may hold queries instead of bouncing ?

Cyrille Lefevre.
-- 
home: mailto:cyrille.lefevre@laposte.net

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?045a01c43a6f$290a2c90$7890a8c0>