From owner-freebsd-chat  Tue Nov 25 23:11:47 1997
Return-Path: <owner-freebsd-chat@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id XAA25530
          for chat-outgoing; Tue, 25 Nov 1997 23:11:47 -0800 (PST)
          (envelope-from owner-freebsd-chat@FreeBSD.ORG)
Received: from freebie.lemis.com (gregl1.lnk.telstra.net [139.130.136.133])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id XAA25525;
          Tue, 25 Nov 1997 23:11:41 -0800 (PST)
          (envelope-from grog@freebie.lemis.com)
Received: (from grog@localhost)
	by freebie.lemis.com (8.8.8/8.8.5) id RAA15842;
	Wed, 26 Nov 1997 17:41:32 +1030 (CST)
Message-ID: <19971126174132.22911@lemis.com>
Date: Wed, 26 Nov 1997 17:41:32 +1030
From: Greg Lehey <grog@lemis.com>
To: "Jordan K. Hubbard" <jkh@time.cdrom.com>
Cc: "Jonathan M. Bresler" <jmb@FreeBSD.ORG>, chat@hub.freebsd.org
Subject: Re: major push by spammers?
References: <19971126173214.61195@lemis.com> <18154.880528164@time.cdrom.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.84e
In-Reply-To: <18154.880528164@time.cdrom.com>; from Jordan K. Hubbard on Tue, Nov 25, 1997 at 11:09:24PM -0800
Organisation: LEMIS, PO Box 460, Echunga SA 5153, Australia
Phone: +61-8-8388-8286
Fax: +61-8-8388-8725
Mobile: +61-41-739-7062
WWW-Home-Page: http://www.lemis.com/~grog
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk

On Tue, Nov 25, 1997 at 11:09:24PM -0800, Jordan K. Hubbard wrote:
>>> Try turning on reverse DNS filtering and you'll find that this number
>>> goes WAAAY up.  According to my stats just for time.cdrom.com, I've
>>> rejected 2203 spam attempts since 9am this morning.  Yep, that's
>>> correct - approximately 2.8 spams rejected every minute.
>>
>> Wow.  You must have annoyed somebody :-)
>
> No, I'm just stupid enough to post to USENET using my real mailing
> address. :-)

Isn't that the same thing?

>> How are you recognizing the spammers?
>
> 2 ways: The first, if reverse DNS lookup fails, accounts for about 90%
> of the rejects.  When I first started doing this, I worried that
> perhaps I was rejecting some legit emails so for the first couple of
> weeks I'd do one day on, one day off.  In 14 days worth of testing, I
> got one "legitimate" message (though it was unanswerable due to said
> misconfiguration, so I could have done without it :) and many many
> hundreds of spams on the days that I had reverse DNS checking
> disabled.  Needless to say, I can't even imagine not having it on now.
>
> The second way, which accounts for that last 10%, is to reject
> according to a ban list which is maintained by the folks at gulf.net
> (to which we add our own local banlist).

Hmmm.  If I ever get this book finished, I suppose I should take a
look at this.

Greg