Date: Mon, 7 Apr 1997 01:02:27 -0400 (EDT) From: C Matthew Curtin <cmcurtin@research.megasoft.com> To: Rob Hartill <robh@imdb.com> Cc: questions@freebsd.org Subject: Re: ipfw config to block sp@m Message-ID: <199704070502.BAA22111@goffette.research.megasoft.com> In-Reply-To: <Pine.NEB.3.96.970406173130.8079B-100000@localhost> References: <Pine.NEB.3.96.970406173130.8079B-100000@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Rob" == Rob Hartill <robh@imdb.com> writes: Rob> Does anyone out there have/keep a set of config lines for ipfw to Rob> block sp@mmers ? This approach has a number of problems. * Spammers often don't come from the same place. Some bozo goes and gets a $20 account at an ISP, gets their machine on the 'net, and out goes the spam. The account gets killed, and they don't care. They go out to another ISP and do the same thing. * You'll need to have all of your MXers (if you've got any) implement the same filtering rules to their mailhosts. There are some better ways to filter the stuff out. My (current) favorite is to use procmail either as a local delivery agent for the MTA, or to have users pipe their mail to procmail, and let their own procmailrc files deal with it. In addition to the ability to filter things into different folders, certain telltale signs of spam can be scanned for. If the pattern is matched, redirect the stuff to /dev/null. * A number of spam packages are now identifying themselves in the X-Mailer header. If you know the name of any of these stupid things, you can look for the pattern ^X-Mailer:.*spam-warez-name. Other possibilities including scanning the top and/or bottom n lines for something that looks like one of those "just reply with the word remove in the subject, blah blah blah" notices, looking for things with symmetrical symbols in the subject, especially three or more $, >, or * characters... For the last few months, I've been saving all of the spam that I get into a folder. I plan on doing some analysis of the stuff to see what other patterns I can find, and things like that to help write some more intelligent rules for throwing the junk away. Has anyone else been saving these things? It might be useful to compare notes... -- Matt Curtin Chief Scientist Megasoft, Inc. cmcurtin@research.megasoft.com http://www.research.megasoft.com/people/cmcurtin/ I speak only for myself Death to small keys. Crack DES NOW! http://www.frii.com/~rcv/deschall.htm
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704070502.BAA22111>