From owner-freebsd-chat  Wed Nov 26 08:58:45 1997
Return-Path: <owner-freebsd-chat@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id IAA00967
          for chat-outgoing; Wed, 26 Nov 1997 08:58:45 -0800 (PST)
          (envelope-from owner-freebsd-chat@FreeBSD.ORG)
Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.133])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id IAA00955;
          Wed, 26 Nov 1997 08:58:33 -0800 (PST)
          (envelope-from mark@greenpeace.grondar.za)
Received: from greenpeace.grondar.za (Dpo2wEw0qknGCaeOmslx4Jn1g78VeGNo@greenpeace.grondar.za [196.7.18.132])
	by gratis.grondar.za (8.8.7/8.8.8) with ESMTP id SAA07418;
	Wed, 26 Nov 1997 18:58:31 +0200 (SAT)
	(envelope-from mark@greenpeace.grondar.za)
Received: from greenpeace.grondar.za (oPZHaPftvfHliGk8AZXZfOxRStpN9n0s@localhost [127.0.0.1])
	by greenpeace.grondar.za (8.8.8/8.8.8) with ESMTP id SAA00331;
	Wed, 26 Nov 1997 18:58:29 +0200 (SAST)
	(envelope-from mark@greenpeace.grondar.za)
Message-Id: <199711261658.SAA00331@greenpeace.grondar.za>
X-Mailer: exmh version 2.0zeta 7/24/97
To: "Jordan K. Hubbard" <jkh@time.cdrom.com>
cc: Greg Lehey <grog@lemis.com>, "Jonathan M. Bresler" <jmb@FreeBSD.ORG>,
        chat@hub.freebsd.org
Subject: Re: major push by spammers? 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 26 Nov 1997 18:58:28 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

"Jordan K. Hubbard" wrote:
> > How are you recognizing the spammers?
> 
> 2 ways: The first, if reverse DNS lookup fails, accounts for about 90%
> of the rejects.  When I first started doing this, I worried that
> perhaps I was rejecting some legit emails so for the first couple of
> weeks I'd do one day on, one day off.  In 14 days worth of testing, I
> got one "legitimate" message (though it was unanswerable due to said
> misconfiguration, so I could have done without it :) and many many
> hundreds of spams on the days that I had reverse DNS checking
> disabled.  Needless to say, I can't even imagine not having it on now.
> 
> The second way, which accounts for that last 10%, is to reject
> according to a ban list which is maintained by the folks at gulf.net
> (to which we add our own local banlist).

By far the mest method is Paul Vixies RBL (Realtime Blackhole List). See
http://maps.vix.com/rbl/ - There are some sendmail rules that work 
really well. The cool thing is that DNS outages are failsafe.

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org