From owner-freebsd-questions@FreeBSD.ORG Tue Apr 3 02:57:10 2007 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E2C3E16A409 for ; Tue, 3 Apr 2007 02:57:10 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from out4.smtp.messagingengine.com (out4.smtp.messagingengine.com [66.111.4.28]) by mx1.freebsd.org (Postfix) with ESMTP id A399513C4BC for ; Tue, 3 Apr 2007 02:57:10 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from compute2.internal (compute2.internal [10.202.2.42]) by out1.messagingengine.com (Postfix) with ESMTP id 95D3B211EEB; Mon, 2 Apr 2007 22:57:13 -0400 (EDT) Received: from heartbeat1.messagingengine.com ([10.202.2.160]) by compute2.internal (MEProxy); Mon, 02 Apr 2007 22:57:10 -0400 X-Sasl-enc: X3I0Tc5l+sZC97aFSOirTuGPH1AwgfsVkU/c0OGr8Lup 1175569030 Received: from [10.1.10.136] (n114.ewd.goldmark.org [72.64.118.114]) by mail.messagingengine.com (Postfix) with ESMTP id EA70014E9E; Mon, 2 Apr 2007 22:57:09 -0400 (EDT) In-Reply-To: <0875b56eeca4d320fd9fa7b0d940fce2@uni-svishtov.bg> References: <0875b56eeca4d320fd9fa7b0d940fce2@uni-svishtov.bg> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: multipart/signed; micalg=sha1; boundary=Apple-Mail-2--306667832; protocol="application/pkcs7-signature" Message-Id: From: Jeffrey Goldberg Date: Mon, 2 Apr 2007 21:57:01 -0500 To: Angelin Lalev X-Mailer: Apple Mail (2.752.2) X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: questions@freebsd.org Subject: Re: advice on anti-spam tools X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Apr 2007 02:57:11 -0000 --Apple-Mail-2--306667832 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed [mailed and posted] On Apr 2, 2007, at 5:28 PM, Angelin Lalev wrote: > Hi List, > > My e-mail server is running the latest spamassassin with all of the > blacklist enabled and etc. > but I still receive over 20 spam messages a day ("image" spam mostly). > The situation with other users may be worse. That's why I was > thinking about some tool that > 1. store incoming email > 2. send request to the sender of the message, requiring to go to > some address and enter the numbers (letters) > from image > 3. if the puzzle is solved in time (week or so) deliver the > message, otherwise delete it. > > Is there such tool(s) ? Most people with email administration experience (including me) think that such challenge/response systems are a bad idea. Others have mentioned some of the reasons. Many people have taken to doing OCR (Optical Character Recognition) on incoming email to try to filter out image spam. Personally, I don't think that that is a good use of resources, and that the spammers clearly have the upper hand in that battle. You may wish to look at the ImageInfo plug-in to spamassassin. Have you tried Bayesian learning with spamassassin? Also when you say "all of the black lists enabled" there still may be more that are useful. Look at the IP addresses of things that pass you spam and look them up at www.dnsbl.info to see which, if any, lists they are in. Consider using those lists. But more and more of the things that I am seeing aren't listed in any of those lists. I try to do as much blocking as early as possible (using SPF and sanity checks on the initial part of the SMTP session (reverse mapping of client IP, sane HELO values, etc). So I can do most of my rejections prior to ever having to pass mail to spamassassin. But on the whole, spam is an unsolved problem. And is well beyond the topic of this discussion list. I'd recommend that you look at something like a spamassassin mailing list. Sorry I can't be more helpful. -j -- Jeffrey Goldberg http://www.goldmark.org/jeff/ --Apple-Mail-2--306667832--