Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 21 Mar 2009 08:32:29 +0000
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        freebsd-chat@freebsd.org, kdk@daleco.biz
Subject:   Re: spamassassin helps lots, but I'm tired of sorting the	backscatter ; -)
Message-ID:  <49C4A61D.1050102@infracaninophile.co.uk>
In-Reply-To: <200903202240.n2KMe1Re007705@lurza.secnetix.de>
References:  <200903202240.n2KMe1Re007705@lurza.secnetix.de>

next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigCEFEBFA459F523D2199704F4
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable

Oliver Fromme wrote:
> Kevin Kinsey wrote:
>  > Anybody got a good way to send an automagic Ping'o'death
>  > to a spammer's computer?  Maybe there's a "kick butt"
>  > plugin for AmavisD?
>=20
> Note that, in most cases, it is very difficult to identify
> the real source of the spammer.  The "From" header line
> and the envelope sender address usually do not point to
> the spammer.  Trying to shoot back to those is a very bad
> idea.
>=20
> The only reasonable thing you can do with spam is drop it
> to /dev/null.  If it makes you feel better, you can create
> a symlink /dev/painful_death -> /dev/null and instruct
> your mail filter to drop spam there instead.

Not so.  The best thing you can do about spam is refuse to accept it
during the SMTP dialogue stage.  This has two beneficial effects.

    * It allows you to visibly reject the spam without causing
      backscatter
    * It may well result in bounce-o-grammes being sent to the admins
      of compromised systems. (Not always -- but I've seen a trend
      for some botnet zombies to send outgoing spam via their usual
      mail relays rather than directly)

The second best thing you can do is take your own sweet time over
processing incoming spam messages.  Contrary to all appearances,
there are still more people targeted by spam than there are spam
sources.  Spammers get paid for pumping out millions of messages.
Any simple way there is of slowing down that traffic will lower
their income or raise their marginal costs and it won't take too
much to put at least a few of them out of business.  Tarpitting
or teergrube does that and can tie up a dozen or more spam senders
at a time without killing the performance of your own mail systems.

For the latter task, I can most heartily recommend obspamd (net/spamd
spamd(8) -- not to be confused with the spamd(1) program which is part
of spamassassin.  My only complaint is that it does not understand
IPv6)

	Cheers

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW


--------------enigCEFEBFA459F523D2199704F4
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREIAAYFAknEpiYACgkQ8Mjk52CukIzTRACfc17Rw6Rq9sA3EUGK3kj01wwp
BVIAn0x7I0wXfK3mSo3nxo/+ajgS6Gei
=gt1J
-----END PGP SIGNATURE-----

--------------enigCEFEBFA459F523D2199704F4--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49C4A61D.1050102>