From owner-freebsd-questions@FreeBSD.ORG Tue Jan 10 06:05:17 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 16CE216A41F for ; Tue, 10 Jan 2006 06:05:17 +0000 (GMT) (envelope-from tedm@toybox.placo.com) Received: from mail.freebsd-corp-net-guide.com (mail.web-strider.com [65.75.192.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 482F343D48 for ; Tue, 10 Jan 2006 06:05:16 +0000 (GMT) (envelope-from tedm@toybox.placo.com) Received: from tedwin2k (nat-rtr.freebsd-corp-net-guide.com [65.75.197.130]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id k0A67HP65142; Mon, 9 Jan 2006 22:07:17 -0800 (PST) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "jdow" , , "David Banning" Date: Mon, 9 Jan 2006 22:03:45 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 In-Reply-To: <038301c6153c$7bb246e0$1225a8c0@kittycat> Importance: Normal Cc: freebsd-questions@freebsd.org Subject: RE: Spamcop listed - need help to diagnose why X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jan 2006 06:05:17 -0000 >-----Original Message----- >From: owner-freebsd-questions@freebsd.org >[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of jdow >Sent: Monday, January 09, 2006 8:48 AM >To: danial_thom@yahoo.com; David Banning >Cc: freebsd-questions@freebsd.org >Subject: Re: Spamcop listed - need help to diagnose why > > >Spam I sort through. With SpamAssassin scoring it's easy to find >the low scores and concentrate on them. But somebody arrogant enough >to spam me with a challenge for a message to a mailing list ends >up on my procmail /dev/null rules. (I use fetchmail to grab mail >and procmail to feed it to /var/spool/mail/ with stops along >the way for SpamAssassin, ClamAv, and some random cleverness.) > Unfortunately, jdow, since your using this setup, the spammer has already successfully delivered the mail to you. The fact that you delete the spam before reading makes no difference - the spammer doesen't know that and thinks they have successfully delivered it. Denying the spam before it's even accepted into the server is a much better way. Unfortunately, a content filter means you have to read in the DATA section of the message to get material to filter. However, there's been some experimental work done on content filter systems that will read in the message then simply stop issuing TCP acknowledgements before closing, and log IP and refuse further communication from it. The sender times out with a network failure, and thinks the message was never successfully delivered. Pretty ugly stuff, though, violates all sorts of application separation rules. Ted