From owner-freebsd-isp  Tue Feb 24 08:48:18 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA28581
          for freebsd-isp-outgoing; Tue, 24 Feb 1998 08:48:18 -0800 (PST)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from horst.bfd.com (horst.bfd.com [204.160.242.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA28576
          for <isp@FreeBSD.ORG>; Tue, 24 Feb 1998 08:48:16 -0800 (PST)
          (envelope-from ejs@bfd.com)
Received: from harlie.bfd.com (bastion.bfd.com [204.160.242.14])
	by horst.bfd.com (8.8.8/8.8.8) with SMTP id IAA17426;
	Tue, 24 Feb 1998 08:48:06 -0800 (PST)
	(envelope-from ejs@bfd.com)
Date: Tue, 24 Feb 1998 08:48:13 -0800 (PST)
From: "Eric J. Schwertfeger" <ejs@bfd.com>
Reply-To: "Eric J. Schwertfeger" <ejs@bfd.com>
To: Karl Pielorz <kpielorz@tdx.co.uk>
cc: isp@FreeBSD.ORG
Subject: Re: All about SPAM (again)...
In-Reply-To: <34EA122A.900DC69B@tdx.co.uk>
Message-ID: <Pine.BSF.3.96.980224083258.17745A-100000@harlie.bfd.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 17 Feb 1998, Karl Pielorz wrote:

> If anyone can reply (to me directly if they want to avoid the 'off-topic'
> calls) - What does everyone do with their SPAM? - I've seen numerous 'mail it
> to nospam@somewhere.com', install 'anti-spam' rules, join CAUSE etc.

Basically, I check out the headers, notify the admins of any sites that
are being used as relays, and in the rare case that it got through my spam
filters, I update my filter as appropriate.

> Do the Anti-Spam sendmail rules work? - What happens when say one of our
> customers mails (through us - being allowed by the rules to 'relay' through
> us) to another site, where the customer is hidden behind a mail-relay (for
> security reasons)? - Isn't the remotes sites anti-spam rules going to deny the
> mail? (as it was relayed at our end, and then re-relayed at the other?) - Or
> is part of these rules a re-write to make it appear the mail hasn't been
> 'relayed' at our end?

I've installed and modified the sendmail spam filters, and they reduced
the amount of spam I get from 10-20 a day to about 5 or 6 (would probably
be more, but I didn't include the relay DNS check or the vixie blackhole
stuff.

I then installed and modified junk.filter, a set of procmail rules, and
now only 1 or 2 messages a week make it past my filters.

As for modifying junk.filter, just look for the kinds of headers you see
only when someone is trying to hide their point of origin.  It's much
harder to block spam when the spammer doesn't care if you know who sent
it.  In fact, I just got an add for the "Rapid Fire Mail Server" which
makes no attempt to hide anything, but they still blew one header, so my
filters caught it, and always will, until they fix that one header, at
which point, the job becomes much harder.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message