From owner-freebsd-questions@FreeBSD.ORG Wed Apr 4 03:23:48 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 069DB16A401 for ; Wed, 4 Apr 2007 03:23:48 +0000 (UTC) (envelope-from kline@tao.thought.org) Received: from tao.thought.org (dsl231-043-140.sea1.dsl.speakeasy.net [216.231.43.140]) by mx1.freebsd.org (Postfix) with ESMTP id 7798613C457 for ; Wed, 4 Apr 2007 03:23:47 +0000 (UTC) (envelope-from kline@tao.thought.org) Received: from tao.thought.org (localhost [127.0.0.1]) by tao.thought.org (8.13.8/8.13.1) with ESMTP id l343OZpw063351; Tue, 3 Apr 2007 20:24:35 -0700 (PDT) (envelope-from kline@tao.thought.org) Received: (from kline@localhost) by tao.thought.org (8.13.8/8.13.1/Submit) id l343OXfE063272; Tue, 3 Apr 2007 20:24:33 -0700 (PDT) (envelope-from kline) Date: Tue, 3 Apr 2007 20:24:32 -0700 From: Gary Kline To: Dan Nelson Message-ID: <20070404032432.GA13302@thought.org> References: <0875b56eeca4d320fd9fa7b0d940fce2@uni-svishtov.bg> <20070403044918.GH72689@dan.emsphone.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20070403044918.GH72689@dan.emsphone.com> User-Agent: Mutt/1.4.2.2i X-Organization: Thought Unlimited. Public service Unix since 1986. X-Of_Interest: Observing twenty years of service to the Unix community Cc: Angelin Lalev , freebsd-questions@freebsd.org Subject: Re: advice on anti-spam tools X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Apr 2007 03:23:48 -0000 On Mon, Apr 02, 2007 at 11:49:19PM -0500, Dan Nelson wrote: > In the last episode (Apr 03), Angelin Lalev said: > > My e-mail server is running the latest spamassassin with all of the > > blacklist enabled and etc. but I still receive over 20 spam messages > > a day ("image" spam mostly). > > > > The situation with other users may be worse. That's why I was > > thinking about some tool that > > > > 1. store incoming email > > 2. send request to the sender of the message, requiring to go to some > > address and enter the numbers (letters) from image > > 3. if the puzzle is solved in time (week or so) deliver the message, > > otherwise delete it. > > Chances are you would just be annoying innocent people with backscatter > email due to the forged addresses of most spam. > > You say you're running the latest spamassassin, but are you downloading > updated rulesets? All of the image/stock spam I get is caught by > spamassassin rules. Make sure you're running sa-update on a regular > basis and restarting spamd when an update is applied. Putting > > /usr/local/bin/sa-update && /usr/local/etc/rc.d/sa-spamd.sh restart > > in a nightly cron job should suffice, I think. I have also found > greylisting to be very effective. greylisting penalizes "unknown" smtp > sources by tempfailing the first message seen from them for 5 minutes. > Spammers usually don't spend resources queueing messages, so you never > see them again. Real mail servers retry the message, which gets > delivered. Subsequent messages from the same server come through > without delay because the source is "known". I use > ports/mail/milter-greylist , which lets you adjust the greylist period > and the whitelist timeout, and also can synch its database between > multiple servers if you're running in a clustered setup. > I've been experimenting with greylisting for months. Not sure the regular mail filter installs or not, but the devel version installed just now perfectly. Is there any tutorial on this or should I just re-read the man pages and other docs a few more times! From llooking at the config file in /usr/local/etc/mail, the "retry" seems to default to a #commented-out 1h. Sorry, but I have trouble parsing this kind of grammar: # How long a client has to wait before we accept # the messages it retries to send. Here, 1 hour. # May be overridden by the "-w greylist_delay" command line argument. #greylist 1h If you, Dan, or anyone else on-list could clue me in, I would be much obliged. (Once--and only once--I think I had greylisting working, but I screwed up my sendmail {or whatever} and yanked everything. After many hours, mail workedd, but I didn't re-install greylisting. It *did* cut down the SPAM considerably. It's time to retry. thanks much, gary > -- > Dan Nelson > dnelson@allantgroup.com > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -- Gary Kline kline@thought.org www.thought.org Public Service Unix