Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 9 Jan 2006 22:03:45 -0800
From:      "Ted Mittelstaedt" <tedm@toybox.placo.com>
To:        "jdow" <jdow@earthlink.net>, <danial_thom@yahoo.com>, "David Banning" <davidernest@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   RE: Spamcop listed - need help to diagnose why
Message-ID:  <LOBBIFDAGNMAMLGJJCKNCEEDFDAA.tedm@toybox.placo.com>
In-Reply-To: <038301c6153c$7bb246e0$1225a8c0@kittycat>

next in thread | previous in thread | raw e-mail | index | archive | help


>-----Original Message-----
>From: owner-freebsd-questions@freebsd.org
>[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of jdow
>Sent: Monday, January 09, 2006 8:48 AM
>To: danial_thom@yahoo.com; David Banning
>Cc: freebsd-questions@freebsd.org
>Subject: Re: Spamcop listed - need help to diagnose why
>
>
>Spam I sort through. With SpamAssassin scoring it's easy to find
>the low scores and concentrate on them. But somebody arrogant enough
>to spam me with a challenge for a message to a mailing list ends
>up on my procmail /dev/null rules. (I use fetchmail to grab mail
>and procmail to feed it to /var/spool/mail/<name> with stops along
>the way for SpamAssassin, ClamAv, and some random cleverness.)
>

Unfortunately, jdow, since your using this setup, the spammer has
already successfully delivered the mail to you.  The fact that you
delete the spam before reading makes no difference - the spammer
doesen't know that and thinks they have successfully delivered it.

Denying the spam before it's even accepted into the server is a
much better way.  Unfortunately, a content filter means you have to
read in the DATA section of the message to get material to filter.
However, there's been some experimental work done on content filter
systems that will read in the message then simply stop issuing TCP
acknowledgements before
closing, and log IP and refuse further communication from it.  The sender
times out with a network failure, and thinks the message was never
successfully delivered.  Pretty ugly stuff, though, violates all sorts
of application separation rules.

Ted




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LOBBIFDAGNMAMLGJJCKNCEEDFDAA.tedm>