Some anti-spam techniques (was Re: [plug] re: Email rules)

Peter Wright pete at flooble.net
Wed Feb 20 10:40:44 WST 2008


On 20/02 08:39:29, Jon L. Miller wrote:
> It is only from the outside that this rule needs to be applied.  If
> I send an e-mail that originated from a remote location from me to
> me then I want this to be quarantined as the only time these users
> are using this system is from inside.

Ah, then I misunderstood your original email - I'd thought you were
having a problem with Postfix dropping email that shouldn't be dropped.

But as some of the others have pointed out, the approach you're
suggesting is going to have such a low hit-rate (and a non-trivial
level of false-positives) as to be almost completely pointless.

I also agree that Spamassassin is almost useless nowadays - I suspect
it's actually used by some spammers to tune their emails so they pass.

My approach for my personal mailserver is a combination of two
blacklists, xbl.spamhaus.org and bl.spamcop.net - those two kill a
huge amount of spam before it ever gets to my filters. XBL in
particular is great, it's a collection of several respectable and
effective blocklists.

http://www.spamhaus.org/xbl/

I also use Bayesian filtering with bogofilter. This can be a bit
fiddly to set up - but if you have a decent collection of spam (and
non-spam, ie. "ham") to train it on, it's almost frighteningly
effective. And unlike Spamassassin, spammers can't really adjust their
email to get past a Bayesian filter.


Another technique which I've only recently been introduced to at my
workplace (and have set up for one client - they've been *very* happy
with the results so far) is greylisting. I wouldn't use it on my own
personal server (my other techniques work more than well enough), but
it does have the advantage of being *very* easy to set up, and
instantly effective.

http://www.kim-minh.com/pub/greyfix/
http://postgrey.schweikert.ch/

I really liked greyfix - I found the install instructions very easy to
follow, though I think postgrey is older and has more features.

Note that greylisting in general *will* require whitelisting for some
large ISPs (eg. both Optus and Bigpond). See http://dnswl.org/ for
that - specifically http://www.dnswl.org/tech#postfix for Postfix.

Also note that it's well worth reading about the disadvantages of
greylisting - http://en.wikipedia.org/wiki/Greylisting#Disadvantages

Though many formerly-spam-overrun office environments seem to consider
it a perfectly acceptable trade-off. ;)

> Jon

Pete.
-- 
The study of non-linear physics is like the study of non-elephant biology.



More information about the plug mailing list