[COLUG] another anti-spam link
Duane
duane at e164.org
Wed Nov 28 21:54:22 EST 2007
Rob Funk wrote:
> If I'm understanding this correctly (and I may not be), it seems to be an
> approximate superset of to using the RBLs of dynamically-allocated
> addresses; this looks like the generic rules would catch even
> statically-allocated addresses assigned my ISPs. But there are people
Most ISPs offering statically assigned IPs usually offer to set custom
PTR records as well.
> out there (I know at least two) who run legitimate mail servers from
> their homes yet have no control over their reverse-DNS lookup. (One of
> those I know doing this is technically violating his ISP's TOS, the other
> paid for a static address.)
This doesn't have anything to do with TOS's although it has the side
effect of potentially enforcing it. I'm really surprised they aren't
already having issues with RBLs due to this, because a couple of them
either take submissions, or actively add any/all ISP customer IP ranges
to back lists.
> But if their DNS doesn't change before they come back, they continue
> getting rejected on every retry. It would make sense if this were linked
Even soft errors will eventually be hard rejected by the sending MTA.
> with greylisting (whitelisting anyone who retries), but it doesn't appear
> to be.
Let me get this right, you advocate the use of RBLs, but not something
that works in a similar fashion? :)
This guys example also has a whitelist option, which has the effect of
also skipping postgrey, so no double whammy.
Oh and I forgot to mention the guy links to this page:
http://k2net.hakuba.jp/targrey/index.en.html
Which if I understand correctly adds a tar pit option to postgrey, and
if they hold the connection open for x seconds/minutes (defaults to 65)
it accepts the mail rather then delaying it, but also delays it if they
drop out before the tar pit timeout.
Actually he has a pretty graph on his site, at 65 seconds tar pitting
with postgrey he claims (july '07) 93% of spam was stopped, but at 121
seconds it stopped what looks like 100%.
Anyways, tar pitting + postgrey looks like what I was after previously,
which should have the effect of reducing greylisting times if they wait
out the 65 seconds, and it will also have the effect of slow the
spamming scum down, although I'm not sure at what cost in terms of
resources and potential DoS to my server, although the S25R stuff should
get most of it.
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Because e164.arpa is a tax on VoIP
"In the long run the pessimist may be proved right,
but the optimist has a better time on the trip."
More information about the colug432
mailing list