Re: another interesting spam trick...

From: Craig Sanders (no email)
Date: Thu Nov 01 2001 - 02:06:41 EST

Next message: Todd: "Re: Allowed RCPT domains"
Previous message: Ralf Hildebrandt: "Re: Allowed RCPT domains"
Maybe in reply to: Ralf Hildebrandt: "Re: another interesting spam trick..."
Next in thread: Greg A. Woods: "Re: another interesting spam trick..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Wed, Oct 31, 2001 at 08:17:45PM -0800, Ronald F. Guilmette wrote:
> The numero uno way to get rid of the majority of all spam, at present,
> is to use one or more good quality open relay blocking lists, like for
> example ordb.org.

almost correct.

the number one best way of blocking spam is to reject mail from
non-existant domains. the stats i derive from the logs of several mail
servers consistently show that blocking mail from non-existent domains
blocks significantly more spam than other rules, and often more than all
other rules combined.

obviously, spammers have severe learning difficulties.

the second best way is, as you say, to use one or more of the dnsrbls.

e.g. rejection stats for one of my mail servers for the last few days:

# spam-stats.pl
      1 Local access rule: reject
     10 Local access rule: Client host rejected
     78 Local access rule: Helo command rejected
    130 Recipient address rejected
    215 body checks
    235 RBL dialups.relays.osirusoft.com
    787 RBL inputs.relays.osirusoft.com
   1122 Need FQDN address
   2800 Relay access denied
   2896 Local access rule: Sender address rejected
   3247 User unknown
   4501 header checks
   5993 RBL relays.ordb.org
  21308 Bad pipelining
  37991 Domain Not Found

81314 TOTAL

postfix's "bad pipelining" check sometimes gets a lot. sometimes not.
depends on which spammers are currently operating and what tricks
they're trying. it has been unusually popular this week.

and, for comparison purposes, last week's rejection stats for the same
mail server:

# spam-stats.pl /var/log/mail.log.0
      5 Local access rule: reject
     13 Local access rule: Client host rejected
     42 Recipient address rejected
    212 Local access rule: Helo command rejected
    377 body checks
    508 RBL dialups.relays.osirusoft.com
    821 RBL inputs.relays.osirusoft.com
   1100 Need FQDN address
   1870 Local access rule: Sender address rejected
   2373 Relay access denied
   2831 Bad pipelining
   4191 User unknown
   5927 header checks
   8090 RBL relays.ordb.org
  11218 Domain Not Found

39578 TOTAL

> The next best way to get rid of spam is to block known sources, which
> can be done using MAPS RBL, or SPEWS, or the domain-based blocking
> lists that I publish.

yep.

craig

-- 
craig sanders <>
Fabricati Diem, PVNC.
 -- motto of the Ankh-Morpork City Watch
-
To unsubscribe, send mail to  with content
(not subject): unsubscribe postfix-users

Next message: Todd: "Re: Allowed RCPT domains"
Previous message: Ralf Hildebrandt: "Re: Allowed RCPT domains"
Maybe in reply to: Ralf Hildebrandt: "Re: another interesting spam trick..."
Next in thread: Greg A. Woods: "Re: another interesting spam trick..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Invaluement Anti-Spam DNSBLs