Dave's Free Press: Journal

violence, pornography, and rude words for the web generation

 

Recent posts

(subscribe)

Recently commented posts

(subscribe)

Journals what I read

geeky politics rant silly religion meta music perl weird drinking culture london language transport sport olympics hacking media maths web photography etiquette spam amazon film bastards books bryar holidays palm telecoms cars travel yapc bbc clothes rsnapshot phone whisky security home radio lolcats deafness environment curry art work privacy iphone linux bramble unix go business engineering kindle gps economics latin anglo-saxon money cars environment electronics
Wed, 14 Apr 2004

A spammy update

[warning: geeky]

Returning to one of my favourite topics - I've found several ways of decreasing my spam load dramatically. First, upgrade to the latest spamassassin, then add custom rules to block:

Then block mail from spammy domains and countries. In exim do something like this:

host_reject = +allow_unknown:*.ru:*.tw:*.cn:*.kr:*.aol.com:*.attbi.com:*.rr.com:

*.comcast.net:*.biz:*.info:*.ameritech.net:...

The list of domains I block like that is listed on my website. Those people aren't even allowed to connect, so don't chew my precious bandwidth sending shit only for spamassassin to later drop it in the bit bucket. Then, block people who claim to be you in their SMTP HELO. This is a common spammer technique, they think that by claiming to be me I'll let their shit through. Well no, it doesn't work like that. I know where mail claiming to be from me should be coming from, so can filter them out like so with an exim filter:

if ($sender_helo_name is "mydomain.com" or $sender_helo_name is "myotherdomain.co.uk") and

$sender_host_address is not "myIP" and

$sender_host_address is not "myOtherIP"

then

fail text "please to not be faking HELO"

seen finish

endif

which again prevents their mail really early on, so saving bandwidth. This is technically a violation of some RFC or other.

My next project will be to figure out a way of making SA or better exim aware of ASes, so I can more easily block whole swathes of IPs, and have my filters automagically update themselves when spamming scum get new IP ranges.

I also note that a German legislator is advocating jail time for spammers. And about time too. Yay Germany!

Posted at 00:04 by David Cantrell
Permalink

Archive