Re: VGER does gradual SPF activation (FAQ matter)

[Jesper Juhl]

On 12/06/06, David Miller <davem@xxxxxxxxxxxxx> wrote:
> From: Jeff Garzik <jeff@xxxxxxxxxx>
> Date: Mon, 12 Jun 2006 10:52:32 -0400
>
> > Create two simple web pages, one that shows the last 24 hours' worth of
> > LKML posts, and another one that shows the last 24 hours' worth of spam.
> >   Allow any user on the Internet to report an LKML post as spam, or
> > alternately, highlight a false positive as not-spam.  (perhaps generate
> > one of those wavy-text verify-you-are-a-human graphics)
> >
> > Then you, as admin, only have to click a button that accepts or rejects
> > the submission(s).  If you want to scan it yourself for false positives,
> > you just hit the same webpage as everybody else.
> >
> > That feedback is then fed into the bayesian system, to train it using
> > well-known methods.
>
> I like this idea a lot.

It's a lot more sane than SPF, that's for sure.

I'd suggest taking a look at DSPAM (http://dspam.nuclearelephant.com/)
for something like that.

But, there are also other, and even simpler, options.
I've personally found that using some of the build-in anti-spam
features in postfix can be used to stop a lot of spam with almost zero
impact on ham. While some of the features do affect some ham, there
are a few that almost never do, yet they stop quite a bit of spam :


 smtpd_client_restrictions =
   reject_unauth_pipelining

Reject the mail if the sending server tries to send SMTP commands
ahead of time without first checking if the server supports
pipelining.
I've only ever seen obvious spam sources being rejected by this.


 smtpd_helo_required = yes

Mail servers that can't be bothered to send any HELO/EHLO at all are
in my experience only spam sources.


 smtpd_helo_restrictions =
   reject_invalid_hostname,

This will reject mail from servers that send a hostname in HELO/EHLO
that has bad syntax or invalid characters. I've never seen this one
reject valid senders, but I have seen it reject a lot of spam sources.
Postfix also has other more strict checks you can enable on helo, but
those tend to reject too much valid mail.


 strict_rfc821_envelopes = yes

This rejects some spam from spambots that don't know how to generate a
proper mail. I've on occasion seen it hit valid senders, but very
rarely.


 smtpd_sender_restrictions =
   reject_non_fqdn_sender,
   reject_unknown_sender_domain

This will reject mail with senders without a fully qualified name as
well as sender addresses where the sender domain does not have an A or
MX record.
This stops a lot of spam on my servers and I've never had any problems
with it since what's the point of accepting a mail from somewhere that
you can't reply back to...


 smtpd_recipient_restrictions =
   reject_non_fqdn_recipient,
   reject_unknown_recipient_domain

Same as for senders, reject the mail if the recipient domain i not
fully qualified or the recipient domain has no A or MX record.


Implementing these things should have a minimum of impact on ham on
vger, but should stop a fair amount of spam - at least they do for me,
and my servers at work pass hundreds of thousands of messages daily
without users complaining about these settings and I can see in the
logs that they stop quite a lot of junk.


--
Jesper Juhl <jesper.juhl@xxxxxxxxx>
Don't top-post  http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please      http://www.expita.com/nomime.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/