Eric Johnson wrote:
Most of the spam I am seeing these days either comes from Hotmail
(nearly all are Nigerian spams), through mailing lists such as the
OpenBSD lists, or from accounts on other servers.
Greylisting on my mail machine has cut down my spam load drastically.
Plus, when a spam does get through, I typically blacklist the IP
addresses originating the spam.
For example, when someone spams through this list, I go through the
headers to find the originating address and add the IP address (the
entire /24 if it appears to be a dsl, cable, dialup, wireless, other
address pool, or if there is no reverse lookup available) to the
internal blacklist.
As for the Hotmail spams, every once in a while I go through the headers
in the ones I received that day and look for the X-Originating-IP header
added by Hotmail. Then, I use that header to filter out anything
comming from them using procmail.
For example, we have recieved a number of Nigerian spams from hotmail
originating in various 82.169.149/24 addresses and so the following is
used to filter anything coming from them into a separate spam folder
that the users can check if they wish for errors.
:0
* ^Received:.*hotmail\.com
* ^X-Originating-IP: \[82\.169\.149
user_imap_files/spam
where user_imap_files is a directory in the users home directory. If
they add user_imap_files as their imap directory in their mail client,
then they can peruse their spam folder. A cron job on the first day of
each month deletes the spam-lastmonth file from the directory, renames
spam to spam-lastmonth, and creates a new spam file for them.
To the best of my knowledge, we have never had a false positive on this
check.
I've considered adding additional measures for when something gets past
spamd. But so little gets that far that it's not an issue right now. If
it becomes one I'll probably use relaydb with SpamAssassin or something
similar.
--
Darrin Chandler | Phoenix BSD Users Group
[EMAIL PROTECTED] | http://bsd.phoenix.az.us/
http://www.stilyagin.com/ |
