Hello myname, Friday, August 22, 2003, 10:33:44 PM, you wrote:
m> Since I control the server where the mails are intitally received I m> can just block these spammers at the gate. I will get a list of all m> domains in the mail from , and create an Obviously spam domain list and m> then block these domains, If I am getting too many mails from these m> servers. This way I avoid all the trouble of receiving the mail on my m> local server and then scanning them No, that won't work because spammers typically spoof the "from" field - so you will end up blocking the innocent victims of the spammers. Since SpamAssassin also effectively stops many viruses, such as Sobig, if you don't have a separate virus scan before SpamAssassin, you will end up with all the stolen email addresses worms like Sobig & Klez use, too. If you want to do what you propose, you will need a program that verifies the spammer domain against the IP, via a reverse DNS check, and only blocks those that actually emanate from the domain. But I have to tell you, it will be a neverending task, because the spammers keep coming up with new domains. So it is doable - once you identify a persistent spammer, you can use the Sendmail access file to block them - but it will still affect a relatively small number of spammers. I have almost 1,000 lines with domains that are blocked via my access file, and out of more than 2000 lines in my log sendmail log file for the past 20 hours, only 21 emails were blocked that way - and I would guess that no more than 7 different spam domains were represented in that. That compares to 527 emails that were blocked because of open relay RBL listings, 139 that were identified as spam by Spamassassin, 84 that were cleared as non-spam by Spamassassin, plus probably at least 200-300 identified as spam or viruses by other filters on my system. I know it feels good to block some of these domains - that's why I do it -- but I figured out a long time ago that I was just working very hard to duplicate the information already compiled by various RBL lists. Basically, listing bad domains on a block list is the LEAST EFFECTIVE approach for me. However, I have had very good luck with a procmail recipe running ahead of Spamassassin that filters out all email with what I consider to be a "spammy" word in the domain name or from field -- words such as "offers" or "optin" or "deals". Those are wonderful because they catch the new domains the spammers come up with - (example from today: "smartlowmortgagecenter.com "). But you have to filter on those rather than block, because there is more of a chance of a false positive. You can, of course, also create a Spamassassin recipe to add points for the same thing, I just happen to use Spamassassin on the tail end of a lot of other filtering routines. -Abigail ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
