On Wed, 11 Jan 2012, Ken A wrote:
On 1/11/2012 11:51 AM, Dave Funk wrote:
On Wed, 11 Jan 2012, --[ UxBoD ]-- wrote:
The type of SPAM we are seeing is where legit companies are having
their adverts cloned and the hyperlinks changed to spammy sites.
sanesecurity hits many of these.
uri filters can also assist.. surbl, uribl
Bayes
Problem with all those methods is that they're reactive, will not hit
until -after- somebody has seen the bad crap and created filers,
RBL-lists, taught Bayes, etc.
The OP explicitly said that the first spam run was at 06:39 and by
06:42 it was hitting RBLs (pretty darned quick by my book;).
However he has some fussy customers who weren't understanding and
so was asking for a method of dealing with this.
Only one I could come up with was graylisting to defer the messages
until sanesecurity, uri filters, etc could catch them.
is being by-passed due to the content looking valid so it is coming
down to the IPs and domains. Had one yesterday where at 06:39 it was
received by one of our clients and at 06:42 it appeared on one of the
RBLs. I am guessing that it must have been a huge spam mailing that
hit a lot of honeypots and people all at once. Downside is not a happy
client ;(
Graylisting would be one answer to this particular senario.
However it has the downside of delaying legit messages.
Some clients seem to think that e-mail == IM and get PO'ed
if messages don't arrive with seconds of sending.
Actually had a faculty ask me how to set his T-bird to check for
new messages every -second-, didn't want to wait a minute. ;(
imap?
Yes, this is on an IMAP server but he was an impatient critter.
I just tossed that out as an illustration of how unreasonable/impatient
some people can be.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
