BLTT :: spam/040625111833.html

Spam Fighting Tools

Fri, 25 Jun 2004

"There's some good in this world, and it's worth fightin' for!"

I want to point out that I'm also now using milter-regex with good success. The order of my spam utilities is:

DNSBL (rejects known spam hosts at connection time)
milter-greylist (makes unknown senders queue once and send again; this removes "fire-and-forget" spam; most spam is of this class and they never send again)
milter-regex (allows you to scan various parts of the incoming message and take action)
clamav (scans for known viruses and worms; milter-greylist and DNSBL also remove some of these. Did I mention I maintain two clamav mirrors? I also wrote the ClamAV Database Search. Yay me.)
procmail (a few custom rules catch nearly all of the few spams that get through)

milter-regex is very tiny and well-written; it's obvious the author is a competent programmer. Of the 10 to 15 spams I receive now (of which nearly all are caught by my procmail rules), about 3/4 of them contain either high-ascii (8-bit ascii) characters or have Big5 MIME encoded headers.

I've made a policy on my server to reject high-ascii messages completely (they're non-RFC, for crying out loud; there are legitimate ways to encode things), so milter-regex has been useful in rejecting these kinds of messages.

The nice thing about running milter-regex after milter-greylist is that all incoming spam is then known to come from a legitimate MTA (which will accept bounces, etc.). This way I'm fairly certain that the sender receives my MTA's rejection notice (currently a derogatory "Eye doo naught speek Ingrish"), and I'm completely certain that the message never reaches my server. That's a good feeling.

[ category: /spam | link: 040625111833 ]

Better Living Through Thinking	home \| blog
Spam Fighting Tools Fri, 25 Jun 2004 "There's some good in this world, and it's worth fightin' for!" I want to point out that I'm also now using milter-regex with good success. The order of my spam utilities is: DNSBL (rejects known spam hosts at connection time) milter-greylist (makes unknown senders queue once and send again; this removes "fire-and-forget" spam; most spam is of this class and they never send again) milter-regex (allows you to scan various parts of the incoming message and take action) clamav (scans for known viruses and worms; milter-greylist and DNSBL also remove some of these. Did I mention I maintain two clamav mirrors? I also wrote the ClamAV Database Search. Yay me.) procmail (a few custom rules catch nearly all of the few spams that get through) milter-regex is very tiny and well-written; it's obvious the author is a competent programmer. Of the 10 to 15 spams I receive now (of which nearly all are caught by my procmail rules), about 3/4 of them contain either high-ascii (8-bit ascii) characters or have Big5 MIME encoded headers. I've made a policy on my server to reject high-ascii messages completely (they're non-RFC, for crying out loud; there are legitimate ways to encode things), so milter-regex has been useful in rejecting these kinds of messages. The nice thing about running milter-regex after milter-greylist is that all incoming spam is then known to come from a legitimate MTA (which will accept bounces, etc.). This way I'm fairly certain that the sender receives my MTA's rejection notice (currently a derogatory "Eye doo naught speek Ingrish"), and I'm completely certain that the message never reaches my server. That's a good feeling. [ category: /spam \| link: 040625111833 ] Home \| Blog Home \| About BLTT Copyright 2005, Scott Wiersdorf	Audio Broadcast (standby) Moon Status Phase: 47.73% Illuminated: 99.49% Age (days): 14.10 Mon Feb 6 23:38:57 MST 2012

Better Living Through Thinking

Spam Fighting Tools

Fri, 25 Jun 2004

Audio Broadcast

Moon Status