BLTT :: spam

Effects on Bandwidth

Thu, 20 Jan 2005

Regarding the "Having Fun With Spammers" entry below:

Yes, the spammers eat my bandwidth, but it's not that much lately (there seem to be fewer spam trollers willing to get stuck in my ~~tarpit~~, er, friendly message generator lately...). Also, I don't pay for bandwidth on my server (it's a Verio VPS v2), so my fun may not be your fun.

[ category: /spam | link: 050120092047 ]

Current Spam Levels

Mon, 17 Jan 2005

I get a lot of people linking to this page, mostly because of the "Having Fun With Spammers" entry (2 down). Welcome!

For the rest of you looking for ways to stop spam, I offer my own techniques here, which have worked extremely well for me and everyone else on my server. I don't think that what I've done here would work for all people, but anyone running their own Sendmail can do quite a bit to cut out all the trash. ...

(read more...)

[ category: /spam | link: 050117114704 ]

Histospam Update

Wed, 11 Aug 2004

A histospam update:

20040719 => * (9)
20040720 =>  (3)
20040721 => * (5)
20040722 =>  (4)
20040723 => * (7)
20040724 => * (9)
20040725 => * (6)
...

(read more...)

[ category: /spam | link: 040811105918 ]

Fun Ways to Aggravate Spammers

Mon, 19 Jul 2004

Fun Ways to Aggravate Spammers: This entry falls under the "useless but fun to do" category of spam thwarting techniques.

Several months ago, I was scanning my Apache web logs for anything funny. I found entries like this:

xx.xx.xx.xx - - [27/Jan/2004:06:44:05 -0600] "POST /cgi-bin/formmail.pl HTTP/1.0" 403 307

...

(read more...)

[ category: /spam | link: 040719122710 ]

Histospam Update

Mon, 19 Jul 2004

Here's an updated (19 July 2004) histospam:

20040620 => ** (13)
20040621 => ** (14)
20040622 => ** (13)
20040623 => ** (13)
20040624 => ** (12)
20040625 => ** (11)    <=== sendmail milter-regex feature enabled on 25 June 2004
20040626 => * (7)
...

(read more...)

[ category: /spam | link: 040719105003 ]

Spam Fighting Tools

Fri, 25 Jun 2004

"There's some good in this world, and it's worth fightin' for!"

I want to point out that I'm also now using milter-regex with good success. The order of my spam utilities is:

DNSBL (rejects known spam hosts at connection time)
milter-greylist (makes unknown senders queue once and send again; this removes "fire-and-forget" spam; most spam is of this class and they never send again)

(read more...)

[ category: /spam | link: 040625111833 ]

Milter-Greylist

Tue, 15 Jun 2004

I've updated to the latest milter-greylist from FreeBSD ports (1.3.8). It has a new 'domain' whitelist option, which allows you to whitelist incoming connections from a particular domain (via double reverse DNS lookup). It also has a 'lazylaw' option which whitelists an IP instead of a sender/IP/recipient tuple. Also new is the 'dumpfreq' options which specifies how often to dump to the greylist database (i.e., if you're on a busy server, dumping for each transaction can become expensive). One final nice option is the 'timeout' option, which removes greylisted addresses after a certain period. ...

(read more...)

[ category: /spam | link: 040615081406 ]

Greylisting Cautions

Wed, 09 Jun 2004

It is worth noting that the greylisting might not be suitable for all applications. For example, the other day, someone complained that people who were trying to email him were getting bounces (the 4xx temporary errors). This means that if the sender is sending directly to the MTA from their MUA (where would this occur? If users are on the same server, for example), they (the person) will get the temporary failure message. They may not retry (humans are not RFC compliant and almost never read the error messages they receive).

The trick, I suppose, would be to make sure all your own clients are whitelisted. That would be hard on a large system with possibly roving people. I hear the new version (currently in development) has more ways to whitelist, etc. I'll review that when it goes stable.

[ category: /spam | link: 040609093745 ]

Milter-Greylist Rocks

Mon, 07 Jun 2004

I turned on milter-greylist today for my server and have noticed a remarkable decrease in spam. In fact, so far today I haven't receive any since it was turned on (I'm sure there will be some that will get through) but so far, so good.

Greylisting was something I invented, of course. I was sitting there thinking about the characteristics of SMTP conversations. There are really only three unique things for an SMTP conversation: the connecting IP address, the envelope sender (MAIL FROM) and the ...

(read more...)

[ category: /spam | link: 040607114827 ]

Humble Beginnings

Mon, 07 Jun 2004

I've made stopping spam a hobby now since 1999 since I first started playing with SpamAssassin and a variety of other programs to slow the flow of unwanted mail to my server.

My philosophy is that unwanted mail should never waste my server ...

(read more...)

[ category: /spam | link: 040607114821 ]

Better Living Through Thinking	home \| blog
Effects on Bandwidth Thu, 20 Jan 2005 Regarding the "Having Fun With Spammers" entry below: Yes, the spammers eat my bandwidth, but it's not that much lately (there seem to be fewer spam trollers willing to get stuck in my ~~tarpit~~, er, friendly message generator lately...). Also, I don't pay for bandwidth on my server (it's a Verio VPS v2), so my fun may not be your fun. [ category: /spam \| link: 050120092047 ] Current Spam Levels Mon, 17 Jan 2005 I get a lot of people linking to this page, mostly because of the "Having Fun With Spammers" entry (2 down). Welcome! For the rest of you looking for ways to stop spam, I offer my own techniques here, which have worked extremely well for me and everyone else on my server. I don't think that what I've done here would work for all people, but anyone running their own Sendmail can do quite a bit to cut out all the trash. ... (read more...) [ category: /spam \| link: 050117114704 ] Histospam Update Wed, 11 Aug 2004 A histospam update: 20040719 => * (9) 20040720 => (3) 20040721 => * (5) 20040722 => (4) 20040723 => * (7) 20040724 => * (9) 20040725 => * (6) ... (read more...) [ category: /spam \| link: 040811105918 ] Fun Ways to Aggravate Spammers Mon, 19 Jul 2004 Fun Ways to Aggravate Spammers: This entry falls under the "useless but fun to do" category of spam thwarting techniques. Several months ago, I was scanning my Apache web logs for anything funny. I found entries like this: xx.xx.xx.xx - - [27/Jan/2004:06:44:05 -0600] "POST /cgi-bin/formmail.pl HTTP/1.0" 403 307 ... (read more...) [ category: /spam \| link: 040719122710 ] Histospam Update Mon, 19 Jul 2004 Here's an updated (19 July 2004) histospam: 20040620 => (13) 20040621 => (14) 20040622 => (13) 20040623 => (13) 20040624 => (12) 20040625 => (11) <=== sendmail milter-regex feature enabled on 25 June 2004 20040626 => * (7) ... (read more...) [ category: /spam \| link: 040719105003 ] Spam Fighting Tools Fri, 25 Jun 2004 "There's some good in this world, and it's worth fightin' for!" I want to point out that I'm also now using milter-regex with good success. The order of my spam utilities is: DNSBL (rejects known spam hosts at connection time) milter-greylist (makes unknown senders queue once and send again; this removes "fire-and-forget" spam; most spam is of this class and they never send again) ... (read more...) [ category: /spam \| link: 040625111833 ] Milter-Greylist Tue, 15 Jun 2004 I've updated to the latest milter-greylist from FreeBSD ports (1.3.8). It has a new 'domain' whitelist option, which allows you to whitelist incoming connections from a particular domain (via double reverse DNS lookup). It also has a 'lazylaw' option which whitelists an IP instead of a sender/IP/recipient tuple. Also new is the 'dumpfreq' options which specifies how often to dump to the greylist database (i.e., if you're on a busy server, dumping for each transaction can become expensive). One final nice option is the 'timeout' option, which removes greylisted addresses after a certain period. ... (read more...) [ category: /spam \| link: 040615081406 ] Greylisting Cautions Wed, 09 Jun 2004 It is worth noting that the greylisting might not be suitable for all applications. For example, the other day, someone complained that people who were trying to email him were getting bounces (the 4xx temporary errors). This means that if the sender is sending directly to the MTA from their MUA (where would this occur? If users are on the same server, for example), they (the person) will get the temporary failure message. They may not retry (humans are not RFC compliant and almost never read the error messages they receive). The trick, I suppose, would be to make sure all your own clients are whitelisted. That would be hard on a large system with possibly roving people. I hear the new version (currently in development) has more ways to whitelist, etc. I'll review that when it goes stable. [ category: /spam \| link: 040609093745 ] Milter-Greylist Rocks Mon, 07 Jun 2004 I turned on milter-greylist today for my server and have noticed a remarkable decrease in spam. In fact, so far today I haven't receive any since it was turned on (I'm sure there will be some that will get through) but so far, so good. Greylisting was something I invented, of course. I was sitting there thinking about the characteristics of SMTP conversations. There are really only three unique things for an SMTP conversation: the connecting IP address, the envelope sender (MAIL FROM) and the ... (read more...) [ category: /spam \| link: 040607114827 ] Humble Beginnings Mon, 07 Jun 2004 I've made stopping spam a hobby now since 1999 since I first started playing with SpamAssassin and a variety of other programs to slow the flow of unwanted mail to my server. My philosophy is that unwanted mail should never waste my server ... (read more...) [ category: /spam \| link: 040607114821 ] Previous 10 entries Home \| Blog Home \| About BLTT Copyright 2005, Scott Wiersdorf	Audio Broadcast (standby) Moon Status Phase: 37.23% Illuminated: 84.74% Age (days): 10.99 Tue May 21 13:35:57 MDT 2013 Categories util (1) histospam - a spam histogram from procmail logs

Better Living Through Thinking

Thu, 20 Jan 2005

Mon, 17 Jan 2005

Wed, 11 Aug 2004

Mon, 19 Jul 2004

Mon, 19 Jul 2004

Fri, 25 Jun 2004

Tue, 15 Jun 2004

Wed, 09 Jun 2004

Mon, 07 Jun 2004

Mon, 07 Jun 2004

Audio Broadcast

Moon Status

Categories

util (1)