More on spamming..
Mario Valente mvalente at esoterica.pt
Wed Oct 1 12:29:45 CEST 1997
>>> I think, it's not a solution to build a frontier to the ISPs who are >>> housing such spammers. We must stop those spammers with commercial ideas >>> not with technical solutions such as filtering out IPs with as-path access >>> lists. >> >>Um, please read how the list works - it doesn't use as-path access list. >>It sends /32 routes (normally) for specific hosts which orginate spam, >>and transiently for specific relays currently being used to propogate >>spam. > >Well...how can I filter hosts out, which are connected dynamically. The >most spams I get, are from several IPs which are dial-up customers of (well >known) ISPs in USA. I'm going to describe once again how were dealing with spam. We've installed sendmail (latest) with several patches, namely the no relay patch (unless the host is listed as allowed to use the relay) and also patches for checking the existence of the From and To addresses. We have a daemon on the background scanning the mail log. We accept mail from everywhere, anyplace. As long as its one message at a time or within a reasonable interval. If a spam is detected (several incoming messages from the same domain, or from "weird domains" like cyberpromo.com, 344234.com, etc we just use the packet filtering capabilities of Linux to refuse packets from the incoming IP address doing the spam. About 15 minutes later the daemon cleans up the IP filters in existence and rescans the mail log. This means that an ongoing spam will be continually blocked. It also means that instead of refusing the message, or sending back an error, or whatever, the spammer thinks that the server is out of reach, the network is not working, the server is not responding, etc stopping him from retaliation measures like we had in the past from spammers who got mad with us stopping them with other techniques. Mail from every domain is always accepted, even from well known spammers. They are able to get messages through, as long as they arent patterned. If they are they will be able to send 4 or 5 of them, but them the server will be unreachable. C U! -- Mario Valente
[ lir-wg Archives ]