Re: [fw-wiz] FWTK and smap/smapd

From: Brian Hatch (firewall-wizards@ifokr.org)
Date: 07/17/02


From: Brian Hatch <firewall-wizards@ifokr.org>
To: Roger Marquis <marquis@roble.com>
Date: Wed Jul 17 17:44:19 2002



> >Much of the spam I used to receive came from forged hotmail.com accounts.
> >Very little spam actually comes from hotmail, so I don't want to just block
> >them since there are some legitimate correspondents of mine that use their
> >mail (heck, I use a hotmail address sometimes when I'm on the road..)
>
> Ron Guilmette has patches that do this for Postfix at
> <http://www.monkeys.com/anti-spam/filtering/additions.html>. I
> tried them but had too many false positives, even for the commonly
> forged domains like hotmail. They did catch some spam though it
> never more than 2 or 3% of the daily filtered total.

SpamAssassin (which is usually called from your delivery agent,
not your MTA) does catch these forgeries with very good accuracy.
You might want to give it a try.

--
Brian Hatch                  If you think there
   Systems and                there is good in
   Security Engineer          everyone, you
www.hackinglinuxexposed.com   haven't met everyone.
Every message PGP signed