Re: Spam filter softwareFrom: Peter H. Lemieux (email@example.com)
- Previous message: Dan Taylor Jr.: "Spam Filter Software User-User"
- In reply to: Marcus.Zoller: "Re: Spam filter software"
- Next in thread: David Chin: "Re: Spam filter software"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 6 Dec 2001 22:53:06 -0500 (EST) From: "Peter H. Lemieux" <firstname.lastname@example.org> To: "email@example.com" <firstname.lastname@example.org>
On Wed, 5 Dec 2001, Marcus.Zoller wrote:
> We are using the obtuse daemon. This is really a great tool but
> you need some time to configure it...
I've found that blocking hijackers of popular domains can cut down
enormously on spam. For instance, with the Obtuse daemon, I use rules
# exploits of legit domains
deny:ALL EXCEPT *hotmail.com:*hotmail.com:ALL
deny:ALL EXCEPT *home.com:*home.com:ALL
deny:ALL EXCEPT *yahoo.com:*yahoo.com:ALL
deny:ALL EXCEPT *aol.com:*aol.com:ALL
deny:ALL EXCEPT *eudoramail.com:*eudoramail.com:ALL
deny:ALL EXCEPT *excite.com:*excite.com:ALL
deny:ALL EXCEPT *msn.com:*msn.com:ALL
The rules format is "policy:sending server:from address:to address".
There are also powerful conditionals like EXCEPT. So the first rule says
to refuse any mail with a From address ending in hotmail.com unless it
comes from a server within the hotmail.com domain. Occasionally an MX
lookup indicates that you need to enable another server, as in the
I also use the Obtuse RBL patches and also have written a number of
regex-based rules to block relaying exploits uncovered by ORBS and its
offspring. They're all variations of this approach:
# Forbid addresses of the form email@example.com
(Items within slashes are regular expressions.)
Another place to control spam is /etc/procmailrc on the mailbox server,
though I use this more to block evil Outlook attachments.