Re: FWTK and smap/smapd

[Devdas Bhagat <devdas () worldgatein net>]

On 17/07/02 16:57 -0700, Dominik Miklaszewski wrote:
> Guys,
> These days spam gets really, annoying (timewise and costwise) from a busy admin
> standpoint..
> I run pair of sendmails with RBL  (ordb.org) feature turned on and two
> anti-virus SMTP behind them, it's been catching maybe 20-30% of that trash..
<snip>
> Here's the idea:
> 1. create a postmaster account on a Unix box and forward that spewage to it.
I assume that this is other than your regular postmaster account?

> 2. A cronjob would be running on these entities in postmaster's bucket parsing
> the "Received:" lines
Easier would be to pipe it to a script that does this job in real time
and adds names to a database. Build a DNSBL from this database at
regular intervals.

> 3. Input taken from 2. would be run against MX checking with the assumption that
> all those "DELIVERY FAILURE 55x:" are spewage.
Watch for valid MX records that never run mail servers, and Mx records
of RFC 1918 addresses (been getting some of those nowadays).

> 4. There'll be a black list created from 3. with all those IP's and domains that
> fail 3. checks.
Just add relays.osirusoft.com to your blackhole list. Catches half the
spam I get.
Google for IMGate, thats a very stringly antispam postfix config.
 
> I'm planning to let this process run and grow that black list to see what
> percentage of that crap I'd able to nail down..
>
> What do you think?
> Would it be easier to do with Exim/Smail/Postfix ?
Any of these, AFAIK. Just create your own DNSBL and use that.
 
> I'm sorry it's slightly off of that lists mainstream ..but since we have so
> lively discussion on different MTAs I dared to ask.
(Hey, Spam is just unwanted crap at the application level, so you are on
topic -- Application proxies do come under firewalls).

Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards