netbsd-help: Re: Sendmail and spam question

Subject: Re: Sendmail and spam question
To: None <netbsd-help@netbsd.org>
From: Wolfgang S. Rupprecht <wolfgang+gnus20030730T133115@wsrcc.com>
List: netbsd-help
Date: 07/30/2003 13:43:46

chuck+nbsd@2003.snew.com (Chuck Yerkes) writes:
> Quoting Wolfgang S. Rupprecht (wolfgang+gnus20030730T085014@wsrcc.com):
> > 
> > john@sixgirls.org (John Klos) writes:
> > > I've examined all of the spam I've received over the past few months, and
> > > it seems that around 75% of all of the spam that does get past my current
> > > filters (spamcop and orbd) would be blocked by #1, and that of all of the
> > > servers which connect with address literals, half would be rejected by #2.
> > > I have seen one false positive (the admin of the sending server was happy
> > > to add a DNS entry for his SMTP server), and no instance of legitimate
> > > email which came from a server which used an address literal.
> > 
> > One of the reasons I switched from sendmail to postfix was the
> > stronger checking of things like helo string.  If you are interested
> > in playing, I've got a slightly simplified example of what I run here
> > on this page:
> > 
> >         http://www.wsrcc.com/spam/
> > 
> > The helo string is checked for syntax (eg. has a dot) and if it passes
> > it is checked to make sure that the claimed hostname has an MX or A
> > record.  Postfix doesn't check the claimed name against the list of IP
> 
> And yet the RFCs say NOTHING about this being required.
> You can't lookup "foo.house.snew.com" as an internal only
> domain, yet a box I used to get a mail or two out in a pinch
> used that.

Over the last 77.4 days my 2-user machine got hit with 91,602 spam
messages.  Quite frankly, I couldn't care less what some RFC that
predates spam as a plaque has to say with respect to spam filtering.
It is triage time baby.  

If the sending site wasn't set up by someone that knew what they were
doing, it also has a high chance of being an open proxy or open relay.
I simply don't have time to sort through the >1000 messages per day to
find the small amount of mail from hosts that are badly setup yet
aren't spamming.

-wolfgang
-- 
Wolfgang S. Rupprecht 		     http://www.wsrcc.com/wolfgang/
(NOTE: The email address above is valid.  Edit it at your own peril.)