Subject: Re: OT: orbz.org - help needed
To: None <netbsd-users@netbsd.org>
From: David S. <davids@idiom.com>
List: netbsd-users
Date: 01/28/2002 13:45:45
> 
> I don't think we disagree.  My point-of-view is purely it's use in
> my personal mail filters.  If using it blocks the wrong thing,
> it's not accurate _for me_.
> 
> I like the idea of using RBL or Orbz to trigger a special filter though,
> and might give that a try.

The ISP I get e-mail through also gives me a shell account, so I can set
up procmail filters.  With procmail I use a program called "rblcheck"
which given an IP address does queries of various RBL-type services.
Originally I set things up so if one of those services blacklists the
source address of a particular e-mail, I just re-wrote the "Subject:"
line as "Subject: [SPAM] ..." and delivered it to my mail box.  

After a few months of watching how that worked, I realized that most of 
the SPAM-flagged  mail I was getting was HTML mail, and all the HTML mail
I was getting was indeed spam.  So that's first filter I use: if an RBL
site blacklists the source address, and the message has a 
"Content-Type: *text/html" header, I drop it.  (I also keep a log of
all messages, delivered or dropped.)

I also noticed that most spam wasn't addressed directly to me.  The "To:"
line usually had some phony address or "Undisclosed-Recipient".  That
provides the second filter: if one of my addresses or one of the mailing
lists I subscribe to isn't in the "To:" or "cc:" header, I /dev/null the
mail.  In my experience, the "legitimate" mail that some RBL service
blacklists is always addressed directly to me.

I've lately added rules to catch e-mails with bad "Message-ID"s, and I'm
considering adding other rules to catch variously bad headers.

This scheme doesn't stop all spam: anything addressed directly to me
still gets through, and I get spam sent to any of the mailing lists I
use.  But it catches enough to make it worth the effort.

David S.