Subject: Re: OT: orbz.org - help needed
To: None <netbsd-users@netbsd.org>
From: David S. <davids@idiom.com>
List: netbsd-users
Date: 01/28/2002 13:45:45
>
> I don't think we disagree. My point-of-view is purely it's use in
> my personal mail filters. If using it blocks the wrong thing,
> it's not accurate _for me_.
>
> I like the idea of using RBL or Orbz to trigger a special filter though,
> and might give that a try.
The ISP I get e-mail through also gives me a shell account, so I can set
up procmail filters. With procmail I use a program called "rblcheck"
which given an IP address does queries of various RBL-type services.
Originally I set things up so if one of those services blacklists the
source address of a particular e-mail, I just re-wrote the "Subject:"
line as "Subject: [SPAM] ..." and delivered it to my mail box.
After a few months of watching how that worked, I realized that most of
the SPAM-flagged mail I was getting was HTML mail, and all the HTML mail
I was getting was indeed spam. So that's first filter I use: if an RBL
site blacklists the source address, and the message has a
"Content-Type: *text/html" header, I drop it. (I also keep a log of
all messages, delivered or dropped.)
I also noticed that most spam wasn't addressed directly to me. The "To:"
line usually had some phony address or "Undisclosed-Recipient". That
provides the second filter: if one of my addresses or one of the mailing
lists I subscribe to isn't in the "To:" or "cc:" header, I /dev/null the
mail. In my experience, the "legitimate" mail that some RBL service
blacklists is always addressed directly to me.
I've lately added rules to catch e-mails with bad "Message-ID"s, and I'm
considering adding other rules to catch variously bad headers.
This scheme doesn't stop all spam: anything addressed directly to me
still gets through, and I get spam sent to any of the mailing lists I
use. But it catches enough to make it worth the effort.
David S.