Subject: Re: Ban the Spammer (hey that rhymes) RE: For Your Use (fwd)
To: Michael Graff <explorer@flame.org>
From: Wolfgang Rupprecht <wolfgang@wsrcc.com>
List: current-users
Date: 05/16/1998 10:51:46
Michael Graff writes:
> How hard would it be to add this to qmail?  I can't imagine it is that
> hard,

I'm told that there is an unofficial patch to run procmail over each
incoming msg.  This procmail is run during the SMTP phase, so SMTP can
blow off the sending site it there is something in the header it
doesn't like.

Seeing how none of the unofficial patches are ever incorporated into
qmail (NIH ???), its highly unlikely that something that execs another
program and adds quite a bit of code will make it into the mainstream,
audited and secure core of the qmail distribution.

> and I also can't imagine that filtering on "From " or "From:" can
> really catch spam...  people will just list lamer@aol.com or
> evenlamer@msn.com there.

The phoney "from" or "from: " detection is a cheap kill.  So is the
detection of the "X-UIDL", "X-PMDL", "Comments: autenticated sender is
<ha-ha>" etc.  I'm not sure why spammers are stupid enough to tag
their spam as spam, they just are.  I'm willing to make use of it to
rid myself of it.  

The best part of doing header checking is that it allows one to not
worry about open SMTP relays as much.  One can still detect much of
the spam coming from them.

John Nemeth <jnemeth@cue.bc.ca> writes:
> >      Having one MTA feed another is not only silly, but grossly
> > wasteful of resources.  However, it would be nice if homeworld didn't
> > run qmail, since it is grossly wasteful of bandwidth.

It also only adds the equivalent of one delivery load.  Lets say we
have a 1000-reader mailing list.  Having sendmail prescreen the
headers will only add one more MTA hand-off to the equation of 1000
MTA handoffs per message.  Not much of a CPU load.

It is someone grotty to have to maintain both a sendmail and qmail
setup.

-wolfgang
-- 
Wolfgang Rupprecht    <wolfgang@wsrcc.com>     http://www.wsrcc.com/wolfgang/
	  Never trust a program you don't have sources for.