[CLUE-Tech] The SPAM Wars '03
Dan Harris
coronadh at coronasolutions.com
Fri Feb 28 11:14:41 MST 2003
Mike Staver wrote:
>Ok, I've been fighting spam with serveral methods on my red hat box for
>a while now. I basically use 3 methods to keep it from bothering me in
>my /etc/mail/access file:
>
>1) Blocking individual email addresses:
>SharonS457 at yahoo.com REJECT
>
>2) Blocking entire domains:
>directmailorderbrides.com REJECT
>
>3) Blocking domains and using humor at the same time:
>sbase20.com 550 ALL YOUR BASE BELONG TO US
>sbase21.com 550 ALL YOUR BASE BELONG TO US
>sbase22.com 550 ALL YOUR BASE BELONG TO US
>sbase23.com 550 ALL YOUR BASE BELONG TO US
>
>I will admit, this does help cut down on the amount of spam that I get.
>But, it doesn't stop enough of it. So, I'd like to take even more
>drastic action in my sendmail config. Is there a way in the sendmail
>config to specify that I don't want emails allowed in that contain
>certain key words? Some obvious key words I'd love to keep out are:
>
>XXX
>Mortgage Rates
>Casino
>ADV:
>
>I realize that in rare cases, this would end up blocking some legitimate
>emails, but I think it's a risk I'm willing to take. Can anybody tell
>me if I can block that sort of thing using sendmail? I'd also like to
>block all incoming emails addressed to:
>
>Undisclosed.Recipients at fimble.com
>
>Is that possible?
>
>
Sure it's possible. You should learn something about procmail rules.
Basically you could write a fairly simple perl script (or language of
your choice) to pipe messages from procmail and reject based on
conditions you define, such as keywords or senders, etc.
What I've found to be very helpful for me is SpamAssassin. I have had 0
false-positives in the 6 months or so that we've been running it here.
And it catches about 1500 spams per month. This would be the easier
way for you to go but not quite as flexible as writing your own code.
My mailbox went from 30+ spams per day to 1 per week. It works.. :)
Another tool is to look at is the RBL (real-time blackhole list). This
is an internet-based database of known open-relays. Any of the major
MTA's (including Sendmail) can be configured to check sender against the
rbl before accepting mail.
-Dan
More information about the clue-tech
mailing list