Karsten M. Self
Sun Sep 21 23:45:10 PDT 2003
on Mon, Sep 22, 2003 at 07:48:59AM +0530, Raghavendra Bhat (email@example.com) wrote:
> James Morris posts:
> >> Does anyone have a good procmail recipe for catching this one ?
> >> I've managed to block 26MB of it (just for my account)
> Dunno if you are downloading all the `wormed' mails from your POP3
> box. For a dial-up user, this is expensive. Use Popsneaker instead
> to delete such mails from the server before you do an actual
How is this used?
For starters, does it support whitelisting? Does the logic allow for
branching and default actions? Not that this solves the spam problem,
but it could cut a significant chunk off at the pass.
- Accept anything that's from a whitelisted sender (_unless_ it's from
a blacklisted server).
- Peform a weighted analysis of remaining mails -- essentially
SpamAssassin type logic, but applied just to the header. In fact,
running SA rules on the header would be a preferred mode.
- Block known viruses.
The problem I have with tools like this is that they're ultimately
pretty limited. Which means I either have to download a bunch of
questionable content, or manually vet the stuff that's left online.
With most POP systems, you're sort of stuck in a middle ground: the
message has already been accepted for delivery. You can't call up the
sending SMTP server and say "wups, I didn't mean to accept that".
Envelope sender and/or From: header may be invalid. So the person
sending the message can't reliably be informed that you've rejected it,
and you can't reliably attempt to inform them of this without risking
spamming (and possibly Joe-jobbing) an innocent third party.
Moreover, the amount of POP storage the typical user has is small, and
requires constant monitoring. I believe my current POP allocation is
5-10 MiB -- normally enough for a week or so's email. In the past three
days, I've received 322 MiB of spam and viral mail -- I'd have to check
my pop account 22 times a day to keep from running over quota. Or maybe
that's only 11 times.... And that's hours of download time.
Which means I've got few options for using POP based filters. If I
reject enough email to keep my POP mailbox open, I can't proof the
results. If I proof the results, I can't use effective filters.
Fortunatly I can bypass the issue by using s friend's cable modem for
I'd far prefer a solution which rejected mail at SMTP time, was highly
configurable by me -- but had sane default settings, and which logged a
digest of activities -- messages rejected, by sender, subject lines.
Which I could look over once or twice a week.
Karsten M. Self <firstname.lastname@example.org> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
Scandinavian Designs: Cool furniture, affordable prices, great service,
satisfied customer. http://www.scandinaviandesigns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20030922/b990798a/attachment.pgp
More information about the linux-elitists