[linux-elitists] Swen

Karsten M. Self kmself@ix.netcom.com
Sun Sep 21 23:45:10 PDT 2003


on Mon, Sep 22, 2003 at 07:48:59AM +0530, Raghavendra Bhat (ragu@asianetonline.net) wrote:
> James Morris posts:
> 
> >> Does anyone have a good procmail recipe for catching this one ? 
> >> I've managed to block 26MB of it (just for my account)
> 
> Dunno if  you are  downloading all the  `wormed' mails from  your POP3
> box.  For a  dial-up user, this is expensive.   Use Popsneaker instead
> to  delete  such  mails  from  the  server before  you  do  an  actual
> fetchmail.
> 
>             http://ixtools.de/popsneaker/

How is this used?

For starters, does it support whitelisting?  Does the logic allow for
branching and default actions?  Not that this solves the spam problem,
but it could cut a significant chunk off at the pass.

Say:

  - Accept anything that's from a whitelisted sender (_unless_ it's from
    a blacklisted server).
  - Peform a weighted analysis of remaining mails -- essentially
    SpamAssassin type logic, but applied just to the header.  In fact,
    running SA rules on the header would be a preferred mode.
  - Block known viruses.

The problem I have with tools like this is that they're ultimately
pretty limited.  Which means I either have to download a bunch of
questionable content, or manually vet the stuff that's left online.

With most POP systems, you're sort of stuck in a middle ground:  the
message has already been accepted for delivery.  You can't call up the
sending SMTP server and say "wups, I didn't mean to accept that".
Envelope sender and/or From: header may be invalid.  So the person
sending the message can't reliably be informed that you've rejected it,
and you can't reliably attempt to inform them of this without risking
spamming (and possibly Joe-jobbing) an innocent third party.

Moreover, the amount of POP storage the typical user has is small, and
requires constant monitoring.  I believe my current POP allocation is
5-10 MiB -- normally enough for a week or so's email.  In the past three
days, I've received 322 MiB of spam and viral mail -- I'd have to check
my pop account 22 times a day to keep from running over quota.  Or maybe
that's only 11 times....  And that's hours of download time.

Which means I've got few options for using POP based filters.  If I
reject enough email to keep my POP mailbox open, I can't proof the
results.  If I proof the results, I can't use effective filters.
Fortunatly I can bypass the issue by using s friend's cable modem for
high-speed connections

I'd far prefer a solution which rejected mail at SMTP time, was highly
configurable by me -- but had sane default settings, and which logged a
digest of activities -- messages rejected, by sender, subject lines.
Which I could look over once or twice a week.


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    Scandinavian Designs:  Cool furniture, affordable prices, great service,
    satisfied customer.                  http://www.scandinaviandesigns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20030922/b990798a/attachment.pgp 


More information about the linux-elitists mailing list