rejecting spam at SMTP time (was Re: Postfix anti-antivirus (was Re: [linux-elitists] etc))

Aaron Sherman ajs@ajs.com
Tue Sep 28 10:46:24 PDT 2004


On Tue, 2004-09-28 at 12:07, Andrew Kohlsmith wrote:
> On Tuesday 28 September 2004 11:59, Aaron Sherman wrote:
> > Between SPF and XBL/SBL I drop a ton of spam at the SMTP stage, but it's
> > still clogging my pipe.
> 
> I use rbldns-list.dsbl.org and cbl.abuseat.org and they work pretty decently.  
> I drop a *ton* of connections just based on IP with those two lists.

Those look like good lists. Have you had any complaints or noticed any
false positives?

> > I'm about to start looking into anti-virus milters that can ID the virus
> > before reading the whole message. It's getting pretty bad.
> 
> What gets through gets CLAM'd but it isn't done until I have the entire 
> message.  I realize that isn't what you're looking for but perhaps someone 
> else knows of a mail filter which uses CLAM as the message comes in?  I keep 
> some stats of the top virus senders/recipients and hosts...

What I'm planning to do is fairly spamassassin-like, but progressive
instead of based on the whole message. I may end up falling back on
something like bayes to do my score calculation (I don't like the
genetic algorithm approach, because it requires a central effort).

-- 
☎ 781-324-3772
✉ ajs@ajs.comhttp://www.ajs.com/~ajs




More information about the linux-elitists mailing list