« Your outdated business model is not my problem
Your outdated business model is not my problem »

Spam Filtering

2007-12-24 18:39:31 0 Comments

I decided recently to check how much spam I was getting and to see if there was much I could do about it. So, I wrote some convoluted bash pipelines with some nice big regular expressions, and discovered that I was getting about 40 per day instead of the 2 or so that I was getting this time last year. Most of it was being taken care of by SpamAssassin and filtered into a Junk folder in my IMAP account before I saw them, but I decided I shouldn't have to waste any more CPU power on these morons.

Postfix, which is my mail server of choice at the moment, is very capable and can do all kinds of interesting things - though knowing how is handy. I did a bit of research, and after reading a few pages on the subject, I decided to implement something along the lines of this. Now,

Now, I appear to have dropped about 96 emails in 24 hours, of which about 80 would have got past the checks above (though quite a lot would have been dropped by being destined for invalid users), and no legimitate email has been rejected either. SpamAssassin still runs after the mail is accepted, but by dropping rubbish before it even gets to the DATA part of the SMTP conversation it doesn't run nearly so often which saves CPU time and memory on my server for other more important things (like serving this page to the 1 hit per month it gets).

  • Anyone who connects to my server has to present a valid HELO or EHLO before going any further. This kills about half the spam I get straight away. I've also started checking that people aren't using "localhost", "mgdm.net", my IP address or 127.0.0.1 as the HELO, and if they are Postfix will tell them to clear off.

  • All senders have to have a valid domain part in the return address. Now, this could go wrong if my DNS resolution falls over, or if the domain that is sending to me is having problems - but I consider it an acceptable trade-off.

  • I use some DNS real-time block lists to reject the IP addresses of known spam senders. At the moment, I have relays.ordb.org, lists.dsbl.org, sbl.spamhaus.org, and cbl.abuseat.org in use. The last one in that list seems to drop quite a lot of traffic, which is nice.

  • Checking to see that there are no funny characters in the address takes care of quite a lot too. I seem to get a lot of spam attempts to send to "@mgdm.net", which now definitely won't work (not that it did before).

0 responses to “Spam Filtering”

Feed for this Entry
  1. There are currently no comments.

Leave a Reply

About

User