[Mimedefang] How to trap this spam
Lucas Albers
admin at cs.montana.edu
Tue Jan 6 21:55:34 EST 2004
Bill Maidment said:
> Well I have used a range of extra SA filters and that has improved the
> situation greatly. However, the spammers have tidied up the Subject
> header and the spam is slipping through again (sigh!).
>
> I tried greylisting for a while with terrific results, until I came
> across 3 problems that upset the whole thing.
> 1. email coming in through secondary MX nearly always got through as it
> all had the same relay address.
> 2. mail from ozemail was being resent every 5 seconds, so it never got
> through with the 30 second minimum
> 3. mail from yahoo was resent from a different relay, so it never got
> through.
>
U need a maximum reject time.
I reject for a maximum of 3 minutes on any new ip address.
You need to configure it so there is a maximum penalty time...
You could then assign a penalty for machines that reconnect within 30
seconds of the initial connect, and then up the penalty to your maximum
penalty time.
So your worst offenders could be delayed up to 15 minutes as a maximum
delay time.
You greylist on the ip address of the sending machine, correct?
So how does it slip by on a secondary mx?
--luke
More information about the MIMEDefang
mailing list