Author: Suresh Ramasubramanian Date: To: exim-users CC: Johan Almqvist Subject: Re: [Exim] Using Exim on a large volume fallback MX
Johan Almqvist rearranged electrons thusly:
> I think Michael was more intrested in identifying spam that originated
> from his own users... Using DUL to block your users from your own mail
> server may not be such a good idea.
Earthlink _is_ doing port 25 filtering if I'm not mistaken (uunet has already
done it across several dialups ... there's still a _lot_ left though). That's
one option that'll cut down a lot on direct to MX spam (and on all the
h*h*h*@s3><yfUn.n37 h ybr is stuff <munged to avoid braindead virus filters
bouncing the mail ...)
> Limiting the maximum number of recipients for every message and the
> maximium number of messages per SMTP sessions are two possibilities, but
That is a definite possiblity - and you can set it to (say) 70 .. 100
recipients per message. Anyone who wants to send to more than that, you can
always point 'em to egroups (and work out some kind of deal with them as well)
;)
> you'll always stop some legit mail too... Tarpitting is a gentler aproach,
> but may also be less effective.
Teergrube / Tarpit is _not_ gentler - its brute force, because spammers know
enough to fly _just_ under the radar (and reset their smtp connections /
restart their mailer once in a while). Also, by the time you've done enough
teergrubing to make any dent in spam, you've got yourself one hell of a
crawling, unusable relay for your paying customers.
> Some really braindead spamming software sets specific headers, messages
> with those in them could be bounced (I don't think you should ever just
> let messages disappear).
How well would it scale on a setup like Earthlink's? Message body parsing can
get quite resource-intensive.