At 11:47 am +0000 2004/02/02, Martin Evans wrote:
>Dear all,
>
>An anti-spam trick was suggested to me a few weeks ago by a colleague in
>our university. The idea is that we add longish delays into the smtp
>conversation if we suspect that the sender is a spammer. i.e. if the
>sender is on an RBL list we add an acl like:
>
>accept dnslists = rbl-plus.mail-abuse.ja.net
> delay = 1m
>
>My colleague has reported that this trick is successful at reducing the
>amount of spam he sees being delivered into his department.
>
let me take this slightly off subject.. Inspired by this idea I am
now delaying for each message that scores points at our server,
unless of course the score is over the upper limit (10 usually) in
which case it is rejected with no delay. A clean message should have
0 score and so suffer no delays. This approach avoids in part the
problem of exhausting connections, as most spam scores higher than 10.
There is a problem I noticed, with some legitimate messages I got the
(broken) peer server give up, I think with a RSET or a QUIT, as I do
not see anything anomalous in the logs, and repeatedly retry. I must
admit I saw this only with one particuar server, but one would be too
many if that one means many legitimate messages lost.
This of course does not apply to delays for unknown users, that are
quite safe and useful.
So, keep an eye open on broken servers when applying delays based on score.
Giuliano