> Giuliano Gavazzi wrote:
> At 11:47 am +0000 2004/02/02, Martin Evans wrote:
> >Dear all,
> >
> >An anti-spam trick was suggested to me a few weeks ago by a colleague
> in >our university. The idea is that we add longish delays into the smtp
> >conversation if we suspect that the sender is a spammer. i.e. if the
> >sender is on an RBL list we add an acl like:
> >
> >accept dnslists = rbl-plus.mail-abuse.ja.net
> > delay = 1m
> >
> >My colleague has reported that this trick is successful at reducing the
> >amount of spam he sees being delivered into his department.
> >
>
> let me take this slightly off subject.. Inspired by this idea I am now
> delaying for each message that scores points at our server, unless of
> course the score is over the upper limit (10 usually) in which case it
> is rejected with no delay. A clean message should have 0 score and so
> suffer no delays. This approach avoids in part the problem of exhausting
> connections, as most spam scores higher than 10. There is a problem I
> noticed, with some legitimate messages I got the (broken) peer server
> give up, I think with a RSET or a QUIT, as I do not see anything
> anomalous in the logs, and repeatedly retry. I must admit I saw this
> only with one particuar server, but one would be too many if that one
> means many legitimate messages lost.
> This of course does not apply to delays for unknown users, that are
> quite safe and useful.
>
> So, keep an eye open on broken servers when applying delays based on
> score.
--
Not perfect, but I have found that most spam-warez tend to drop off during
the intial connection delay, or the delay to the helo command 220-OK.
I just watch the logs and for this activity and add those addresses to
the 'deny conections' listings.
--EAL--