[Techtalk] Spam solutions

Kathryn Andersen kat_lists at katspace.com
Sun Aug 22 10:56:13 EST 2004 

On Wed, Aug 18, 2004 at 06:46:53PM -0700, jennyw wrote:
> Spam is getting out of hand. Okay, it got out of hand a while ago, and now
> I'm finally getting around to going to the next level. Just wondering what
> interesting anti-spam solutions people have had good experiences with.
 
> FYI, I run Debian testing, postfix, courier-imap, and procmail. I use
> fetchmail to pick up e-mail (so there probably wouldn't be a point to using
> RBL -- also, I'm not sure about how much real e-mail those might block), but
> there's one I leave on the ISP server (in case my computer goes down), which
> is the one I use the filtering Perl script for. The e-mail clients I use are
> mutt (Linux), Mozilla Thunderbird (Mac OS X), and Outlook Express (Windows).
 
> The greylisting that Andrea mentioned recently looks every interesting, too,
> although I'd be curious how it works with things like TDMA (I've thought
> about implementing TDMA, too, but I'm hesitant due to the potential
> annoyance factor).

I used to use something similar (without the IMAP factor); now I've
changed it around a bit, with a multi-layer approach.
mailfilter, getmail, postfix, maildrop, spamassassin, tmda

First line of defence is mailfilter, a POP mailbox filter which deletes
undesirable mail from your mailbox(es) on your ISP before you have to
download them.  I've tried a few POP filters, but I've settled with this
one because it's easy to configure and it's fast.  The downside is that
it can only test against the mail headers (and mail size) and there's no
concept of AND-ing tests together.  So one can only use it as a
preliminary filter.  However, even that is helpful, as it can delete
things with known spamming subject lines, with HTML email, mail to
Undisclosed recipients or nothing in the To: line, or things that have a
Return-Path through known spaming organizations, and so on.

I tend to call this separately before I actually download, because it
also gives me a sort of preview as to how many messages I have.

I use getmail instead of fetchmail because fetchmail doesn't play
nice with TMDA.  I can't remember the precise details, but it couldn't
cope with the extra keyword stuff that TMDA used.  Ironic, because you
don't *actually* have to use all that stuff; tmda still has merits
without it (more on that later).

Getmail may not suit you, because it has to deliver to mailboxes
directly (if I recall correctly -- it's been a while since I set it up)
instead of through postfix (I just use postfix for sending, now) but
since there's only me, with two accounts (more on that later) then I
don't have any problems with that.

I use maildrop instead of procmail because it is *so* much simpler to
configure.  With procmail, I'd set up a recipe and then look at it six
months later and wonder what it means.  With maildrop, it's much more
straightforward, with actual things like "if"!

I call spamassassin from maildrop, because even though it isn't that
fast, it's still very good at nabbing spam.

Last in line is TMDA, but I don't use all the features.  Contrary to
popular belief, one *can* use TMDA without being obnoxious, and even
without whitelisting.  I do have a whitelist -- made up on my initial
install from addresses in my saved folders -- but that isn't my only use
for it.

First of all, I have two main accounts; one for mailing lists only, and
one for everything else.  These two have different TMDA setups.  Since I
know that the only legitimate mail to the mailing list address is (a)
mailing lists and (b) replies to posts, they are the only things that
get approved.  How does one know that a post is a reply?  (This is a
nifty thing)  First, you change your outgoing message-id (one can do
this with mutt; not sure how to do it with other mailers) so that it has
a recognisable string (like your username and your hostname together)
and then, if someone replies to your email, they will have an
"In-Reply-To" field with your sekretly-special message-id, which you can
then check for.

All other mail to the mailing-list address can then get held in the
"pending" queue, or bounced, or quietly deleted, depending on what you
want to do.

The other thing I use TMDA for is selective bouncing.  If one has a
"catchall" address, then I found I was getting email to things like
"sales" at my domain name, and I'd like to let people know that, no,
that email address *doesn't* exist, so I bounce it.

Kathryn Andersen
-=-=-=-=-=-=-=-=-
Old mail has arrived.
-- 
 _--_|\     | Kathryn Andersen	<http://www.katspace.com>
/      \    | 
\_.--.*/    | GenFicCrit mailing list <http://www.katspace.com/gen_fic_crit/>
      v     | 
------------| Melbourne -> Victoria -> Australia -> Southern Hemisphere
Maranatha!  |	-> Earth -> Sol -> Milky Way Galaxy -> Universe

More information about the Techtalk mailing list