SPAM (on list) was:Re: classiccmp list (sort of) help requested
Holger Veit
holger.veit at iais.fraunhofer.de
Fri Dec 15 04:23:57 CST 2006
Tom Watson schrieb:
> The growing problem with SPAM, etc..
>
> It was noted in one of the trade publications I looked at that a very effective
> check on SPAM was to confirm that the stream opened up to you (on your port 25)
> actually did a "conversation" with the remote player. It seems that the 'bots
> just open up port 25 and send (spew), and ignore the responses. Kinda like
> 'typeahead'. If you can sense this, it quashes some stuff (so I've been told).
> Another tact might be to see if the sender HAS a port 25 on their machine. I
> suspect that the 'bot machines don't.
>
> Just a couple of ideas.
>
> Unfortunately fixes like these require a deep diving into the SMTP mailer at
> the code level.
>
> ob. on topic.. Sendmail is over 10 years old (maybe that is the problem!)
>
>
If you have sendmail, have a look at "milter-sender" (google for it)
which intercepts the mail delivery conversation and checks for RFC
compliance. No need to hack sendmail.cf or the source.
Bots, as you correctly noted, do not care about correct SMTP dialogue.
They will be filtered out by milter-sender. Also, it can be configured
to also verify the incoming addresses at the remote MX (which is likely
not the bot, thus it will discard such unauthorized sendings as well). I
use it at our central mail gateway with good success, as the vast
majority of valid mail severs meanwhile are RFC compliant.
Holger
More information about the cctech
mailing list