From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <42fdfb261c4e837f5179c2fcafdaae30@csplan9.rit.edu> To: 9fans@9fans.net Date: Sat, 10 Jan 2009 14:41:45 -0500 From: john@csplan9.rit.edu In-Reply-To: <56f6e94ee07d87b86ea8389e2fd461b1@coraid.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Subject: Re: [9fans] dealing with spam Topicbox-Message-UUID: 7f75e4e4-ead4-11e9-9d60-3106f5b1d025 > On Thu Jan 8 14:59:57 EST 2009, slawmaster@gmail.com wrote: >> Starting today, my account on my Plan 9 server has been getting tons >> of "free coupons", "free Dell XPS", "Student loans!" spam, apparently >> from one operator, since every domainname is in the form >> .com or , like eggnavajo.com, >> rosydeer.com, etc. It's so annoying that I may shut down my server for >> a bit until I figure out what's up. >> >> What are my options for getting rid of this? People who run Plan 9 >> mail servers, what do you do? >> Thanks > > i have had trouble in the past, but my defensive measures > are now working better than the appliance that coraid uses, > at least with the current configuration. > > this isn't ment to start a flame war, but my opinion is that > content-based spam filtering doesn't appear to work very > well. my dad's email always gets flagged. silly vendor spam > gets through just fine. > > i've got a number of defensive measures. > 1. -D. just waiting for 10 seconds before doing anything > does a lot to slow spam down. >50% of connectors to my > machine give up > > 2. i also use a nupas smtpd which is quite strict > about helo. the flags i use are "fqDn". about 80% > of spam has a helo line with an invalid domain or > "localhost" or some such nonsense. dropping this > mail helps alot. > > 3. spf. included in nupas is moderately helpful. > nupas includes the hooks for this in validatesender. > > 4. i sometimes cheat by using the -k option. only > works with nupas smtpd. this just drops connections > coming from certain ip addresses. sometimes a range > will be too much trouble. > > you can use the nupas smtpd without using the rest > of nupas, though you will need to use the nupas > validatesender. > > - erik Ok, so a couple questions: 1. What do I need to do in order to drop nupas into my system? 2. If I update /mail/lib/blocked, do I have to restart smtpd in order to get the changes? 3. What's the best way to restart smtpd? John