From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <8ccc8ba40901081227ua2f86cci5824de5cde6e7a25@mail.gmail.com> Date: Thu, 8 Jan 2009 21:27:25 +0100 From: "Francisco J Ballesteros" To: "Fans of the OS Plan 9 from Bell Labs" <9fans@9fans.net> In-Reply-To: <56f6e94ee07d87b86ea8389e2fd461b1@coraid.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <7d3530220901081155w2c1d6033v4acb3c961895fd06@mail.gmail.com> <56f6e94ee07d87b86ea8389e2fd461b1@coraid.com> Subject: Re: [9fans] dealing with spam Topicbox-Message-UUID: 7d5a3430-ead4-11e9-9d60-3106f5b1d025 Quite similar here. Also, use the first MX in DNS as a trap for those that do not use the secondary, as sugested by Geoff, IIRC. On Thu, Jan 8, 2009 at 9:23 PM, erik quanstrom wrote: > On Thu Jan 8 14:59:57 EST 2009, slawmaster@gmail.com wrote: >> Starting today, my account on my Plan 9 server has been getting tons >> of "free coupons", "free Dell XPS", "Student loans!" spam, apparently >> from one operator, since every domainname is in the form >> .com or , like eggnavajo.com, >> rosydeer.com, etc. It's so annoying that I may shut down my server for >> a bit until I figure out what's up. >> >> What are my options for getting rid of this? People who run Plan 9 >> mail servers, what do you do? >> Thanks > > i have had trouble in the past, but my defensive measures > are now working better than the appliance that coraid uses, > at least with the current configuration. > > this isn't ment to start a flame war, but my opinion is that > content-based spam filtering doesn't appear to work very > well. my dad's email always gets flagged. silly vendor spam > gets through just fine. > > i've got a number of defensive measures. > 1. -D. just waiting for 10 seconds before doing anything > does a lot to slow spam down. >50% of connectors to my > machine give up > > 2. i also use a nupas smtpd which is quite strict > about helo. the flags i use are "fqDn". about 80% > of spam has a helo line with an invalid domain or > "localhost" or some such nonsense. dropping this > mail helps alot. > > 3. spf. included in nupas is moderately helpful. > nupas includes the hooks for this in validatesender. > > 4. i sometimes cheat by using the -k option. only > works with nupas smtpd. this just drops connections > coming from certain ip addresses. sometimes a range > will be too much trouble. > > you can use the nupas smtpd without using the rest > of nupas, though you will need to use the nupas > validatesender. > > - erik > >