Spam is the bane of my existence. Just when you think you have it under control, some guy calls in irate about the 10 spam messages out of 1000 that got through that day. Even though I know that I'll never hit 100% effectiveness, I'm reworking my spam filters in the hope of getting closer than ever. If you know anything about creating a Linux spam filter feel free to post since new ideas are definitely appreciated.
I'm going with Exim again since it gives you control of pretty much every part of a mail transaction and because it can reject Email at SMTP time before the server has had to store a copy of it. I'm going to stay high level and not go into the actual settings in exim, but here are the basics.
During the initial HELO I'll introduce a 20 second delay. Since spammers have to send email to so many people, many use mailers that will drop a connection if they don't hear back from the recipient mail server within a few seconds.
When the sending server tells me who the message is to, I double check that that user is on the mail server I am filtering for. If it isn't then I drop the connection with an "Invalid Recipt To" error.
If the user is one I am hosting, I check to make sure that the sending server has a reverse DNS record.
If the user has reverse DNS then we'll let the server send us email.
As the email begins to come in we check to make sure that it doesn't have invalid MIME headers since many emails sent through spammed web forms have this problem.
Once I've confirmed the email is properly formatted, I check it for viruses using clamAV. If it has a virus I delete it.
After clamAV has run Exim will run it through SpamAssassin. SpamAssassin runs a series of tests that check for phrases, spelling, and formatting common to spam. The more tests that spamassassin scores positive on the higher the score that spamassassin will assign to the message. If the message scores very high, we'll discard it. If not we'll label it and send it to the person that it is meant for.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment