Re: [OT] Tom's/Marc's spam filters?

Quoting "Matthew D. Fuller" <fullermd(at)over-yonder(dot)net>:

> On Tue, Apr 20, 2004 at 05:35:51AM -0000 I heard the voice of
> Jim Wilson, and lo! it spake thus:
> > Tom Lane said:
> > >
> > > 3. I have noticed that bouncing any machine that sends "HELO
> > > sss.pgh.pa.us" gets rid of a ton of spam and viruses. I don't know of
> > > any real clean way to do this, but I have a sendmail.cf hack for it.
> >
> > #3 looks interesting though...
>
> I've been blocking HELO as anything under my domain, as well as my IP
> address (as well as any bare IP addresses) for a while, and it
> certainly drops a fair bit. And I maintain a long list of HELO names,
> AND IP ranges, AND sending hostnames, AND senders domains, plus all
> the filtering I do after accepting the mail... Wacky. If we just
> renamed 'spam' to 'justifiable homicide'...
>
>
> --
> Matthew Fuller (MF4839) | fullermd(at)over-yonder(dot)net
> Systems/Network Administrator | http://www.over-yonder.net/~fullermd/
>
> "The only reason I'm burning my candle at both ends, is because I
> haven't figured out how to light the middle yet"
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
> http://archives.postgresql.org
>

We could only wish for "justifiable homicide". Now there's a law I would
support! :)

Are you guys miltering to drop the messages with those HELO patterns? I'm
nailing 80%+ across all my clients and I may get 20 to 50 spams/day (down from
200+) which is acceptable but I was going to start using some netfilter hooks
(i.e. Linux firewall code) to inspect mail traffic and apply some more patterns.
If you guys are getting 95%+ via miltering then thats definitely the way to go.

--
Keith C. Perry, MS E.E.
Director of Networks & Applications
VCSN, Inc.
http://vcsn.com

____________________________________
This email account is being host by:
VCSN, Inc : http://vcsn.com