info about spam messages
Tom Anderson
tanderso at oac-design.com
Wed Jun 16 21:25:25 CEST 2004
From: "Tayfun ASKER" <tasker at metu.edu.tr>
> I am planning to determine the frequent spammers from the From: and ip
> addresses of spam messages and to block only these addresses.
Tayfun,
The "From" address will not tell you anything about the spammer in most
cases. Often, the spammer uses your own email in the "From" field, or a
random username at your server. Blocking this address will do nothing but
foul up your own mail delivery. Similarly, you can't depend on the IP that
bogofilter outputs as being that of the spammer either. You would have to
try to validate it in other ways, including with your MTA. Ultimately,
outright blocking of any addresses is dangerous. The best thing to do is to
filter with bogofilter.
Tom
>
> David Relson wrote:
>
> > Tom,
> >
> > Before I had bogofilter, I had a simple script that would find the first
> > ip address in a spam message and create an iptable rule to block port 25
> > for that machine. It worked (I think) though it was somewhat of a
> > nuisance to deal with 50 or 100 messages each day.
> >
> > As you say, the spammer's real address may not even be in the message.
> > However identifying zombies, open relays, etc is of value (I think). It
> > may be that I receive lots of valid email from such machines (zombies,
> > et al), but I doubt it.
> >
> > With the patch below, "spamitarium -rai < msg.bogofilter.org | grep
> > ipad" will print "ipad: 216.144.204.43, asn: 19326" (or comparable
> > value).
> >
> > It might be useful for, say, Tayfun.
> >
> > Regards,
> >
> > David
> >
>
> _______________________________________________
> Bogofilter mailing list
> Bogofilter at bogofilter.org
> http://www.bogofilter.org/mailman/listinfo/bogofilter
>
More information about the Bogofilter
mailing list