[extropy-chat] the RBL racket
Eugen Leitl
eugen at leitl.org
Mon Sep 11 07:07:33 UTC 2006
On Mon, Sep 11, 2006 at 12:48:01AM -0400, Robert Bradbury wrote:
> But this stuff is so easy to filter. I never receive images from
For now, it is easy to filter. For you and me. Not for most people.
> anyone (or almost never).
> The people I would want to receive images from are whitelisted. All
I've never bothered with whitelisting. Way too much work.
> the email that contains binary data, images, undesirable character
> sets, a host of easy to identify Subject line misspellings, etc. gets
> flagged very early on before the rule based or Bayesian filtering
I deny most Windows mailware at MTA level:
v64:/etc/postfix# cat body_checks.regexp
/^TVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA$/
REJECT Keep your executables!
v64:/etc/postfix# cat mime_header_checks.pcre
/^Content-(?:Disposition:\s+attachment;|Type:).*\b(?:file)?name\s*=.*\.(?:
ad[ep] |
asd |
ba[st] |
chm |
cmd |
com(?=$|") |
cpl |
crt |
dll |
eml |
cpl |
crt |
dll |
do |
eml |
exe |
hlp |
hta |
in[ifs] |
isp |
js |
jse? |
lnk |
md[betw] |
ms[cipt] |
nws |
ocx |
ops |
pcd |
p[ir]f |
pps |
reg |
rm |
sc[frt] |
sh[bsm] |
swf |
url |
vb[esx]? |
vxd |
zip |
ws[cfh] |
\{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}
)\b/x REJECT Windows executables not allowed
> processing. I would bet less than 1% of it has to be "thought" about.
> I'd only have to move this slightly upstream (before qmail receives
> the entire "text" of the message) and it would get terminated before
Yeah -- but I recommend choosing postfix over qmail (which is
abandonware, and can't be adopted due to the license).
> it has consumed a fraction of its potential bandwidth.
> The real problem involves (a) virus/trojan infected relay machines and
> (b) ISPs who don't censor widespread spammers. Those can be solved by
> forcing the infected machines off of the network (it isn't hard for
Doesn't work. Most spam today is just some ten messages from
a single machine, which is not enough even for human diagnostics.
> ISPs to monitor and flag accounts which have high outgoing SMTP
> activity to "unusual" locations and ISP operating "standards" (would
Anything beginning with "people should" doesn't work on a large
scale.
> you allow a physicians with dirty hands to operate on you?).
> I think the recent U.S. Court action classifying spammers as
> trespassers and subject to fines and jail time in line with that is a
> big step in the right direction.
What I've receive spam from the U.S.? Doesn't help me one bit.
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
URL: <http://lists.extropy.org/pipermail/extropy-chat/attachments/20060911/8ebaccaa/attachment.bin>
More information about the extropy-chat
mailing list