'Re: [SAtalk] using spamd/spamc to reject SMTP connection'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       spamassassin-users
Subject:    Re: [SAtalk] using spamd/spamc to reject SMTP connection
From:       Bob Apthorpe <apthorpe+sa () cynistar ! net>
Date:       2003-10-31 21:27:11
[Download RAW message or body]

On Fri, 31 Oct 2003 11:30:29 -0800 "Josiah DeWitt" <jdewitt@vendaria.com> wrote:

> I just installed SpamAssassin and got it working, but it just drops or
> marks spam after it has already accepted it.  While this /dev/null type
> behavior is great, I would rather discourage spammers by refusing the
> connection period.
> 
> I was wondering if there is a way of using spamd/spamc to reject the
> spammers SMTP connection by inserting a ruleset in the sendmail.mc or
> cf.  I was hoping for a result similar to that of the RBL mc's.
> 
> FEATURE(dnsbl,`dun.dnsrbl.net')dnl
> FEATURE(dnsbl,`spam.dnsrbl.net')dnl
> FEATURE(dnsbl,`blackholes.mail-abuse.org')dnl
> FEATURE(dnsbl,`list.dsbl.org')dnl
> FEATURE(dnsbl,`multihop.dsbl.org')dnl
> FEATURE(dnsbl,`unconfirmed.dsbl.org')dnl
> 
> etc...
> 
> I imagine there might be a way to pipe the incoming data to spamc and
> return a boolean response weather or not to accept the connection.  In
> reponse to a dropped connection it would reply with error codes and the
> spam condition of the mail.  

As others have pointed out, by the time you've sent the content to
spamc, you've already a) accepted the spammer's connection, and b)
accepted the payload of his spam, meaning you've already accepted the
bandwidth cost of his junk traffic. The DNSBLs help you drop the
connection before the SMTP DATA phase so you don't have to bear the
bandwidth cost.

> Am I just fantasizing?  If so where are the resourses I need to start
> coding this one up?

You could track the IP addresses of systems sending you spam from your
mail logs, drop those into a sendmail access list, then reject (5xx) or
tempfail (4xx) those systems for an hour or so, and reject more
aggressively for repeat offenders. You'll probably want to bias this
against legitimate mail from those addresses so you don't blacklist a
lot of mail from a single spam. You could probably do this with a little
perl and syslog; I'd search the web to see if someone else has already
built such a beast because this sounds a lot like a site-specific
version of SpamCop[1].

-- Bob

[1] Whose DNS entries were mysteriously "lost" by their registrar
(Joker.com) today...


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Spamassassin-talk mailing list
Spamassassin-talk@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic