[PLUG] Implementing only whitelisted allowed to stop spammers...

Darkhorse plug_0 at robinson-west.com
Tue Mar 9 17:43:03 UTC 2004


I've been thinking about the need to close the smtp port 
to spammers to really stop them where it would take a lot 
of research and a lot of iptables rules to block every 
single spammer. A lot of spam comes from innocent sites 
that have been infected by a worm or virus.  In the 
interest of processing time and aware that spamassassin 
isn't always effective, I'm considering blacklisting 
all addresses and maintaining a whitelist for each
user.

Graylisting is an option, but it may stop legitimate 
email since some servers won't retry.  

A perhaps less risky approach involves the use of a 
database and maybe some Perl script.  My idea is to 
pull the headers out of email from untrusted sources 
using Perl and update a running SQL database with them.  
The goal being, have a record of email headers for the 
purpose of helping local users update their white lists.  
All you need to see is the subject and the source to 
know if you want an email, email messages that aren't 
from white listed addresses can be processed so that 
the header is sent to the intended recipient in a new 
message with a special reply address when that address 
hasn't been encountered before.  If they delete this 
processed message instead of replying, they don't get 
the message and the source stays black listed.  They 
also don't get any virus or worm this way since they 
don't have the body yet.  This calls for all but one
email address that will be special to be black listed
for all senders initially.  It means finding out if
an attempt to transmit to the special address is being
made before SMTP gives the ok to send the message.

The biggest problem is how to make this work with a 
mailing list.  It requires white listing the address 
of every single person on that list.  The advantage 
is that I don't have to keep lists of the addresses 
of abusers where there are probably millions.  The 
computer would grind to a halt if I had a million 
ip tables rules to explicitly deny individual spam 
sites.

Ideally if SMTP can get who the sender will be and
the subject without allowing the remote site to
transmit the message body in cases of distrust
putting that information into a useful format, 
Perl won't be needed and this system can prove 
to be a vast improvement over local filtering
for spam and malware.  It changes the game to
on recipient request instead of on sender's 
whim.

I'm thinking about a special email address where
the recipient always gets a special message with just
the header of the sender's message, but that 
could be a royal pain.  The problem I'm trying to solve
over simple white listing and black listing is allowing
for growth by permitting new potential email sources
to send their email address by attempting to send an 
email in the normal way. 





More information about the PLUG mailing list