[PLUG] Implementing only whitelisted allowed to stop spammers...
Darkhorse
plug_0 at robinson-west.com
Tue Mar 9 17:43:03 UTC 2004
I've been thinking about the need to close the smtp port
to spammers to really stop them where it would take a lot
of research and a lot of iptables rules to block every
single spammer. A lot of spam comes from innocent sites
that have been infected by a worm or virus. In the
interest of processing time and aware that spamassassin
isn't always effective, I'm considering blacklisting
all addresses and maintaining a whitelist for each
user.
Graylisting is an option, but it may stop legitimate
email since some servers won't retry.
A perhaps less risky approach involves the use of a
database and maybe some Perl script. My idea is to
pull the headers out of email from untrusted sources
using Perl and update a running SQL database with them.
The goal being, have a record of email headers for the
purpose of helping local users update their white lists.
All you need to see is the subject and the source to
know if you want an email, email messages that aren't
from white listed addresses can be processed so that
the header is sent to the intended recipient in a new
message with a special reply address when that address
hasn't been encountered before. If they delete this
processed message instead of replying, they don't get
the message and the source stays black listed. They
also don't get any virus or worm this way since they
don't have the body yet. This calls for all but one
email address that will be special to be black listed
for all senders initially. It means finding out if
an attempt to transmit to the special address is being
made before SMTP gives the ok to send the message.
The biggest problem is how to make this work with a
mailing list. It requires white listing the address
of every single person on that list. The advantage
is that I don't have to keep lists of the addresses
of abusers where there are probably millions. The
computer would grind to a halt if I had a million
ip tables rules to explicitly deny individual spam
sites.
Ideally if SMTP can get who the sender will be and
the subject without allowing the remote site to
transmit the message body in cases of distrust
putting that information into a useful format,
Perl won't be needed and this system can prove
to be a vast improvement over local filtering
for spam and malware. It changes the game to
on recipient request instead of on sender's
whim.
I'm thinking about a special email address where
the recipient always gets a special message with just
the header of the sender's message, but that
could be a royal pain. The problem I'm trying to solve
over simple white listing and black listing is allowing
for growth by permitting new potential email sources
to send their email address by attempting to send an
email in the normal way.
More information about the PLUG
mailing list