[PLUG] My anti spam approach...

[plug_0 at robinson-west.com]

At http://web.robinson-west.com there's a link to show the 
listing of an iptables chain containing the addresses of mail 
servers that have gotten a 5xx smtp error trying to access
my servers.

It's part of my anti spam campaign beyond simple filtering.

So far, my script can block a site permanently simply because
someone at that site is repeatedly trying to email a nonexistent
user.  I'm thinking I should refine this by recording the reason
for blocking an ip.  

Blocking sites that reverse resolve to something
strangle like DSL...xx-yy-zz-qq... where xx,yy,zz,and qq are
numbers, I wonder how often I will block legitimate email 
sources?  Is it wise to block sites that don't reverse dns
resolve at all?  Anyone know of a legitimate Internet
connected smtp email source that doesn't have a PTR record?

At this point, I'm considering a manual override feature for
my users.  After all, mail.hotmail.com probably shouldn't be on
my block list.  Being able to implement hold and notify would 
be awfully nice for hotmail.com, but I don't know how to use
postfix's hold feature.  What I'd like to do is
implement a softer blocking approach that holds anything
from hotmail.com and sends a notification.  I want this
blocking approach to be variably applied though.  If soft
blocking is being used and one of my users doesn't want 
to be notified that there are messages from hotmail.com,
I want to accomodate that user.

I've been working on my blocking script trying to get the bugs
out.  In addition to keeping my ISP from being blocked, I've 
added the mypcc.edu email server and servers from 
http://dnsreport.com/, a site I use to test my nameservers.  
I had a blocking notification script, but I've 
stopped using it concerned that it's causing more problems 
than it's solving.

I've asked my ISP, opusnet.com, to do mail forwarding 
when my dsl fails.  I have imap accounts open for that.  
Unfortunately, Opus doesn't seem to have it's Imail 
server configured properly.  Mail for my domain will
spool at Opus's server, but it won't deposit in the 
imap boxes there.  Five hours is a long time to
wait to see if Opus has set things up right, especially
considering how much mail can be lost in that five hour
period if the mail Opus is spooling for me simply 
bounces.  I don't want to be locked in to Opus's domain 
name for email.  Using my own domain name, I can have 
more than six email addresses and I'm ISP neutral.  
It's my aliases that Opus seems to be the most upset 
with when it comes to setting up mail forwarding for 
my site.  It's easy to set a relay that supports many
aliases with postfix, but I guess that Imail is 
configured via a clumsy web interface.

I could push Opus, but my ISP is treating mail forwarding
as a favor and it hasn't named a price to make it work
right.  The email boxes were free, part of our service,
but having Opus deposit email in them addressed to a 
different domain is supposedly extra.  Is there some good 
reason to use Imail instead of Postfix, Qmail, or Sendmail?  
Maybe I should set up my tertiary mail server at a friends 
house and simply forward any messages that arrive there to 
the email boxes at Opus.

Has anyone gotten their ISP to do mail forwarding for them?

If anyone wants to see my Bash scripts, let me know.  I think
they are becoming reasonably useful now.

     --  Michael Robinson

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/