Reducing spam with OpenBSD and spamd

What's worse (for spammers) is that spamd, after wasting all that time, never does allow the spam email through to the real SMTP server. Instead, it sends back a 450 "mailbox busy" message. The spammer retries, and retries, and retries, getting stuck in the tarpit every time. I had one spammer that kept retrying -- and repeatedly getting stuck in my trap -- for a day and a half, and never once was that spammer able to actually transmit the spam message to me.
Tarpitting can be implemented for senders on the same SPEWS/Spamhaus blacklist that you're likely using with a different antispam tool. Spamd's default configuration automatically tarpits the following IP addresses:
    * any IP netblocks in either the SPEWS Level 1 or SPEWS Level 2 lists
    * any IP netblocks in China
    * any IP netblocks in Korea
The reason for the SPEWS lists is obvious. China and Korea are blocked because so many spam email servers are located in those two countries, and their ISPs and governments don't seem to have any interest in getting rid of them. I also have added all of Russia's IP netblocks to my configuration, for the same reasons.
If you need to direct non-spammers who are in a blacklisted network past spamd, you can add their mail servers to a permanent whitelist that gets processed before any greylisting or blacklisting occurs. This allows their mail servers to bypass the greylisting and blacklisting functions and go straight to your real mail server.
There's one other handy thing that spamd can do for us. Spamd can optionally monitor your mail logs and automatically whitelist the destination email servers of anyone to whom you send email.
Another additional optional feature of greylisting with OpenBSD is something called greytrapping. Spammers "harvest" anything that looks like an email address from Web pages throughout the Internet, looking for potential victims. If you post a fake email address on your site that does not actually exist on your real email server, you'll know that if someone tries to send email to that fake email address, it's a spammer. Spamd checks the recipient in the SMTP "RCPT TO:" information against a list of fake recipient email addresses that you've previously told it to watch for. If it sees fakeaddress@mydomain.com, it immediately tarpits the mail server's IP address.
There's not much not to like in spamd. How do you get it to work? We'll tackle that tomorrow.


本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u/28922/showart_310724.html

标签：

版权申明：本站文章部分自网络，如有侵权，请联系：west999com@outlook.com
特别注意：本站所有转载文章言论不代表本站观点，本站所提供的摄影照片，插画，设计作品，如需使用，请与原作者联系，版权归原作者所有