Greg Hewgill (ghewgill) wrote,
Greg Hewgill

the war on spam

I've been working again on making sure my mail server does the best job it possibly can at rejecting spam and other unwanted email. I recently wrote a Postfix log file scanner that summarizes the reasons why email is being rejected. You can see the current summary here (this shows the statistics for the current day since 00:00 UTC).

A few things about this summary are interesting:

  • I suspect a lot of the entries in the "HELO (unknown)" list are actual SMTP servers, relaying spam, that are misconfigured to send the wrong HELO name. Sorry, I'm not going to accept your mail.
  • The "Recipient (local reject)" list of common worm destinations (adam, alex, alice, etc) is still very effective.
  • Relay attempts seem rare. I had expected to see more of these, but on the other hand it still gives me a warm fuzzy feeling when relay attempts are rejected.
  • I had expected the "DATA pipelining" filter to catch more. This happens when an SMTP sender ignores responses from the my server and just fires the commands through as fast as it can without waiting for acknowledgement. Perhaps all those clients happen to be caught earlier by my rejecting a "HELO" command, who knows.
  • There are a lot of different email worms out there! I suspect that many of the previously rejected connections to my mail server would eventually have tried to deliver an email worm. But clamav still does a great job of filtering out that junk.

Even after all this, when my SMTP server rejects over 90% of the connections to it, spamassassin still catches a lot after delivery. I'm going to work on some statistics processing there so I can find out how effective that is.

Finally, I still get an annoying amount of spam landing in my inbox. The war continues.

Tags: spam

  • oh well

    I got home today to a cheerful phone message from Tiffany at informing me that the Japanese Beginning II class that was set to…

  • photos, books, and customer service

    My Canadian passport has expired, and in fact it has been expired so long that if I had renewed it when it first expired, the new one would have…

  • japanese

    A while ago I signed up for an introductory Japanese language course through, and it starts tomorrow (well today, since it's now…

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 1 comment