Koozali.org: home of the SME Server

more anti-spam features

Tom Carroll

more anti-spam features
« on: November 05, 2002, 08:55:10 AM »
Folks, I have seen some varied discussion here and other places about stopping spammers. Most folks use filters, like spam assasin and other spam filtering software. As far as I can tell, this does not stop the use of the bandwidth. Please correct me if I am wrong.

I see that most inexperienced pond-scum spammers do not know how to use a valid domain, or use their own servers domain, which is stoppable at the front door by using reverse lookup and noto lines in smtpd-check-rules. This worked for me for several months. However, there are those who are more experienced at spamming and wasting bandwidth by using an open SMTP server (in most cases) that has a valid reverse DNS, but yet claim to be someone else, thereby causing bounce messages to bounce back to the SMTP server, etc. and using more bandwidth. To me this could be a vulnerability if a spammer wanted to flood a server on the SMTP port causing thousands of bounced messages to be generated and loading down the server...

What I am wondering is if code can be added to the SMTP server software to make it compare the actual valid DNS upon reverse lookup to the domain being claimed by the connection. If the claimed domain is not found anywhere within the string returned on the reverse lookup, the connection would be closed with a 550 error to the SMTP server.

It should be just a simple comparison function to determine if the reverse lookup matches the domain being claimed.  It would be a very useful feature!

I have won half the battle with the reverse lookup, and now I am wanting to put the nail in the coffin...

Tom Carroll

Nathan Fowler

Re: more anti-spam features
« Reply #1 on: November 11, 2002, 10:40:06 PM »
Tom, did you read Junipers Obtuse SMTP documentation?
http://www.obtuse.com/juniper-docs/man/smtpd_address_check.html

Try this rule:
noto:NS=UNKNOWN:ALL:ALL:550 Blah blah, spam spam.