[lug] Email question

[Sean Reifschneider]

On Sun, Aug 22, 2004 at 07:46:58PM -0600, Daniel Webb wrote:
>I installed Tor Slettnes's greylisting package (greylistd on Debian,
>described in his excellent email filtering document

Yes, greylisting is working great for us as well.  I have more
information on our experiences on my journal at http://journal.jafo.ca/
if you want some stats, etc.  It hasn't completely stopped spam, but
it's done an order of magnitude better than anything else I tried.

I built my own greylist policy plugin for Postfix, and included SPF in
that.  SPF is helping a fair bit as well, maybe blocking another dozen
messages a day (mostly claiming to be from one of our addresses going TO
one of our addresses, from some random external IP).

See my journal for more information on things that have helped.

>My guess is that this is a legitimate (if misguided) email, but that a
>virus spammer is using my email address as the return address (the HELO

Yeah, that's a big problem recently.  Lots of bounces from virus
scanners or the like.  I set up hundreds of rules based on subject or
from headers to try to reject incoming messages that look like virus
scanners warning me of a virus I didn't send.  I mostly just looked at
the bounces I was getting, and combined it with some lists I found on
the net.

Sean
-- 
 Well I've been to one world fair, a picnic and a rodeo, and that's the
 stupidest thing I've heard come over a pair of earphones.  -- Major Kong
Sean Reifschneider, Member of Technical Staff <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995.  Qmail, Python, SysAdmin