[afnog] I am getting porn spam emails
Stephane Bortzmeyer
bortzmeyer at nic.fr
Wed Dec 21 15:09:25 UTC 2016
On Wed, Dec 21, 2016 at 05:27:42PM +0300,
raphael mollel <raphael.susa at gmail.com> wrote
a message of 250 lines which said:
> I am getting porn spam mail everyday in my mail server. Each email
> are from different email addresses and domains. I have tried
> creating a filter, and I have tried reporting them as spam. I need
> to know how to stop receiving them.
There is no perfect solution against spam. To avoid *reading* it, the
best solution is a bayesian filter that you train. I use bogofilter
and I'm very happy with it (very few false positives and few false
negatives). But if you want to avoir *receiving* spam (because you
want to save not only human attention, but also bandwidth), this is
more complicated. Things that can help:
* reputable black lists. I say "reputable" because many lists are
badly managed. (I use mostly two Spamhaus lists, sbl-xbl.spamhaus.org
and xbl-xbl.spamhaus.org.)
* greylisting (in my experience, it kills half of the spam before it
reaches your email server (RFC 6647 is a good reading). Some people
will claim it is useless because the spammers will adapt. Let them
trust their theory, I trust my practice.
> E.g
In the example you send, you did not indicate the most important
headers (typically Received:) Studying them would let you understand
while it went through the various filters. And, of course, the log of
the porgrams may also give indications.
> Amavis
> spamassassin
> clamAV
These three programs run *after* you've received the email so they are
useful if you want to avoid *seeing* the spam, not if you want to
avoid *receiving* it.
> reject_rbl_client
That's a lot of black lists. Did you really evaluate them all? (For
instance, rfc-ignorant.org has a lot of false positives.)
More information about the afnog
mailing list