Article delegate-en/3457 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3452@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] SPAM blocking by DeleGate (Re: delegate rejects domains not in the list)
07 Aug 2006 04:36:18 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi,

By the way, if your intention is to block SPAMs, I don't recommend you
to use the REJECT list based on domain name, since it is difficult to
identify exaustless spammers by domain spreading over the world, and
without a side-effect.  For example, your REJECT list includes
"*.ibaraki.ocn.ne.jp" which is of ISP providing considerably wide and
important area of Japan including Tsukuba, and is one of my ISPs :)
<URL:http://www.delegate.org/delegate/delegate-org.shtml>

Instead, using "callback" of SMTP is recommended if you are not using
it, which can be specified as follows:

  SMTPCONF=callback

<URL:http://www.delegate.org/delegate/Manual.htm#SMTPCONF>

Most of SPAM is from not mailers but from client hosts of end-users
without its mail exchanger.  "callback" blocks most of them automatically
by inserting delays between SMTP command/response interaction which
causes timeout in a non-SMTP server in most case.

Since two and a half years ago, I'm using this at the SMTP entrance of
DeleGate.ORG.  From the observation of recent mails to DeleGate.ORG,
  <URL:http://www.delegate.org/stats/mail.shtml>
it blocks about 90% of SPAM mails to be forwarded (classified as Non-SMTP
in the following statistics).

>> SMTP Server smtp://mail.delegate.org ( counted since May 5 06:41 )
>> 
>>  Sessions:241693 Total incoming SMTP/TCP connections
>>  + PreReset:  10364 TCP connection reset before SMTP interpretation
>>  + Non-HELO:  10773 Session aborted before greeting HELO
>>  + Non-DATA: 189750 Session aborted before message DATA (maybe Non-SMTP)
>>  + Rejected:   2439 Rejected by the given rules in SMTPGATE
>>  + Accepted:  29623 Spooled or forwarded => Trapped + Gateway + Relayed
>>    + Trapped:   10552 Spooled locally (Email-Address for trapping SPAM)
>>    + Gateway:     722 Gatewayed to a NNTP server
>>    + Relayed:   19687 Relayed to a SMTP server
>>      + Unknown:   17586 To the SPAM spooler (unknown Email-Address) 
>>      + ToBeRead:   2065 To a human (to be read by a human)
>> 
>>  WithSMTP:  19591 Callback to the SMTP server on the client succeeded
>>  Non-SMTP: 199124 Callback to the SMTP server on the client failed
>>  GotReset:  40545 Reset by the client before session complete
>> 
>>  Sessions: 200000 (0000.X/day) / 397 nets [ May  5 06:41 -- Aug  7 13:03 ]
>>  Accepted:  29623 ( 314.3/day) / 377 nets [ May  5 06:41 -- Aug  7 13:02 ]
>>   Relayed:  19687 ( 208.8/day) / 367 nets [ May  5 06:41 -- Aug  7 12:58 ]
>>   Gateway:    722 (   7.7/day) /  36 nets [ May  6 04:10 -- Aug  7 11:01 ]
>>  ToBeRead:   2065 (  22.0/day)
>> 
>> Abandoned: (Mails Filtered Out) 
>>  PreReset:  10364 ( 110.0/day) / 256 nets [ May  5 07:25 -- Aug  7 13:00 ]
>>  Non-HELO:  10773 ( 114.4/day) / 262 nets [ May  5 08:43 -- Aug  7 12:24 ]
>>  Non-DATA: 100000 (0000.X/day) / 342 nets [ May  5 06:56 -- Aug  7 13:03 ]
>>  Rejected:   2439 (  25.9/day) / 223 nets [ May  5 07:33 -- Aug  7 12:56 ]
>>   Trapped:  10552 ( 111.9/day) / 269 nets [ May  5 06:45 -- Aug  7 13:02 ]
>>   Unknown:  17586 ( 186.6/day) / 365 nets [ May  5 06:41 -- Aug  7 12:58 ]
>>     Total: 200000 (0000.X/day) / 395 nets [ May  5 06:41 -- Aug  7 13:03 ]


>>Non-DATA: total 100000 (0000.X/day) from 342 nets since May  5 06:56 to Aug  7 13:21
>>  0.0 -------- -------- --XX---- -------- -------- -------- XXXX---- --------
>> 16.0 -------- -------- -------- -------- 4X8X---- -------- -------- --------
>> 32.0 -------- -------- -------- -X------ -------X -------X -------- --------
>> 48.0 -------- -------- -------- -------- -----X-- 1XXX7XX- X-XXXX3X XXXXXXXX
>> 64.0 XXXXXXXX XXXXXXX- XXXXXXXX XXXXXXXX XXXX---- XXXXXX-- X------- --------
>> 80.0 XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX X------- -------- --------
>> 96.0 -------- -------- -------- -------- -------- -------- -------- --------
>>112.0 -------- -------- -------- -------- ----XXX- -X-XX--- XXXXXXXX --------
>>128.0 -XXXXXXX XXX---XX ---XXX-- -XXX---X --X--XX- -XXXXXX- -XX-X-XX --XX-XXX
>>144.0 -XXXX--X --X-XXXX XX-X--X- XXXXXXXX -X--X--- X-----XX X---XXX- XX---XXX
>>160.0 XXXXXX-- XXX-XXX- -X---XXX -XXX--X- -XXX---X -XXX---- -------- --------
>>176.0 -------- -------- -------- -------- -------- -------- ------X- X-------
>>192.0 XX-XXXXX XXXX0XXX X--X---- -XXXXXXX XXX6XXXX XXXXXXXX XXXX--XX 2XXXXXXX
>>208.0 XXXXXXXX XXXX5X9X XXXXXXXX -------- XXXXXXXX XXXXXXXX XXXXXXXX XXXX----
...
>>WithSMTP: total 19594 ( 207.8/day) 345 nets [ May  5 06:41 -- Aug  7 13:22 ]
>>  0.0 -------- -------- XX------ -------- X------- -------- XXXX---- -------X
>> 16.0 -------X X------- -------- -------- XXXX---- -------- -------- --------
>> 32.0 XX------ ----X--- -------- -X------ -------- -------- -------- --------
>> 48.0 -------- -------- -------- -------- -----X-- XXXXXXX- X-XXXXXX XXXX-XXX
>> 64.0 XXXXXXXX XXXXXXX- XXXXXXXX XXXXXXXX XXXX---- X-XXX--- -------- --------
>> 80.0 XXXXXX6X XXXXXXXX XXXXXXXX XXXXXX-X XXXX-XXX -------- -------- --------
>> 96.0 -------- -------- -------- -------- -------- -------- -------- --------
>>112.0 -------- -------- -------- -------- -------- -------- XX--XXXX --------
>>128.0 XXXXXXXX XXXXXXXX XXXXXXXX -XXX---- --X-XXX- X-X-XXX- -XXXXXXX -XXX-X--
>>144.0 XXXX---X -XX-XXXX -X-XX-XX XXXXXX-X XX------ X---XX-X -X---XX- XXXX-XX-
>>160.0 XXX-XX-- XX--X--- XX-XXX8X XX---XXX XXX---XX -X-X-X-- -------- --------
>>176.0 -------- -------- -------- -------- -------- -------- -------- X-------
>>192.0 XXXXXXXX XXX41XXX X--X---- XXXXXXXX XXXXXXXX X3XXX2X7 XXXXX-XX XXXXXXXX
>>208.0 XXXXXXXX XXXXXX0X XXX9XXXX X------- XXXXXXXX XXXX-XXX -XXXXXXX XXXX----
...
>>Non-SMTP: total 100000 (0000.X/day) 374 nets [ May  5 06:43 -- Aug  7 13:21 ]
>>  0.0 -------- -------- X-XX---- -------- -------- -------- XXXX---- --------
>> 16.0 -------X -------- -------- -------- 5X9X---- -------- -------- --------
>> 32.0 -------- -------- -------- -X------ -------X -------X -------- --------
>> 48.0 -------- -------- -------- -------- -----X-- 1XXX8XX- X-XXXX3X XXXXXXXX
>> 64.0 XXXXXXXX XXXXXXX- XXXXXXXX XXXXXXXX XXXX---- XXXXXX-- X------- --------
>> 80.0 XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX X------- -------- --------
>> 96.0 -------- -------- -------- -------- -------- -------- -------- --------
>>112.0 -------- -------- -------- -------- ----XXX- -X-XX--- XXXXXXXX --------
>>128.0 XXXXXXXX XXXXX-XX --XXXXXX XXXX---X --X-XXXX -XXXXXX- -XXXXXXX -XXX-XXX
>>144.0 -XXXX--X -XX-XXXX XX-X--X- XXXXXXXX XX--X--- X----XXX XXX-XXXX XXXX-XXX
>>160.0 XXXXXXX- XXX-XXX- -X--XXXX -XXX-XXX -XXX--XX XXXX-X-- -------- --------
>>176.0 -------- -------- -------- -------- -------- -------- ------X- X-------
>>192.0 XXXXXXXX XXXXXXXX X--X---- XXXXXXXX XXX7XXXX XXXXXXXX XXXX-XXX 2XXXXXXX
>>208.0 XXXXXXXX XXXX6XXX XXXXXXXX -------- XXXXXXXX X0XXXXXX X4XXXXXX XXXX----
...
>>CallBack-Error: 100000 (0000.X/day) 374 nets [ May  5 06:43 -- Aug  7 13:21 ]
>>   CantConnect: 100000 (0000.X/day) 371 nets [ May  5 06:43 -- Aug  7 13:21 ]
>>    NoResponse:  2380 (  25.3/day) 176 nets [ May  5 08:47 -- Aug  7 12:23 ]
>>   BadGreeting:   283 (   3.1/day)  66 nets [ May  7 05:02 -- Aug  7 10:23 ]
>>   BadResponse:  2169 (  23.1/day)  90 nets [ May  5 16:55 -- Aug  7 12:32 ]


In message <_A3452@delegate-en.ML_> on 08/07/06(02:34:31) I wrote:
 |In message <_A3450@delegate-en.ML_> on 08/07/06(01:46:13)
 |you Martin Papadopoulos <payeabdyi-aipdtq52abfr.ml@ml.delegate.org> wrote:
 | |for example mails from mxpool*.ebay.com
 | |
 | |i could send you a prepared log file for analysis if you want to.
 |
 |Your mail including the whole REJECT list was posted to the open forum
 |forwarded via feedback@delegate.org, so I removed it from the spool.
 |
 |Well, your REJECT list includes a line as this:
 |
 |  REJECT=*:*:*.*IP.rima-tde.net
 |
 |This matches with any host because "wild-card" in the HostList does not
 |support a general "regular expression".
 |By the way, I found it with the "Access Control Simulation" mode newly
 |introduced to be released in 9.2.4-pre13 :)

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V