Article delegate-en/3458 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3457@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: SPAM blocking by DeleGate (Re: delegate rejects domains not in the list)
07 Aug 2006 16:31:25 GMT Martin Papadopoulos <payeabdyi-4z7oftckab5r.ml@ml.delegate.org>


hello yutaka,

it would be awesome if you could implement an smtp reject for non mx
servers.
i mean that if the reverse lookup entry does not contain a valid MX
record, or
to satisfy scenario of multiple mx records on one IP to checkout the
helo domain if it has
an mx record.

it is only a request though.

the SMTPCONF=callback wont do the job for me. spammer dont care about
timeouts,
so this is not an option for me.

greetz
martin papadopoulos

Yutaka Sato schrieb:
> Hi,
>
> By the way, if your intention is to block SPAMs, I don't recommend you
> to use the REJECT list based on domain name, since it is difficult to
> identify exaustless spammers by domain spreading over the world, and
> without a side-effect.  For example, your REJECT list includes
> "*.ibaraki.ocn.ne.jp" which is of ISP providing considerably wide and
> important area of Japan including Tsukuba, and is one of my ISPs :)
> <URL:http://www.delegate.org/delegate/delegate-org.shtml>
>
> Instead, using "callback" of SMTP is recommended if you are not using
> it, which can be specified as follows:
>
>   SMTPCONF=callback
>
> <URL:http://www.delegate.org/delegate/Manual.htm#SMTPCONF>
>
> Most of SPAM is from not mailers but from client hosts of end-users
> without its mail exchanger.  "callback" blocks most of them automatically
> by inserting delays between SMTP command/response interaction which
> causes timeout in a non-SMTP server in most case.
>
> Since two and a half years ago, I'm using this at the SMTP entrance of
> DeleGate.ORG.  From the observation of recent mails to DeleGate.ORG,
>   <URL:http://www.delegate.org/stats/mail.shtml>
> it blocks about 90% of SPAM mails to be forwarded (classified as Non-SMTP
> in the following statistics).
>
>   
>>> SMTP Server smtp://mail.delegate.org ( counted since May 5 06:41 )
>>>
>>>  Sessions:241693 Total incoming SMTP/TCP connections
>>>  + PreReset:  10364 TCP connection reset before SMTP interpretation
>>>  + Non-HELO:  10773 Session aborted before greeting HELO
>>>  + Non-DATA: 189750 Session aborted before message DATA (maybe Non-SMTP)
>>>  + Rejected:   2439 Rejected by the given rules in SMTPGATE
>>>  + Accepted:  29623 Spooled or forwarded => Trapped + Gateway + Relayed
>>>    + Trapped:   10552 Spooled locally (Email-Address for trapping SPAM)
>>>    + Gateway:     722 Gatewayed to a NNTP server
>>>    + Relayed:   19687 Relayed to a SMTP server
>>>      + Unknown:   17586 To the SPAM spooler (unknown Email-Address) 
>>>      + ToBeRead:   2065 To a human (to be read by a human)
>>>
>>>  WithSMTP:  19591 Callback to the SMTP server on the client succeeded
>>>  Non-SMTP: 199124 Callback to the SMTP server on the client failed
>>>  GotReset:  40545 Reset by the client before session complete
>>>
>>>  Sessions: 200000 (0000.X/day) / 397 nets [ May  5 06:41 -- Aug  7 13:03 ]
>>>  Accepted:  29623 ( 314.3/day) / 377 nets [ May  5 06:41 -- Aug  7 13:02 ]
>>>   Relayed:  19687 ( 208.8/day) / 367 nets [ May  5 06:41 -- Aug  7 12:58 ]
>>>   Gateway:    722 (   7.7/day) /  36 nets [ May  6 04:10 -- Aug  7 11:01 ]
>>>  ToBeRead:   2065 (  22.0/day)
>>>
>>> Abandoned: (Mails Filtered Out) 
>>>  PreReset:  10364 ( 110.0/day) / 256 nets [ May  5 07:25 -- Aug  7 13:00 ]
>>>  Non-HELO:  10773 ( 114.4/day) / 262 nets [ May  5 08:43 -- Aug  7 12:24 ]
>>>  Non-DATA: 100000 (0000.X/day) / 342 nets [ May  5 06:56 -- Aug  7 13:03 ]
>>>  Rejected:   2439 (  25.9/day) / 223 nets [ May  5 07:33 -- Aug  7 12:56 ]
>>>   Trapped:  10552 ( 111.9/day) / 269 nets [ May  5 06:45 -- Aug  7 13:02 ]
>>>   Unknown:  17586 ( 186.6/day) / 365 nets [ May  5 06:41 -- Aug  7 12:58 ]
>>>     Total: 200000 (0000.X/day) / 395 nets [ May  5 06:41 -- Aug  7 13:03 ]
>>>       
>
>
>   
>>> Non-DATA: total 100000 (0000.X/day) from 342 nets since May  5 06:56 to Aug  7 13:21
>>>  0.0 -------- -------- --XX---- -------- -------- -------- XXXX---- --------
>>> 16.0 -------- -------- -------- -------- 4X8X---- -------- -------- --------
>>> 32.0 -------- -------- -------- -X------ -------X -------X -------- --------
>>> 48.0 -------- -------- -------- -------- -----X-- 1XXX7XX- X-XXXX3X XXXXXXXX
>>> 64.0 XXXXXXXX XXXXXXX- XXXXXXXX XXXXXXXX XXXX---- XXXXXX-- X------- --------
>>> 80.0 XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX X------- -------- --------
>>> 96.0 -------- -------- -------- -------- -------- -------- -------- --------
>>> 112.0 -------- -------- -------- -------- ----XXX- -X-XX--- XXXXXXXX --------
>>> 128.0 -XXXXXXX XXX---XX ---XXX-- -XXX---X --X--XX- -XXXXXX- -XX-X-XX --XX-XXX
>>> 144.0 -XXXX--X --X-XXXX XX-X--X- XXXXXXXX -X--X--- X-----XX X---XXX- XX---XXX
>>> 160.0 XXXXXX-- XXX-XXX- -X---XXX -XXX--X- -XXX---X -XXX---- -------- --------
>>> 176.0 -------- -------- -------- -------- -------- -------- ------X- X-------
>>> 192.0 XX-XXXXX XXXX0XXX X--X---- -XXXXXXX XXX6XXXX XXXXXXXX XXXX--XX 2XXXXXXX
>>> 208.0 XXXXXXXX XXXX5X9X XXXXXXXX -------- XXXXXXXX XXXXXXXX XXXXXXXX XXXX----
>>>       
> ...
>   
>>> WithSMTP: total 19594 ( 207.8/day) 345 nets [ May  5 06:41 -- Aug  7 13:22 ]
>>>  0.0 -------- -------- XX------ -------- X------- -------- XXXX---- -------X
>>> 16.0 -------X X------- -------- -------- XXXX---- -------- -------- --------
>>> 32.0 XX------ ----X--- -------- -X------ -------- -------- -------- --------
>>> 48.0 -------- -------- -------- -------- -----X-- XXXXXXX- X-XXXXXX XXXX-XXX
>>> 64.0 XXXXXXXX XXXXXXX- XXXXXXXX XXXXXXXX XXXX---- X-XXX--- -------- --------
>>> 80.0 XXXXXX6X XXXXXXXX XXXXXXXX XXXXXX-X XXXX-XXX -------- -------- --------
>>> 96.0 -------- -------- -------- -------- -------- -------- -------- --------
>>> 112.0 -------- -------- -------- -------- -------- -------- XX--XXXX --------
>>> 128.0 XXXXXXXX XXXXXXXX XXXXXXXX -XXX---- --X-XXX- X-X-XXX- -XXXXXXX -XXX-X--
>>> 144.0 XXXX---X -XX-XXXX -X-XX-XX XXXXXX-X XX------ X---XX-X -X---XX- XXXX-XX-
>>> 160.0 XXX-XX-- XX--X--- XX-XXX8X XX---XXX XXX---XX -X-X-X-- -------- --------
>>> 176.0 -------- -------- -------- -------- -------- -------- -------- X-------
>>> 192.0 XXXXXXXX XXX41XXX X--X---- XXXXXXXX XXXXXXXX X3XXX2X7 XXXXX-XX XXXXXXXX
>>> 208.0 XXXXXXXX XXXXXX0X XXX9XXXX X------- XXXXXXXX XXXX-XXX -XXXXXXX XXXX----
>>>       
> ...
>   
>>> Non-SMTP: total 100000 (0000.X/day) 374 nets [ May  5 06:43 -- Aug  7 13:21 ]
>>>  0.0 -------- -------- X-XX---- -------- -------- -------- XXXX---- --------
>>> 16.0 -------X -------- -------- -------- 5X9X---- -------- -------- --------
>>> 32.0 -------- -------- -------- -X------ -------X -------X -------- --------
>>> 48.0 -------- -------- -------- -------- -----X-- 1XXX8XX- X-XXXX3X XXXXXXXX
>>> 64.0 XXXXXXXX XXXXXXX- XXXXXXXX XXXXXXXX XXXX---- XXXXXX-- X------- --------
>>> 80.0 XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX X------- -------- --------
>>> 96.0 -------- -------- -------- -------- -------- -------- -------- --------
>>> 112.0 -------- -------- -------- -------- ----XXX- -X-XX--- XXXXXXXX --------
>>> 128.0 XXXXXXXX XXXXX-XX --XXXXXX XXXX---X --X-XXXX -XXXXXX- -XXXXXXX -XXX-XXX
>>> 144.0 -XXXX--X -XX-XXXX XX-X--X- XXXXXXXX XX--X--- X----XXX XXX-XXXX XXXX-XXX
>>> 160.0 XXXXXXX- XXX-XXX- -X--XXXX -XXX-XXX -XXX--XX XXXX-X-- -------- --------
>>> 176.0 -------- -------- -------- -------- -------- -------- ------X- X-------
>>> 192.0 XXXXXXXX XXXXXXXX X--X---- XXXXXXXX XXX7XXXX XXXXXXXX XXXX-XXX 2XXXXXXX
>>> 208.0 XXXXXXXX XXXX6XXX XXXXXXXX -------- XXXXXXXX X0XXXXXX X4XXXXXX XXXX----
>>>       
> ...
>   
>>> CallBack-Error: 100000 (0000.X/day) 374 nets [ May  5 06:43 -- Aug  7 13:21 ]
>>>   CantConnect: 100000 (0000.X/day) 371 nets [ May  5 06:43 -- Aug  7 13:21 ]
>>>    NoResponse:  2380 (  25.3/day) 176 nets [ May  5 08:47 -- Aug  7 12:23 ]
>>>   BadGreeting:   283 (   3.1/day)  66 nets [ May  7 05:02 -- Aug  7 10:23 ]
>>>   BadResponse:  2169 (  23.1/day)  90 nets [ May  5 16:55 -- Aug  7 12:32 ]
>>>       
>
>
> In message <_A3452@delegate-en.ML_> on 08/07/06(02:34:31) I wrote:
>  |In message <_A3450@delegate-en.ML_> on 08/07/06(01:46:13)
>  |you Martin Papadopoulos <payeabdyi-4z7oftckab5r.ml@ml.delegate.org> wrote:
>  | |for example mails from mxpool*.ebay.com
>  | |
>  | |i could send you a prepared log file for analysis if you want to.
>  |
>  |Your mail including the whole REJECT list was posted to the open forum
>  |forwarded via feedback@delegate.org, so I removed it from the spool.
>  |
>  |Well, your REJECT list includes a line as this:
>  |
>  |  REJECT=*:*:*.*IP.rima-tde.net
>  |
>  |This matches with any host because "wild-card" in the HostList does not
>  |support a general "regular expression".
>  |By the way, I found it with the "Access Control Simulation" mode newly
>  |introduced to be released in 9.2.4-pre13 :)
>
> Cheers,
> Yutaka
> --
>   9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
>  ( ~ )  National Institute of Advanced Industrial Science and Technology
> _<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
> Do the more with the less -- B. Fuller
>
>   



  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V