My mail rejection based on sender domain seems very successful. With just about 60 rules rejecting some countries and large ISP customer blocks, I've cut the spam that gets received from 6000-9000 a day to under 500 a day.
Thursday, 26 October, 2006. 09:27:03 AM
It's amazing to see only about 200 spams in my spam folder this morning. Simply blocking the worst foreign countries and some big cable/DSL provider customer addresses removed most of my spam problem.
My current list of things being blocked is:
Countries blocked
Brazil
Poland
Taiwan
Korea
China
Argentina
Japan
Belgium
Chile
the Czech Republic
Spain
France
Switzerland
Italy
Croatia
Ukraine
Russia
Germany
Norway
Denmark
Hungary
Singapore
Greece
the Netherlands
Sweden
Israel
Portugal
ISP's blocked
Comcast
Road Runner
Verizon
Blue Yonder in the UK
SBC Global DSL
shawcable.net
t-dialin.net
Mindspring
Centurytel
cgocable
gaoland
ATT DSL
netvigator.com. Chinese ISP
bbtec.net. Japanese ISP
bora.net. Korean ISP
Patterns
host names with 3 or more numbers in a row - NNN.NNN.NNN address text or NNN-NNN-NNN address text
host names that contain the string 'dynamic'
host names that contain the string 'pool'
host names that contain the string 'dialup'
Wednesday, 25 October, 2006. 09:47:20 PM
DNS Report is a really cool site I just found which can analyze many different parameters of DNS and produce a report of compliance. I spent a lot of time learning about how DNS works when I set up the pdrap.org domain. The report above indicates that I am all green, which means I did it right.
Wednesday, 25 October, 2006. 08:27:26 PM
I've implemented some custom ACL's in Exim to reject mail at the initial connection which has some specific characteristics. For example, I'm rejecting connections from Brazil, Poland, Taiwan, Korea, China, Argentina, Japan, Belgium, Chile, and the Czech Republic. I don't know anybody in those countries, but get millions of spam messages a year from them. Any human in those countries who needs to contact me can just get a gmail account.
I'm also rejecting all e-mail that originates directly from cable and dsl customers. If your ISP is Comcast, Road Runner, Verizon, SBC Global, or Shaw Cable, then either get a static IP with your own domain and proper reverse DNS, or use the offical MX exchanger provided by your ISP.
The last class of blocks I have in place reject mail which comes from suspiciously named hosts. Anything named with 4 numbers separated by hyphens (123-456-789-123.isp.com) or periods (123.456.789.123.isp.com) is rejected, as that's a very common way to encode the IP address of a host into the host name. Those host names are never offical mail exchangers, so they can be ignored.
These simple steps have made an amazing and immediately noticeable impact on how much spam I receive. I've dropped from more than 1 spam a second to only about 4 a minute.
Wednesday, 25 October, 2006. 02:35:37 PM
Wednesday, 25 October, 2006. 02:21:33 AM
The reverse DNS lookup actually seems fine. The problem was caused by a surge of spam which arrived when I restarted Exim. I received over 2000 spams in about 5 minutes, and I had thousands of exim processes waiting for procmail to go through them one by one. The queue is now down to about 1200 messages, and mail is getting delivered and filtered properly now.
Wednesday, 25 October, 2006. 02:06:30 AM
The reverse DNS check might not be a good idea after all. It's putting a heavy load on my server by waiting for the DNS server to respond. I'm cacheing DNS locally, but it's still not fast. I've got about 1900 exim processes waiting on DNS right now.
Wednesday, 25 October, 2006. 12:13:01 AM
I've upgraded exim on my server from version 3.36 to version 4.50. As part of the upgrade, I enabled some acl checks which I wasn't doing before. The main check that I'm doing now is a RDNS check. If the sender IP address doesn't have a valid reverse DNS entry, the mail is rejected. Most spam that I receive is sent from open relays run by clueless people on dynamic connections, so they don't have any RDNS set up. Mail servers that are properly configured must have proper RDNS, so I'm not rejecting any mail that I didn't want to see anyway. This step is remarkably effective. Exim is rejecting more than one message a second, and nothing has wound up in my spam filter for 45 minutes. My previous solution accepted the entire message and ran it through procmail for spam filtering. Since I was getting more than 200,000 spams a month, the CPU hit on my server was getting out of control. Now, I reject the mail as soon as the spammer connects, skipping all that processing work.
It's rejecting address aliases right now though, which is not right. I want anything at pdrap.org to get to me, but it's just accepting pdrap@pdrap.org for now. I have to fix that.
Monday, 23 October, 2006. 03:00:21 PM
AZSen: Jon Kyl
--AZ-01: Rick Renzi
--AZ-05: J.D. Hayworth
--CA-04: John Doolittle
--CA-11: Richard Pombo
--CA-50: Brian Bilbray
--CO-04: Marylin Musgrave
--CO-05: Doug Lamborn
--CO-07: Rick O'Donnell
--CT-04: Christopher Shays
--FL-13: Vernon Buchanan
--FL-16: Joe Negron
--ID-01: Bill Sali
--IL-06: Peter Roskam
--IL-10: Mark Kirk
--IL-14: Dennis Hastert
--IN-02: Chris Chocola
--IN-08: John Hostettler
--IA-01: Mike Whalen
--KY-03: Anne Northup
--KY-04: Geoff Davis
--MD-Sen: Michael Steele
--MN-01: Gil Gutknecht
--MN-06: Michele Bachmann
--MO-Sen: Jim Talent
--MT-Sen: Conrad Burns
--NV-03: Jon Porter
--NH-02: Charlie Bass
--NJ-07: Mike Ferguson
--NM-01: Heather Wilson
--NY-03: Peter King
--NY-20: John Sweeney
--NY-26: Tom Reynolds
--NY-29: Randy Kuhl
--NC-08: Robin Hayes
--NC-11: Charles Taylor
--OH-01: Steve Chabot
--OH-02: Jean Schmidt
--OH-15: Deborah Pryce
--OH-18: Joy Padgett
--PA-04: Melissa Hart
--PA-07: Curt Weldon
--PA-08: Mike Fitzpatrick
--PA-10: Don Sherwood
--TN-Sen: Bob Corker
--VA-Sen: George Allen
--VA-10: Frank Wolf
--WA-Sen: Mike McGavick
--WA-08: Dave Reichert
Wednesday, 18 October, 2006. 08:13:57 PM
Habeus Corpus is now officially history in the United States, done away with GW Bush's signature. Most people don't seem to know or care. I doubt they could be bothered to look up what it means. Basically, the President can now personally decide to put anybody into prison, as long as he wants, without giving anybody including the imprisoned a reason.
Thursday, 12 October, 2006. 08:09:14 PM
Someone painted "George Bush is a terrorist" on a street in my neighborhood, and someone else then overpainted the word "terrorist" with black paint the next day.
Tuesday, 10 October, 2006. 01:56:03 PM
The last animal to be domesticated is the hamster, in the 1930's.
Saturday, 07 October, 2006. 10:31:30 PM
I had to disable the process that scans spam messages for an IP address and adds it to the database because it was consuming too many resources. All last week the load on my poor little 800Mhz Pentium III server hovered above thirty. The highest I saw the load was 88. The system never slowed down for interactive response, since the problem was blocking on access to the database where the IP addresses were stored.
Friday, 06 October, 2006. 03:03:33 AM
None of the men and women who voted for this bill has any right to speak in public about the rule of law anymore, or to take a high moral view of the Third Reich, or to wax poetic about the American Idea. Mark their names. Any institution of higher learning that grants honorary degrees to these people forfeits its honor. Alexander, Allard, Allen, Bennett, Bond, Brownback, Bunning, Burns, Burr, Carper, Chambliss, Coburn, Cochran, Coleman, Collins, Cornyn, Craig, Crapo, DeMint, DeWine, Dole, Domenici, Ensign, Enzi, Frist, Graham, Grassley, Gregg, Hagel, Hatch, Hutchison, Inhofe, Isakson, Johnson, Kyl, Landrieu, Lautenberg, Lieberman, Lott, Lugar, Martinez, McCain, McConnell, Menendez, Murkowski, Nelson of Florida, Nelson of Nebraska, Pryor, Roberts, Rockefeller, Salazar, Santorum, Sessions, Shelby, Smith, Specter, Stabenow, Stevens, Sununu, Talent, Thomas, Thune, Vitter, Voinovich, Warner.
--Keillor
Sunday, 01 October, 2006. 07:55:02 PM
A cockroach joined Kristiana in her bath yesterday and now she's terrified of the bath.