NSLM (nslm) wrote,

Spam holes,

Last night I ended up having a discussion with a friend of elmyra who's staying on our floor at the moment. The discussion went over all sorts of topics, but the interesting one centered on "spamholes". The system they've got set up isn't quite what we ended up coming up with, since at the time I hadn't read the site, the topic came up and we started bouncing ideas.

As we could see, spammers tend to use open relays, how do they find such things? Port scanning, and trawling MX records. So what could be done about this.... You'd need to find a way to "contaminate" the MX records, which would be a large problem in and of it's self. BUT, you'd also need to find a way to do something about the random portscanning.

Who LEGITIMATLY attempts to connect to port 25, if they're not your ISP checking for open relays? Assuming that your MX records are set up properly, and don't point to your "spamhole", NO-ONE. And you'd hope that any portscanning by your ISP would be from a machine OTHER than their MailServers, so if they got blacklisted by mistake, oh well.

So you'd end up with a list of IPs from which spam originates, hmm RBL time. (Probably time limited so that people can become un-listed) This list would include trojaned machines and actual spammers.

You'd also end up with a PERFECT source for training things like Vipul's Razor, Pyzor, DCC`, etc.

This wouldn't eliminate spam, BUT it would increase the effectiveness of other tools like spamassassin, and you could possibly just the RBL as a method for 550-ing on your real email servers.

This solution just seems to elegant, we must've missed something, but can anyone think what?

(BTW you wouldn't let ANY mail actually past the "spamhole")

  • Wierd and wonderful Kerberos Errors

    Got called out last night because most of our services stopped letting people in. Kerberos was giving the wonderful error: "Server's entry in…

  • Training

    A month or so back I was supposed to be going on a Red Hat training course in London ( RHS429) unfortunately this got cancelled as only 2 people had…

  • Perl

    In the middle of writing some perl test cases for code I've been writing (Trying to avoid writing the rest of the documentation) Failed 4/15 test…

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded