More Sendmail Hacks
I've been handling mail for some friends, one of which gets a LOT of spam. He's a good litmus test for how to tweak a spam filter to maximum effectiveness.
I'm using a combination of Sendmail, triple-RBL, ordb.org, SpamAssassin (and the milter), and iptables to filter out spam from reaching $USER mailboxes. Here's some recent tweaks I came up with (some with the gentle nudging of others):
# There is no reason to send HTML in email, none. Blocked. HContent-type: $>+Check_Content_Type SCheck_Content_Type Rtext/html $* $#error $@ 5.5.5 $: "555 HTML email denied; use plain text."
# There is no reason for anyone to send a Content-Type of # multipart/alternative. Multipart is fine in the body # or as an attachment, but the generalized header for those # should be text/plain, not multipart/alternative. Blocked. HContent-type: $>+Check_Content_Type SCheck_Content_Type Rmultipart/alternative $* $#error $@ 5.5.5 $: "555 multipart mail blocked; use plain text"
# Likewise for base64-encoded bodies. There is no reason # for the ENTIRE message body to be base64-encoded. Blocked. HContent-Transfer-Encoding: $>+Check_Transfer_Encoding SCheck_Transfer_Encoding Rbase64 $* $#error $@ 5.5.5 $: "555 base64-encoded body blocked; use plain text"
And recently, there is an increase in the number of people being affected by this W32/Sobig@MM trojan, so I blocked that (and another worm) too:
These small changes alone have begun to cut down the number of spam messages that my system(s) will accept for users. A quick grep shows that in the last 2 days, the three tweaks above have successfully blocked 417 separate spam messages that would have otherwise been caught by spamassassin or passed onto a firstname.lastname@example.org ERROR:5.7.1:550 Sobig worm rejected email@example.com ERROR:5.7.1:550 Hybris worm rejected
Any spams that get through these + spamassassin, I block with iptables. It's been doing quite a good job so far. In the last week, my iptables blocks for known spammers has produced 1,291 hits in the logs.
- Things are busy here, but still no permanent employment (427 days, 61 weeks so far). It may be time to call UPS/Fedex/USPS and see if they have any openings. There are definately no technology jobs left here on the East Coast. Depressing.