Postfix The Definitive Guide by Postfix The Definitive Guide

Author:Postfix The Definitive Guide [Guide, Postfix The Definitive]
Language: fra
Format: epub
Tags: Informatique
Publisher: O'Reilly
Published: 0101-01-01T00:00:00+00:00

addresses in their database that have been identified as spam-friendly open relays. For

example, if the host at IP address 192.168.254.31 has been identified as an open relay, the

(fictitious) DNSBL service No Spam Unlimited using a domain name of nospam.example.com

creates a DNS entry like 31.254.168.192.nospam.example.com. When a client connects to your Postfix system, Postfix can check the No Spam DNS server to see if there is an entry for the

client's IP address. If the IP address has been identified as an open relay system, Postfix can

reject the message.

Consider very carefully before you decide to make use of a DNSBL service. Many open relays

used to forward spam also operate mail services for nonspamming users. You are very likely to

block legitimate mail in addition to the spam. Also keep in mind that you are offloading to a

third party the responsibility of making important decisions about who can and cannot send

mail to your users. On the other hand, if you're buried in spam, DNSBL services can definitely

help. If you decide to use one, review their service options and policies very carefully. Again, you have to balance your aggressiveness and the likelihood of losing legitimate mail against the magnitude of your spam problem.

11.4.2 Content-Based Spam Detection

In addition to identifying clients, you can often recognize spam by its contents. Certain strings within email messages mark them as likely to be spam ("Our Rates Have Never Been Lower!!").

But trying to distinguish spam by the contents of the message can be problematic. Imagine

that you receive lots of spam offering new house mortgages. You figure you can eliminate most

of it by blocking messages that contain words like "really low interest rate on a new mortgage."

This may indeed block many spam messages, but you might also block a message from your

friend (or one of your user's friends) who just got a great deal on a new house and wrote to tell you about it.

11.4.3 Detection Difficulties

The problem with both client- and content-based techniques to identify spam is that spammers

are constantly finding ways to get around them. There is a sort of arms race going on between

legitimate users of email and spammers. You can compile lists of open relays, but spammers

expend a great deal of effort seeking out new open relays or proxy servers to abuse (and there

always seem to be more of them).

You may discover that you receive a lot of spam with the same return address. You can block

messages that use that return address, but spammers use hit-and-run tactics. They obtain an

email address from one of the free email sites and use that address to send thousands or

millions of spam messages, and then discard it for another. Within a couple of days, you'll

never see the address you listed again.

Even content filters have to adjust for spammers escalating tactics. Some spammers embed

HTML codes within the words of their messages to break up phrases you might filter against. Or

they encode the entire message so that when Postfix scans it for recognized spam phrases,

there are no intelligible phrases. Most email clients oblige users by automatically rendering such messages—decoding or ignoring extraneous HTML codes.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.