Re: [tlug] state of the art spam filtering

["Stephen J. Turnbull" <stephen@example.com>]

Curt Sampson writes:
 > On 2010-03-16 09:25 +0100 (Tue), Attila Kinali wrote:
 > 
 > > ...on both primary and secondary MX...
 > 
 > Can you define what you mean by "primary" and "secondary" MX? Is there
 > actually any difference between these servers, besides the priority in
 > the DNS?

The primary is where data about user accounts are.  Secondaries are
backups that don't have that data.  This distinction is really
important for greylisting.

 > > A nice and cheap filter that also catches quite a lot is the
 > > requirement to have a valid FQDN in HELO/EHLO (though it does not have
 > > to resolve).
 > 
 > If it doesn't resolve, how do you know that it's a valid FQDN?

The definition of FQDN used by most MTAs is "a syntactically valid
email address whose domain portion contains at least one period, and
isn't localhost or localdomain (qualified or not)".  This does rule
out a fair amount of spam, but it also catches n00b admins.

 > the rest I rely on the following SMTP client RBLs, which have done an
 > excellent job for me:

How do you know they've done an excellent job?  (Especially given that
we know your definition of "excellent" includes "very few false
positives"!)

 > That still leaves me with a hundred to two hundred spams per day, all
 > but a few per week of which are caught by spamprobe, which is a Baysean
 > filter.

Note that with a milter you can "550 Administratively denied" after
looking at the DATA.