New version of IPFilter and using it to defend against spam.
By avalon on Mar 18, 2006
Earlier today I uploaded version 4.1.11 of IPFilter and along with it a new program to work with "auth" rules in controlling TCP connections. Consequently I put a lot of imagination into the name of this program and called it ipfauth.
My take on spam is I'm sick of the box I use for receiving email having to actually accept the spam it gets sent. I don't want it to even talk to the other end unless I think they're going to send me legitimate email that I want.
So for Mr Spammer, I don't pretend that my mail server doesn't like him by sending back a 450 or 550 SMTP error, rather, I pretend that my mail server isn't there at all. This works on the idea that real mail servers will retry email during very specific windows so that while the initial delivery of mail is impeded, it will get through eventually. Of course this all starts to fall apart when spammers start doing queuing of email that fails in their software.
So to try and counter this I've added in a very simple feedback mechanism that I'll be doing some more investigations with. The feedback mechanism allows for my mail server software to pass the email through spamassassin while it is being dequeued and if it is spam, send a vote back to ipfauth saying that an email from that IP address is to be rejected. If an email gets all the way through, it will receive a different kind of vote saying that the sender's email address supplied me with an OK email.
This is all pretty much in its infancy and at some point I should stop using a very heavily modified smap/smapd and write my own SMTP receiver.