Hi! To everybody in this thread who said "C/R is bad idea":
While qconfirm and TMDA will work in most cases, I've read C/R critique here http://en.wikipedia.org/wiki/Challenge-response_spam_filtering and agree it's bad idea in general. I unlike tools like SpamAssassin because if there just a "X% chance" something is spam, then it's mean there always "Y% chance" I'll lose non-spam email. C/R systems have same issues, but it's harder to find out that fact. On Wed, Sep 24, 2008 at 05:40:50PM +0200, Matthias Bethke wrote: > What you can easily do, in order of personal (well, I don't run my own > mail server any more) preference: > - block dialup ranges > - use IP blacklists like SORBS > - use SpamAssassin, possibly with more blacklists like SURBL > - check DomainKeys and/or SPF headers for scoring > - use greylisting I'd like to start from most soft algorithm realized in http://www.datenklause.de/en/software/qgreylistrbl.html It's do greylisting, but not for everybody - it's do it only for hosts which are either blacklisted in RBL or looks like dialup IPs (using regex). This way even hosts blacklisted in RBL will be able to send me email, but only it they have real email queue. This is important for me, because we all fall into RBL, without being spammers, because of different reasons. I've tested this tool, and it pass just about 3 spam email in last 24 hours. It's not a problem for me to kill 3 spam emails per day if I've assurance: _all_ non-spam emails will be delivered to me. P.S. While I'd like this tool's algorithm, I don't really like it's realization - I think it should be much simpler and smaller. So I'll try to rewrite it in that way (also in Perl). And prepare ebuild for installing it. -- WBR, Alex.
pgpVEHJKGP2ti.pgp
Description: PGP signature
