YazzY.org
Simple Yet Reliable.
:: Homepage :: 
    :: Menu ::




:: The ultimate Spam killer ::
  • How does YazzY.org stops and filters spam that effectively without spending tons of money on it?
    What rules and methods are used to make it so effective?
  • There are few simple answers to that:
    1.: Great knowledge of the involved processes.
    2.: Careful tests and choice of software.
    3.: Sane, well thought and tested SMTP rules.

    Ok, here be dragons...
    What I do is I first filter incoming email on the email router/gateway.
    The software used there is Exim in conjunction with SpamAssassin and Clam AntiVirus.
    There I perform sanity checks on incoming SMTP connections, pattern and bayesian checks with SpamAssassin and perform antivirus scanning.
    The most powerfull tool against spam is a correctly set up MTA, which in our case is the excellent Exim with it's ACL's (access controll lists).
    Here are the "tricks" I use with Exim to make sure nothing unwanted slips through:
    1.: Deny emails unless the sender address can be verified (check if the sender's email address really exists).
    2.: RBL checks.
    3.: Check if the sender forges his HELO/EHLO using our hostname or IP.
    4.: Disallow cerain attachement types.
    5.: Drop emails hiding file extensions.
    There is also tons of tweaking involved to adjust all the other factors in addition to the above ruleset.
    The main, most importand rules are listed above and going into details would be way to technical for this paper.
    Believe me or not, those simple rules stop 99.9% of all the spam coming to my servers.

    There are a few other rules I could have implemented for a more strict setup but since most of the email servers are unfortunatelly misconfigured, I found it more convinient to drop them.
    The rules I droped are following:
    1.: Check if the remote SMTP has a valid reverse DNS record.
    2.: Check whether HELO of the remote SMTP is a FQDN (fully qualified domain name).
    3.: Check whether the FQDN is really exists in DNS records.
    4.: Check whether the FQDN of the server and it's HELO match.
    5.: Check if the IP of the server and it's FQDN match.
    6.: Check if the HELO of the server is in the MX records of the sender's domain.

YazzY


All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2002 by YazzY.org