How do fix a good solution against spam..
Cyrille Lefevre
clefevre-lists at 9online.fr
Sat May 15 04:24:19 PDT 2004
> On 2004-05-14 08:40 -0300, Fernando Schapachnik <fernando at mecon.gov.ar> wrote:
> > As everybody is throwing in their favorite anti-spam solutions, here's mine:
> >
> > http://www.paganini.net/ask/
> >
> > From the home page:
> >
> > ASK takes advantage of the fact that most spammers use invalid or
> > fake "From:" address in their messages. When a new message arrives
> > and the sender is unknown, ASK sends a "confirmation message"
> > back, informing the sender that the original message has been
> > queued, pending confirmation. When the sender confirms (a simple
> > reply), ASK delivers the original message and adds the sender to a
> > "whitelist". Further messages from this sender will be immediately
> > delivered.
>
> (I apologize for posting this O/T message.)
>
> Here's a well-thought-out argument against systems of this type:
>
> Challenge-Response Anti-Spam Systems Considered Harmful
> http://kmself.home.netcom.com/Rants/challenge-response.html
I don't know ask, but I'm using tmda which is configured to NOT send any query.
this way, the offending messages are queued until I release or delete them using
tmda-pending.
so, such tool may not be so problematic, but the configuration or the
implementation
may be :(
the first versions of tmda don't allow to not bounce, the first thing I've done
was to patch tmda to go this way, then I submit the patch which wasn't accepted
at first. the time beeing, it was implemented differently, but the idea was kept
:P
here is the trick :
echo 'ACTION_INCOMING = "hold"' >> ~/.tmda/config
don't know if ask may hold queries instead of bouncing ?
Cyrille Lefevre.
--
home: mailto:cyrille.lefevre at laposte.net
More information about the freebsd-security
mailing list