Spam Revenge: Stopping Joe-job Floods in qmail

Myself and a colleague were both getting Joe-jobbed yesterday. I had an easy time telling Exim to reject mine at SMTP time, but the colleague receives mail on our only Plesk server, so it’s using qmail. I’ve noticed before that qmail admin tools are primitive and incomplete, so I looked for the appropriate rocks to bang together to put this fire out. (I think I just sprained a metaphor.)

My best attempt so far is to edit the user’s .qmail file to start with a pipe to a command that exit 100s if it detects an error for an email which the user obviously didn’t send (wrong email client or whatever). qmail understands code 100 as a hard error, so I think that should generate an SMTP error, but I didn’t figure out from the logs whether it was SMTP-time or later and my testing was inconclusive. I suspect Plesk will remove my pipe when the user next edits their email account, too. How do qmail/Plesk users not drown in spam?

In related news, I’ve started getting “Challenge Response” emails from users of Merak Mail Server Software for emails I never sent. I’m answering the challenges so that challenge-response users get spam if their server spams me. Challenge-response is evil – I don’t want spam from your mailserver just because you accepted spam that said it was from me. If you are using Merak Mail Server Software, change away now!

One of my current anti-spam tactics is to read my email in batches (which Suw suggests is a good idea) and group messages which look “similar”. Very similar messages appear for very few reasons: people resending messages, mailing list threads, stuff from spam-nets and a few others. Apart from spam-nets, most of the others match one of a few keywords. My current method of doing this is part-automatic and part-human. Are there automated anti-spam tools which exploit this local similarity? I think DCC used to include this idea, but then there were software patents and hoo-ha and I stopped paying so much attention.

Finally, a small discussion has broken out in the comments of Is Yahoo Now Even Worse On Spam? about whitelisting and business-critical uses of free webmails.

This entry was posted in GNU/Linux and tagged , , , , , , , . Bookmark the permalink.