Hello Phillip, > Don't block on catchall. I would guess you have blocked yourself > and/or some of the major email ip addresses that you receive from.
What I did that was preventing XMail from receiving any mail what so ever was adding the ip address of the spammer.tab with /0 instead of /32... oops! > Make a list of the dictionary addresses they are sending to and only > block those by adding the sending ip's in the spammers.tab. I use a > 255.255.255.255 mask on them in the spammers.tab, only blocking the > one ip. I do that too now! > Do this by logging any email addresses that receive email, and then > copy the dictionary ones to the address file for the filter to use. > I ended up with a list of around 400 email addresses. (This is for a > personal domain). Hmmm... what's the difference really? I've set up a postmaster account with a couple of aliases (info, sales, root, etc) and a `fake` mailbox called `spamtrap` which has the catch-all alias (*). All mail for known users will go to either their mailbox or to the postmaster's mailbox. The rest will go through my filter which could add the sender's ip-address to spammers.tab or the recipients email address (non-existent) to a dictionary and then return an exitcode 3 to XMail so it will disconnect without receiving the mail data. I've made a script to generate a dictionary and it's been on for 10 minutes now and I already have 349 names in it! > You need to be careful doing this by making sure that there is no > reason for anyone to send to that email address. Don't block things > like info, postmaster, admin, sales, and so on. Those are common > ones that get spammed that you don't want to block at this level. > Remember that you are blocking saying that if a computer (maybe your > isp's email server) sends to this address I never want to receive > email from that ip address again. Very heavy handed. Yeah, you're right about that of course. > Blocking the dictionary names is not the way to stop all spam, but > it will stop that majority of it if you are targeted. It does take a > day or two to get all the email addresses that are to be blocked, > but it is worth it. It will definitely block most spam. The emails that go through because the mailbox exists will be checked by the services listed in CustMapsList, which will reduce spam by another 50-80%. > And then delete the spammers.tab once in a while, I try to do it > once a week or so. I wanted to trim the spammers.tab file so it won't hold more than 200 ip-addresses or so. > The advantage of the spammers.tab (the way I understand it) is that > if the connecting ip is listed then the connection is dropped > without receiving any data. When you have limited bandwidth you > don't want to receive the entire message before deciding to drop it. That's how I understand it too! Connection should be dropped `soon` after a listed ip tries to connect. -- Henri. - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
