Hi!

To everybody in this thread who said "C/R is bad idea":

While qconfirm and TMDA will work in most cases, I've read C/R critique 
here http://en.wikipedia.org/wiki/Challenge-response_spam_filtering and
agree it's bad idea in general. I unlike tools like SpamAssassin because
if there just a "X% chance" something is spam, then it's mean there always
"Y% chance" I'll lose non-spam email. C/R systems have same issues, but
it's harder to find out that fact.

On Wed, Sep 24, 2008 at 05:40:50PM +0200, Matthias Bethke wrote:
> What you can easily do, in order of personal (well, I don't run my own
> mail server any more) preference:
> - block dialup ranges
> - use IP blacklists like SORBS
> - use SpamAssassin, possibly with more blacklists like SURBL
> - check DomainKeys and/or SPF headers for scoring
> - use greylisting

I'd like to start from most soft algorithm realized in
http://www.datenklause.de/en/software/qgreylistrbl.html

It's do greylisting, but not for everybody - it's do it only for hosts
which are either blacklisted in RBL or looks like dialup IPs (using regex).
This way even hosts blacklisted in RBL will be able to send me email, but
only it they have real email queue. This is important for me, because we
all fall into RBL, without being spammers, because of different reasons.

I've tested this tool, and it pass just about 3 spam email in last 24 hours.
It's not a problem for me to kill 3 spam emails per day if I've assurance:
_all_ non-spam emails will be delivered to me.


P.S. While I'd like this tool's algorithm, I don't really like it's
realization - I think it should be much simpler and smaller. So I'll try
to rewrite it in that way (also in Perl). And prepare ebuild for
installing it.

-- 
			WBR, Alex.