[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: the problem of spam



On Wed, Feb 25, 2004 at 10:38:51PM -0600 or thereabouts, Steven Pritchard wrote:
> On Wed, Feb 25, 2004 at 05:15:43PM -0600, Danny Sauer wrote:
> > At the meeting last night, Steve pointed out that he's rejecting 45% of 
> > the email on a particular server.
> 
> 49% actually.
> 
> > That's terrible.
> 
> Tell me about it.  :-)

it is amazing, isn't it...  spam is my pet project, has been for a long
time. 
 
> > The mail server here at work's more terrible, though. :) Last month, I
> > rejected 88% of the incoming mail as spam.

that sounds about right. It just keeps getting worse. 

> I like using that particular example I showed last night because it
> seems about as scientific a sample as you are going to find around
> here, at almost a million messages per month.

wish I could have been there... 
 
> > This, BTW, is the result of rejecting everything from Korea, some
> > other known spammers, postfix filtering out bad HELO addresses, bad
> > local addresses, etc, and everything spamassassin thinks is spam (for
<snip> 

> Interesting.  I have the threshold there set to 10, which is probably
> why we're "only" rejecting 49% at the moment.  I should probably crank
> it down a few notches...  I have the threshold here set to
> amavisd-new's default of 6.3, and so far that's working well enough
> for me.  (The volume of spam has gone down so much in the last couple
> of days since I put my new mail server into production that it is just
> scary.)

Well, as Steve knows, I use qmail, and djbdns, and with its associated
programs, I block most spam at the SMTP negotiation with a permanent 551.
I also run my own rbl list, both black and white, and block a few
countries altogether, as no one on my six domains use them.. fr / tw / be
/ cn / ni, etc.. I also then reject anyone without a reverse DNS at the
SMTP level... Finally, on many of my email addresses, I use a
challenge/auth tool, and this works perfectly. This list and Silug are
harvested all the time, and it seems many dial-ups try to send me stuff
with these addresses that I use on these lists... Well my C/A will accept
a certain header key from the list only, and challenge any other sending
me mail with this email address... Their email is held in queue until they
respond, or I manually add them to the acceptable email address list... I
usually just drop what was in queue... For lists like these, this always
works.. Outgoing mail to new people also contain a header variable that
the C/A looks for when the email is returned, so that it adds their
address to the C/A's okay db.. It is seamless to the email sender. 

How effective has my multi-layered approach been?  My stats /logs show,
for all my domains, that in the last 2 years, I have had over 240,000 spam
attempts... none have gotten through to the point where I or any user
would see them... To put it another way, if they get in, it is still held
in the queue until I okay / deny it. Some of my users do not use this last
defense of a C/A, but they have not had any spam problems due to the
earlier defenses. I stopped using spamassassin because I have not needed
it.  The only downside, if you can call it that... I spend about 5 minutes
a day updating my DNS-RBL list, which is updated atomically through a db. 

> > --Danny, who finds this interesting and very bothersome, all at the same 
> > time

It is an ever escalating sick game to spammers... I am so glad the new law
is so effective... <g> 

-- 
Gary

Sigmund's wife wore Freudian slips.

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.