Slashdot Mirror
Spam Blocking Engine for OpenBSD
mkeke writes "In a post over at OpenBSD Journal, Theo states that he has written a spam blocker that works with pf and Spews.
It looks darn cool :)"
← Back to Stories (view on slashdot.org)
← Back to Stories (view on slashdot.org)
I assume he means a 450 reply, not a 550? 550 won't make the message stay in the queue, 450 will.
SpamAssassin is nothing more than an advanced filter. This stops the spam before it gets to you and fills up the offending mail servers disk space with it.
Interested in open source engine management for your Subaru?
Err, SpamAssassin isn't exactly what I'd call "low overhead". While it's pretty good at what it does, it still has potential to slow my 32MB mail server to a crawl unless I tell spamd to process only one message at a time.
And that's only filtering my mail.
SpamAssassin has to parse the whole message body, so you've already accepted it. I didn't mean to make it look like it was super low overhead with SpamAssassin, I meant that it's low overhead without it, and that with SpamAssassin you can do a lot more.
I oughtta Preview before Send more often. I type too fast and it gets confused
Conversion Rate Optimisation French / English consultant
Spews is EVIL. Plain and simple. They block IPs based soley on the fact your upstream provider hosts or has hosted in the past, someone the SPEWS "admins" (and I use that term losely) believe to be spammers. It is impossible to get off their list and if you are a customer of C&W you probably have IP space being blacklisted by them. Blocking large blocks of class Cs, just because someone happens to share IP space with an alleged spammer is the WRONG way to filter spam.
Please take a look at http://www.antispews.org for more information before using SPEWS.
It doesn't reject messages. It defers them forever, telling the open relay to "try again later."
This tool is a weapon against open relays. The goal is to fill up the open relay's hard drives by deferring the incoming mail, rather than just rejecting the messages.
Yes, you can do this with other blacklists as well, but nobody seems to be actually doing that.
You can setup SpamAssassin in a site-wide configuration. You could also put it together with MimeDefang and integrate it with Sendmail.
Are you not familiar with the concept of open source? Instead of saying "Gimme Gimme Gimme" you could do it yourself, or even contract someone to do it. If you aren't going to contribute, don't start complaining that others should be contributing more.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
What Theo should be doing, instead of sending a 5xx response (which, by the way, won't keep the message in the spammer's queue; a 5xx is a final rejection) is to redirect spammers' connections to a Teergrube (a spam "tarpit"). If enough people do this, the spammer will be slowed down greatly.
if you actually read the article on deadly.org - it pretty much explains how it costs the bandwidth, disk space and most importantly time (of the spammer) .. Spam assasin simply tosses the mail aside for you. (big difference when your server is getting hit umpteen thousand times by the same spammer).
uh...I can't believe this is modded as "Interesting." The mail server sending the spam will get the 450 error and save the message to try again later, not the mail server of the domain faked in the headers.
jeez, learn the basics of how email works. If all I had to do to DoS your mail server was send it tons of messages and 450 errors don't you think this would be a HUGE problem?
550 is a temporary denial. 553 is a permanent failure (rblsmtpd switch is "-b"). spammers usually just move on to another host if they keep getting 553's. 550s tell them to keep on trying, which is bad on the receiving mail server if you're getting a pretty heavy load.
/23's and /22's of a network that i run, just because abuse@domain.com did not respond fast enough. The only way to get off of that list is to post to a newsgroup, and just hope they read your posting and take off the ban. That means it is a total manual process on their side to remove you.
on a side note, i would advise against using the spews.org list. it is almost impossible to get off of that list. they recently decided to put a few
in my eyes, using something like sbl.spamhaus.org or/and relays.ordb.org is a much better solution. If you are going to go the DNSBL route, and you should, i would advise you figure out how to run your own DNSBL so you can quickly add and remove hosts that are mailbombing your server.
Why read the article when I can just make up a snap judgement?
I use something very similar, MessageWall(.org). This is a smtp proxy with excellent filtering. So no need for something new.
Wrong. Spews maintains multiple listings for various kinds of spam sources and facilitators. See their webpage at http://www.spews.org for more information.
Yeah, but isn't it better when they KNOW their messages aren't making it to the recipient?
These are spammers we're talking about. They're already dealing on the opposite side of pleasant, ethical behavior.
So when an IP range gets banned, they're not going to say "Gee, maybe what we do really IS annoying. We should stop." They'll just move to an unblocked provider and ruin it for the users there as well.
They've already demonstrated that they don't care if they annoy people. Leaving a wake of contaminated ISPs isn't going to bother them.
Actually, antispews.org is likely being operated by spammers, as the Osirusoft FAQ suggests. (If nothing else, they are spammers of USENET newsgroups, since they kiboze for references to "SPEWS" and troll in response, much as Serdar Argic once did with "Turkey".) Naturally, spammers are pissed off at SPEWS, because it is simply put the most effective tool presently in the field for denying spammers access to (1) victims, and (2) willing ISPs to host them. Innumerable spammers have been terminated as a result of SPEWS listings.
There is no conceivable informed controversy as to whether or not SPEWS is effective at getting spammers off the Net. Whether or not SPEWS is a good tool for your site to use as a tool for reducing your spam count is quite another question. In my personal experience (as a security and email administrator for my site, which is a research institution) SPEWS is extremely valuable. I read my mail logs and ascertain that SPEWS usage blocks spam, with a remarkably low incidence of false positives.
In the past week, our incoming mail server has blocked 969 messages on account of SPEWS, with zero reports of false positives from our users. (To be honest, we get about one such report a month, and we whitelist the offending IP address. It's usually in China; we have several Chinese researchers.) Our locally maintained blacklist blocks about twice as much spam, and our use of sbl.spamhaus.org blocks about five times as much -- but that is biased by the fact that we consult those lists before SPEWS, and there is a good deal of overlap between them.
I would not recommend that ISPs who offer email service to their users use SPEWS by default, though it would be a valuable optional service. The DNSBLs I would recommend everyone use are:
These are all low-to-no-false-positives lists which I feel comfortable recommending to every ISP regardless of its stance on SPEWS.
don't believe what you read on SPEWS. some of their records are over *6 months* out of date. probably longer. worst. bl. ever.