Slashdot Mirror
Spam Blocking Engine for OpenBSD
mkeke writes "In a post over at OpenBSD Journal, Theo states that he has written a spam blocker that works with pf and Spews.
It looks darn cool :)"
← Back to Stories (view on slashdot.org)
← Back to Stories (view on slashdot.org)
This is just a lightweight SMTP server which takes over anyone who is SPEWS listed and rejects them. A decent server like Postfix + amavisd & SpamAssassin will already do this with little overhead.
More reinvention of the wheel, I fear.
Conversion Rate Optimisation French / English consultant
Can anyone explain why you wouldn't just use SpamAssassin?
Once the spam is in your system then your bandwidth, disk space and other resources have already been consumed by the spammer. This prevents the spam from ever coming into your network and put the burden of the load back on the spammer's shoulders.
Damn fine work.
Trolling is a art,
Thanks for the link. I'll confirm that Spews is not the way to go. Well, it depends on whether your goal is to block spam for your users, or just to piss people off.
If you're a network admin and you want to block spam for your users, try something else.
If you just want to piss people off, Spews is great. My personal mail server (very kindly hosted for me for free on a friend's network) was put on Spews' blacklist. My server has never in its lifetime sent a single spam, of course. But Spews had found four (count 'em) examples of spammer websites (not spam-sending machines) on the IP blocks owned by the people who my friend bought access from, twice removed. Because of these four claimed spam websites, Spews put FOUR CLASS A's on their list.
That's right -- a quarter-million IP numbers were blocked because they didn't like the policies at four IP numbers.
Wait, did I say four? When I checked up on them, two had already moved to other providers, one I couldn't find, and only one was still there. So my server, and a quarter-million others, were being blocked because the Spews people disagreed with one solitary website. Hosted by a company that I have no relationship with.
It goes without saying that attempts to get my server whitelisted failed.
And I do question the value of their blocking my mail server. Like I said, I was being hosted for free just because I have helpful friends... my moving to another network actually saved them money!
Somehow, I think most net administrators, if they knew that Spews' purpose was political and not technological, would be less likely to use it. There are plenty of other blacklists out there. What are the good ones that don't hijack your networks to apply political pressure?
Using spews is going to cause third-party distress.
Some people take their .sig way too seriously
Works great for me, thank you DJB! Here's a summary of the spamhouses I've blocked (with a 553 error code) over the past few hours. These never even touch spamassassin.
1 57-- formulatedmail.com1 28-3.stanfordintl.co m- 1 .61-1 1.22-mail.dmx4.comm 2 .15-. 176-mtsbp512.email-deliveries.net 5 .162-0 .206.207.206-200-206-207-206.terra.com.br. 115.56-mail16.justforyou-mail.comp assionup.com. com
64.70.22.99-outbound1.lamailer.com
209.236.32.
216.19.164.127-127.opti9.com
65.126.119.178
64.201.128.3-netblock-64-201-
66.216.111.187-mail213.rm23.com
63.96.237.154
216.109.73.35-om40.yourmailsoure.com
211.90.19
204.73.107.103-
209.189.49.102-
209.123.1
216.19.163.204-204.sbase30.co
63.70.105.139-ntls1.digitalriver.com
66.197.16
209.47.251.15-smtp5.rapid-e.net
209.236.57
202.103.64.43-
66.216.116.78-mail153.myfunsleuth.com
65.107.19
209.213.210.18-mailer18.labeldaily.com
20
66.216
64.119.213.95-
66.216.107.233-mail233.dealdelivery
I want to delete my account but Slashdot doesn't allow it.
I won't go into the validitiy of using SPEWS as a blocklist - there are good arguments pro and con there.
... s... l... o... w... l... y...
But here's a twist to the basic idea:
Given the the email sender is in $BLOCKLIST, have the filter daemon give the 450 response
v... e... r... y...
Combine a teergrube with the 450 response to fill up both their mail spool AND their socket connection table.
(For those who don't know, a teergrube (tarbaby) is a mail server that response slowly to a spammer, the better to tie up his connections).
Now, not only will the open relay's mail queue fill, but it will run out of (file descriptors|sockets) and choke on that too!
www.eFax.com are spammers
At my last job, that is exactly the conversation I had. My boss said: We get too much spam here, do whatever it takes to stop it. I said: Sure, I'll have qmail do some rbl polling before accepting mail. Worked great for about a month...cut roughly 50% of the spam that network received. Then, boss says: Why can't I get email from ebay seller X? I say: Oh he's rbl'd...we don't take mail from there. He says: Ok, turn off the rbl.
After that, I turned on my own bayesian filtering and said F the rest of the network/users.
-Ben
I don't see how it's wrong to send it back to the open relay. They are saying, "Here, have this," and you are just replying, "Not right now, thanks." That's perfectly valid use of SMTP codes. It's not like you launch an attack every time you get email from these relays, you're just telling them you don't want it right now. The idea is just to take the pain of SPAM away from the user and give it to the ones responsible (to some extent) for it. The open relays caused it, they should deal with it.