Posted by
michael
on from the unplug-the-ethernet-for-best-results dept.
Dru writes "Here's an article talking about the details
of implementing a network level spam defense
with Qmail. It also talks a little about a new site called
Trustic
which uses a trust system (like Advogato) for
nominating spammer/hostile IP's."
I love qmail.
by
BoomerSooner
·
· Score: 4, Informative
I suggest buying the book if you plan on implementing it. The online version isn't enough (and covers about 1/3 what the printed version does).
Make sure you follow the relay-ctrl section very close. You could be a source of spam if you do it wrong!
Not too impressed
by
augustz
·
· Score: 3, Informative
Please remember that the service is beta and will start charging for advanced features once it is out of beta. As usual, worth waiting to see if it goes totally commercial. Looks like they plan to charge to allow listing multiple "trusted" servers.
A fair number of the spams I submitted came from servers that had already been voted on as TRUSTED by other users. In other words, my credability went down by reporting them as spammers.
http://www.trustic.com/ip/219.94.114.6 for example and I've got a fair number of others. Folks are either polluting the space intentionally or being very very sloppy in reporting trusted servers.
Groups like spews have a very nice evidence file, and it gets reviewed by a person. I've generally been impressed with the real community blacklist sites.
Technically the site works great and is super fast. But wouldn't follow the O'Reilly recommendation and pick it as my primary blacklist just yet (even through the guy doing the site worked with the author of the article to make changes.)
My two cents.
That depends upon their methodology.
by
Population
·
· Score: 3, Informative
I use SpamAssassin with Bayesian filtering.
Your forged headers are noted and factored in when determining whether you are spam or not. But by themselves they are not sufficient to mark you as spam.
Your e-zine will tend to have the same format and similar content from issue to issue. The Bayesian filter can detect this and let it through.
I'm running this setup at work for our offices and it works very well. The only real problems we've had is monster.com's resumes. But even that seems to be working now.
There are many problems with using RBLs to block connections. A very good description can be found here: I've found SpamAssassin a fairly good, rather than block messages from RBLs it analysis message content, adds points to messages in RBLs and checks known Spam databases such as Razor and Pyzor. Rules matches are given a score, and messages with a total aggregate score are tagged in the message headers, allowing users to filter these if they want to. A main advantage of this method is that no single rule can flag a message as spam, hence legitimate mail sourcing from the badly configured mail relay has a chance of getting through, and in my mind it's probably a particularly bad idea to block any email unless it's actually addressed to you.
Or you could use a better mailer...
by
SuperBanana
·
· Score: 5, Informative
Here's an article talking about the details of implementing a network level spam defense with Qmail
Or, you could just use Postfix, which:
is almost entirely compatible with sendmail. It's pretty much drop-in-and-go.
adheres to RFCs(and there's a warning for any configuration option which would violate said RFCs)
has builtin anti-spam tools- you can turn on, individually, any of a dozen-plus different checks, such as making sure the claimed hostname in the HELO matches the IP the connection is coming from(you can do this several ways), or that the claimed hostname matches the mail-from user@hostname(ie, if you're coming from spammer.com, you're not gonna be able to claim to be joe@yahoo.com), etc. It's also one builtin command to check an RBL.
has a really sharp cookie of an author(the guy wrote tcpwrapper), who isn't widely regarded as an obnoxious twit
is completely free
Personally, I refuse to use any software written by DJB as a matter of principle. The guy flagrantly ignores RFCs because he simply feels like it and arrogantly thinks he knows better(and further that there is benefit to ignoring said RFCs).
Read Your TOS.
by
Electrawn
·
· Score: 3, Informative
5. Acceptable Use Policy; Prohibited Uses of the Service.
b. Prohibited Uses of the Service: Use of the Comcast Equipment or the Service for transmission or storage of any information, data or material in violation of any federal, state or local law or regulation is prohibited. In addition, unless you are subject to a Service plan that expressly permits otherwise, the Service is to be used, and you expressly agree to use it, solely in a private residence, living quarters in a hotel, hospital, dormitory, sorority or fraternity house, or boarding house, or the residential portion of a premises which is used for both business and residential purposes. Without limiting the generality of the foregoing, the Service is for personal and non-commercial use only and you agree not to use the Service for operation as an Internet service provider, a server site for ftp, telnet, rlogin, e-mail hosting, "web hosting" or other similar applications, for any business enterprise, or as an end-point on a non-Comcast local area network or wide area network.
I'll keep my toungue in cheek for any other comments.
Re:Hurrah for blacklists
by
qtp
·
· Score: 4, Informative
You're probably right, they will eventually want to charge money, and, IMHO, thier solution looks overly complicated and manipulable (spammers pay for "trusted" members to list them as "trusted").
It would be better if ISPs participated in services like the ORDB, SORBS and Monkeys that have simple network testable criteria for listing open relays. Spews, Spamhaus, and DSBL have reputable lists of usernames and addresses that send spam. If ISPs and admins would participate in projects like these, the spam problem would be greatly reduced. And it seems that these projects are mostly run by admins who are interested in blocking spam, not selling a service.
I initially thought spews was completely over the top. My first encounter with them was due to a client's server getting blocked when he inherited some new ip's that had previously belonged to a spammer. I couldn't believe that these people had so much control over so many networks (almost zero mail got out) and that there was NO official or standardized removal procedure. But after reading the FAQ, joining the newsgroup and asking a few polite questions - my client was delisted within a day. Also, the evidence file on these ip's was truly damning.
Their heavy-handed approach seems to be the only way to make a dent in the spam onslaught. I watched employees of major ISP's post to the newsgroup humbly asking for removal only to be told "kick your spammers off and you will be delisted, when we feel like it. You took too long to respond to our notices" As the spews philosophy goes, these people will only pay attention to the problem when it hits their bottom line - i.e. floods of customer complaints and cancelled accounts because no one can send mail from their entire polluted network.
Back to the topic, I have a lot more faith in the hard-headed anti-spam warriors at spews than I do in some touchy-feely "trust network". It sounds far too vulnerable to manipulation and, based solely on some of the comments here, potential market pressure in the future.
Slashdot Mirror
I suggest buying the book if you plan on implementing it. The online version isn't enough (and covers about 1/3 what the printed version does).
Make sure you follow the relay-ctrl section very close. You could be a source of spam if you do it wrong!
Please remember that the service is beta and will start charging for advanced features once it is out of beta. As usual, worth waiting to see if it goes totally commercial. Looks like they plan to charge to allow listing multiple "trusted" servers.
A fair number of the spams I submitted came from servers that had already been voted on as TRUSTED by other users. In other words, my credability went down by reporting them as spammers.
http://www.trustic.com/ip/219.94.114.6 for example and I've got a fair number of others. Folks are either polluting the space intentionally or being very very sloppy in reporting trusted servers.
Groups like spews have a very nice evidence file, and it gets reviewed by a person. I've generally been impressed with the real community blacklist sites.
Technically the site works great and is super fast. But wouldn't follow the O'Reilly recommendation and pick it as my primary blacklist just yet (even through the guy doing the site worked with the author of the article to make changes.)
My two cents.
I use SpamAssassin with Bayesian filtering.
Your forged headers are noted and factored in when determining whether you are spam or not. But by themselves they are not sufficient to mark you as spam.
Your e-zine will tend to have the same format and similar content from issue to issue. The Bayesian filter can detect this and let it through.
I'm running this setup at work for our offices and it works very well. The only real problems we've had is monster.com's resumes. But even that seems to be working now.
There are many problems with using RBLs to block connections. A very good description can be found here:
I've found SpamAssassin a fairly good, rather than block messages from RBLs it analysis message content, adds points to messages in RBLs and checks known Spam databases such as Razor and Pyzor. Rules matches are given a score, and messages with a total aggregate score are tagged in the message headers, allowing users to filter these if they want to.
A main advantage of this method is that no single rule can flag a message as spam, hence legitimate mail sourcing from the badly configured mail relay has a chance of getting through, and in my mind it's probably a particularly bad idea to block any email unless it's actually addressed to you.
Or, you could just use Postfix, which:
Personally, I refuse to use any software written by DJB as a matter of principle. The guy flagrantly ignores RFCs because he simply feels like it and arrogantly thinks he knows better(and further that there is benefit to ignoring said RFCs).
Please help metamoderate.
5. Acceptable Use Policy; Prohibited Uses of the Service.
b. Prohibited Uses of the Service: Use of the Comcast Equipment or the Service for transmission or storage of any information, data or material in violation of any federal, state or local law or regulation is prohibited. In addition, unless you are subject to a Service plan that expressly permits otherwise, the Service is to be used, and you expressly agree to use it, solely in a private residence, living quarters in a hotel, hospital, dormitory, sorority or fraternity house, or boarding house, or the residential portion of a premises which is used for both business and residential purposes. Without limiting the generality of the foregoing, the Service is for personal and non-commercial use only and you agree not to use the Service for operation as an Internet service provider, a server site for ftp, telnet, rlogin, e-mail hosting, "web hosting" or other similar applications, for any business enterprise, or as an end-point on a non-Comcast local area network or wide area network.
I'll keep my toungue in cheek for any other comments.
You're probably right, they will eventually want to charge money, and, IMHO, thier solution looks overly complicated and manipulable (spammers pay for "trusted" members to list them as "trusted").
It would be better if ISPs participated in services like the ORDB, SORBS and Monkeys that have simple network testable criteria for listing open relays. Spews, Spamhaus, and DSBL have reputable lists of usernames and addresses that send spam. If ISPs and admins would participate in projects like these, the spam problem would be greatly reduced. And it seems that these projects are mostly run by admins who are interested in blocking spam, not selling a service.
By the way, MAPS is currently free for individual use (look at the bottom of the page).
Read, L
I initially thought spews was completely over the top. My first encounter with them was due to a client's server getting blocked when he inherited some new ip's that had previously belonged to a spammer. I couldn't believe that these people had so much control over so many networks (almost zero mail got out) and that there was NO official or standardized removal procedure. But after reading the FAQ, joining the newsgroup and asking a few polite questions - my client was delisted within a day. Also, the evidence file on these ip's was truly damning.
Their heavy-handed approach seems to be the only way to make a dent in the spam onslaught. I watched employees of major ISP's post to the newsgroup humbly asking for removal only to be told "kick your spammers off and you will be delisted, when we feel like it. You took too long to respond to our notices" As the spews philosophy goes, these people will only pay attention to the problem when it hits their bottom line - i.e. floods of customer complaints and cancelled accounts because no one can send mail from their entire polluted network.
Back to the topic, I have a lot more faith in the hard-headed anti-spam warriors at spews than I do in some touchy-feely "trust network". It sounds far too vulnerable to manipulation and, based solely on some of the comments here, potential market pressure in the future.
Thanks for listening...