Posted by
michael
on from the unplug-the-ethernet-for-best-results dept.
Dru writes "Here's an article talking about the details
of implementing a network level spam defense
with Qmail. It also talks a little about a new site called
Trustic
which uses a trust system (like Advogato) for
nominating spammer/hostile IP's."
I propose that, rather than changing content, proxies simply add the evil bit to packets from sources that they know to be evil. This can be treated by applications as simply a suggestion, like CSS. Here is how we can set the evil bit---at the proxy level! Mark banner ad transmissions as evil!
I never realized that ole Bill was such a tech expert!
I love qmail.
by
BoomerSooner
·
· Score: 4, Informative
I suggest buying the book if you plan on implementing it. The online version isn't enough (and covers about 1/3 what the printed version does).
Make sure you follow the relay-ctrl section very close. You could be a source of spam if you do it wrong!
Re:Just like always...
by
BoomerSooner
·
· Score: 4, Funny
Lol, it will give the spammers unlimited addresses by which to cover themselves, thereby eliminating the need to hijack others servers.
Or at least that is my interpretation of how IPv6 would affect spam.
Sounds neat, but PGP'ed network sounds better.
by
Creepy+Crawler
·
· Score: 4, Interesting
I though of this when it comes to SPAM:
Have a computer certified by another individual and create a public/private key for that computer. Do this step to create a network of ID's for the servers.
Now, have admins "Sign" a certain public text that allows servers to trust other servers.
If Company X is being real lax (eg: promoting spam), write a revoke key and put it on a few OTHER machines. Thien it'll propigate throught the mail-net to disallow all connections from that MAIL server.
Of course, mail servers and clients would have to have different trust relationships ala ssh.
For them mail geeks: would this be feasible? I could see CPU load go rocket...
--
Mod parent up! by Anonymous Coward (Score:1) Thurs, Nov 31, @13:37
Re:Sounds neat, but PGP'ed network sounds better.
by
Mr.+Sketch
·
· Score: 4, Insightful
If Company X is being real lax (eg: promoting spam), write a revoke key and put it on a few OTHER machines. Thien it'll propigate throught the mail-net to disallow all connections from that MAIL server.
Just curious, how is this different from a blacklist? It sounds like the same concept, just different technology.
Re:Sounds neat, but PGP'ed network sounds better.
by
arth1
·
· Score: 4, Insightful
Having to generate and spread keys and key revocations non-stop sounds like a very high maintenance system.
Well, at least that would give some techies back their jobs, although I'm not too sure they would like their new job...
Regards, -- *Art
Hurrah for blacklists
by
Anonymous Coward
·
· Score: 5, Insightful
now all we need to ask is how long till this "community" service that they provide will take before they start charging $ for querying it just like every other blacklist, making blocking spam a privilidge for the rich (i believe MAPS is over a 1000$ a year)
Re:Hurrah for blacklists
by
qtp
·
· Score: 4, Informative
You're probably right, they will eventually want to charge money, and, IMHO, thier solution looks overly complicated and manipulable (spammers pay for "trusted" members to list them as "trusted").
It would be better if ISPs participated in services like the ORDB, SORBS and Monkeys that have simple network testable criteria for listing open relays. Spews, Spamhaus, and DSBL have reputable lists of usernames and addresses that send spam. If ISPs and admins would participate in projects like these, the spam problem would be greatly reduced. And it seems that these projects are mostly run by admins who are interested in blocking spam, not selling a service.
Why do n't the big players come together and come up with a better protocol instead of people trying these elaborate schemes?
Have a period where you have a parallel system going and then have a cut off time where SMTP servers die.
All it will take is the top ISP's in each country and large corporations to stop accepting SMTP mail and you'ill be sure that everyone else will then fall inline.
Or am I just being too radical?
Re:Distrustful of Network Level Censorship
by
RT+Alec
·
· Score: 4, Insightful
Spam control with RBLs is, in fact, decentralized. There are many RBLs to choose from, and any that are too severe will not be used for long if they generate too many false positives. As a system admin, I have my choice. I use 4 RBLs right now:
spamhaus.relays.osirusoft.com
(this is a mirror of the Spamhaus Block List) Well known spam operations, and is checked hourly.
dialups.relays.osiruSoft.com
(details at OsiruSoft) This list is of DHCP IP addresses of home users (DSL, cable, dial up).
rbl.restongeek.com
I maintain this one myself for anything I want all my servers, primary and backup MX, to block
And there are many more to choose from.
I am very happy with my results, it is a pleasure to see the reports of the mail that is blocked (see my/. journal for a sample report). If I start to think maybe one of these lists is a little too severe, or someone lets me know that there are problems with one or more of the lists, I will delete it and pick another. Or maybe not. It is my choice, I want to keep down the spam on my system, for my sake as well as my clients'.
Re:Distrustful of Network Level Censorship
by
gfody
·
· Score: 4, Insightful
problem is too many of you are deciding TO use it. AOL, Hotmail, MSN to name a few.. the 'want' to filter spam at the server level hurts legit email marketers, inconveniences recipients of legit email marketers, and to the parent's point - creates a target for spammers.
server side email filtering is BAD, BAD, BAD!
what if the US Post Office started throwing out your clearing house sweepstakes and credit card applications before you ever got them? problem is theres two kinds of people in the world.. those that say alright no more junk mail, and those that ask, how do you do that without getting a false positive once in a while?
I know a local business that was hurt badly because the subnet that their ip addresses belonged to was added to a blackhole list. They only bought a few ip addresses and there happened to be a spammer on the same subnet. They never participated in sending spam and were never told that their ip address was blocked. Many of their emails simply did not arrive at their destinations, for no clear reason. They write and sell network security products, intended to help detect and identify hackers or even spammers looking for open relays so that they can be investigated and possibly prosecuted. This was a case where anti-spam technology hurt the near opposite of the kind of people it was meant to. I don't think they ever succeeded in getting their addresses removed from the list. All the time that went by before they knew they were on the blackhole list nearly led them to bankrupty.
There are many problems with using RBLs to block connections. A very good description can be found here: I've found SpamAssassin a fairly good, rather than block messages from RBLs it analysis message content, adds points to messages in RBLs and checks known Spam databases such as Razor and Pyzor. Rules matches are given a score, and messages with a total aggregate score are tagged in the message headers, allowing users to filter these if they want to. A main advantage of this method is that no single rule can flag a message as spam, hence legitimate mail sourcing from the badly configured mail relay has a chance of getting through, and in my mind it's probably a particularly bad idea to block any email unless it's actually addressed to you.
Re:Just junk SMTP? Not Possible
by
Xerithane
·
· Score: 5, Interesting
Its simply too late to dump SMTP. If we would have thought about this 5 or so years ago it maybe would have been possible but now we have so many using this system its inpossible to change to a newer standard.
Just like gopher with http? You can also add a plethora of validation ontop of SMTP. SMTP, as a protocol, isn't bad. It's possible to add validation, to only accept from SMTP servers that use some sort of valid key.
Then you get to keep SMTP, and slowly migrate servers. Setup a non-profit organization for distributing SMTP authentication keys that are unique to the mail server (think SSL) and if the mail comes from that server is spam, you just block that servers key. If the server doesn't have a key, put it into a validation list or send backa response saying they need to use a mail server that supports signed-SMTP.
Easy solution, not a complete overhaul of SMTP. The problem comes in with who signs the certificates, because then you have to trust the source that delivers them. Like Verisign, et al.
Or you could use a better mailer...
by
SuperBanana
·
· Score: 5, Informative
Here's an article talking about the details of implementing a network level spam defense with Qmail
Or, you could just use Postfix, which:
is almost entirely compatible with sendmail. It's pretty much drop-in-and-go.
adheres to RFCs(and there's a warning for any configuration option which would violate said RFCs)
has builtin anti-spam tools- you can turn on, individually, any of a dozen-plus different checks, such as making sure the claimed hostname in the HELO matches the IP the connection is coming from(you can do this several ways), or that the claimed hostname matches the mail-from user@hostname(ie, if you're coming from spammer.com, you're not gonna be able to claim to be joe@yahoo.com), etc. It's also one builtin command to check an RBL.
has a really sharp cookie of an author(the guy wrote tcpwrapper), who isn't widely regarded as an obnoxious twit
is completely free
Personally, I refuse to use any software written by DJB as a matter of principle. The guy flagrantly ignores RFCs because he simply feels like it and arrogantly thinks he knows better(and further that there is benefit to ignoring said RFCs).
Re:Distrustful of Network Level Censorship
by
John+Hasler
·
· Score: 4, Interesting
> Your spam may be my correspondence -- I may want > to get mail from those whose conduct you find > abhorrent.
You _want_ to receive mail from the bastards that are forging my domain in their penis-enlargement ads and fake PayPal confirmation requests?
> Today, a network may responsibly be censoring > only unwanted and unsolicited commercial e-mail. > Next week, the powers-that-be-in-the-networks > start censoring geek news.
I'm the only power that is on my network.
> To protect our liberties, spam control should be > decentralized -- as close to the last mile as > possible.
Can't get any closer to the last mile then right here in my office.
> Yes, of course, this means that the supposed > great harm of spam -- huge volume transmissions > through the network
"Supposed"? More than half my email is spam. And that's on a shared dialup.
-- Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Re:Distrustful of Network Level Censorship
by
Jahf
·
· Score: 5, Interesting
and SPAM is WORSE, WORSE, WORSE!
If you want to receive the junk, don't use one of those services, but I fail to see how someone else choosing -to- is a problem.
Your analogy is flawed. I have a choice to use AOL|Hotmail|MSN|spamassasin|etc and I pay for the connection to download, view, respond and delete my email (not to mention the time it takes out of my day). I don't have a choice whether or not to use the USPO and it takes FAR less of my time to sort out my real mail than it does email.
If SPAM could somehow be filtered out at the router level, then I would agree with your USPO analogy and would be throwing an utter FIT. But it isn't possible (is that a web page or a webmail, is that IMAP, is that secure IMAP, is that POP3, is that email tunnelled over SSH... no way).
Until there is legislation with -teeth- and a way for the little guy to prosecute you are not going to see many people agree with you about server side filtering.
-- It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.
Qmail is NOT FREE
by
SuperBanana
·
· Score: 4, Insightful
qmail is completely free and folks that claim it isn't are just trolls.
Qmail is NOT FREE. Last I looked it was distributed without a license; now apparently it has a license, but one with oddball restrictions. If you don't believe me, do a google search with the keywords "qmail debian legal" and spend 30 minutes or so going through the various discussions.
IP banning is bad
by
Animats
·
· Score: 4, Insightful
Unless you have some way to identify dynamically assigned IP addresses, IP banning hits innocent parties too often.
Every time Joe Sixpack, running Windows XP Home Edition on a DSL line, gets a virus that spams, the next few people to get a lease on that IP address have mail blocked.
Slashdot Mirror
and thereafter all packets from said IP's are market with the Evil Bit.
I never realized that ole Bill was such a tech expert!
I suggest buying the book if you plan on implementing it. The online version isn't enough (and covers about 1/3 what the printed version does).
Make sure you follow the relay-ctrl section very close. You could be a source of spam if you do it wrong!
Lol, it will give the spammers unlimited addresses by which to cover themselves, thereby eliminating the need to hijack others servers.
Or at least that is my interpretation of how IPv6 would affect spam.
I though of this when it comes to SPAM:
Have a computer certified by another individual and create a public/private key for that computer. Do this step to create a network of ID's for the servers.
Now, have admins "Sign" a certain public text that allows servers to trust other servers.
If Company X is being real lax (eg: promoting spam), write a revoke key and put it on a few OTHER machines. Thien it'll propigate throught the mail-net to disallow all connections from that MAIL server.
Of course, mail servers and clients would have to have different trust relationships ala ssh.
For them mail geeks: would this be feasible? I could see CPU load go rocket...
now all we need to ask is how long till this "community" service that they provide will take before they start charging $ for querying it just like every other blacklist, making blocking spam a privilidge for the rich (i believe MAPS is over a 1000$ a year)
quite simple really:
Right here.
Another blacklist (with an appeals process). Run by a guy that made his millons selling eGroups to Yahoo!.
Dunno, this doesn't look too promising.
Any spam measure taken at a server level could induce false positives.
I manage paid-for e-mail e-zines which I mail using PHP and sendmail (read:forged headers until I'm big enough to run my own server).
Wouldn't most server-layer anti-spam measures catch my very suspicious HTML e-zines, even if paid for?
I am the Barber of Seville.
Why do n't the big players come together and come up with a better protocol instead of people trying these elaborate schemes?
Have a period where you have a parallel system going and then have a cut off time where SMTP servers die.
All it will take is the top ISP's in each country and large corporations to stop accepting SMTP mail and you'ill be sure that everyone else will then fall inline.
Or am I just being too radical?
Spam control with RBLs is, in fact, decentralized. There are many RBLs to choose from, and any that are too severe will not be used for long if they generate too many false positives. As a system admin, I have my choice. I use 4 RBLs right now:
- spamhaus.relays.osirusoft.com
- dialups.relays.osiruSoft.com
- dnsbl.njabl.org
- rbl.restongeek.com
And there are many more to choose from. I am very happy with my results, it is a pleasure to see the reports of the mail that is blocked (see my(this is a mirror of the Spamhaus Block List) Well known spam operations, and is checked hourly.
(details at OsiruSoft) This list is of DHCP IP addresses of home users (DSL, cable, dial up).
(extensive details of what's on this list)
I maintain this one myself for anything I want all my servers, primary and backup MX, to block
problem is too many of you are deciding TO use it. AOL, Hotmail, MSN to name a few.. the 'want' to filter spam at the server level hurts legit email marketers, inconveniences recipients of legit email marketers, and to the parent's point - creates a target for spammers.
server side email filtering is BAD, BAD, BAD!
what if the US Post Office started throwing out your clearing house sweepstakes and credit card applications before you ever got them? problem is theres two kinds of people in the world.. those that say alright no more junk mail, and those that ask, how do you do that without getting a false positive once in a while?
bite my glorious golden ass.
I know a local business that was hurt badly because the subnet that their ip addresses belonged to was added to a blackhole list. They only bought a few ip addresses and there happened to be a spammer on the same subnet. They never participated in sending spam and were never told that their ip address was blocked. Many of their emails simply did not arrive at their destinations, for no clear reason. They write and sell network security products, intended to help detect and identify hackers or even spammers looking for open relays so that they can be investigated and possibly prosecuted. This was a case where anti-spam technology hurt the near opposite of the kind of people it was meant to. I don't think they ever succeeded in getting their addresses removed from the list. All the time that went by before they knew they were on the blackhole list nearly led them to bankrupty.
There are many problems with using RBLs to block connections. A very good description can be found here:
I've found SpamAssassin a fairly good, rather than block messages from RBLs it analysis message content, adds points to messages in RBLs and checks known Spam databases such as Razor and Pyzor. Rules matches are given a score, and messages with a total aggregate score are tagged in the message headers, allowing users to filter these if they want to.
A main advantage of this method is that no single rule can flag a message as spam, hence legitimate mail sourcing from the badly configured mail relay has a chance of getting through, and in my mind it's probably a particularly bad idea to block any email unless it's actually addressed to you.
Its simply too late to dump SMTP. If we would have thought about this 5 or so years ago it maybe would have been possible but now we have so many using this system its inpossible to change to a newer standard.
Just like gopher with http? You can also add a plethora of validation ontop of SMTP. SMTP, as a protocol, isn't bad. It's possible to add validation, to only accept from SMTP servers that use some sort of valid key.
Then you get to keep SMTP, and slowly migrate servers. Setup a non-profit organization for distributing SMTP authentication keys that are unique to the mail server (think SSL) and if the mail comes from that server is spam, you just block that servers key. If the server doesn't have a key, put it into a validation list or send backa response saying they need to use a mail server that supports signed-SMTP.
Easy solution, not a complete overhaul of SMTP. The problem comes in with who signs the certificates, because then you have to trust the source that delivers them. Like Verisign, et al.
Dacels Jewelers can't be trusted.
Or, you could just use Postfix, which:
Personally, I refuse to use any software written by DJB as a matter of principle. The guy flagrantly ignores RFCs because he simply feels like it and arrogantly thinks he knows better(and further that there is benefit to ignoring said RFCs).
Please help metamoderate.
> Your spam may be my correspondence -- I may want
> to get mail from those whose conduct you find
> abhorrent.
You _want_ to receive mail from the bastards that are forging my domain in their penis-enlargement ads and fake PayPal confirmation requests?
> Today, a network may responsibly be censoring
> only unwanted and unsolicited commercial e-mail.
> Next week, the powers-that-be-in-the-networks
> start censoring geek news.
I'm the only power that is on my network.
> To protect our liberties, spam control should be
> decentralized -- as close to the last mile as
> possible.
Can't get any closer to the last mile then right here in my office.
> Yes, of course, this means that the supposed
> great harm of spam -- huge volume transmissions
> through the network
"Supposed"? More than half my email is spam. And that's on a shared dialup.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
and SPAM is WORSE, WORSE, WORSE!
... no way).
If you want to receive the junk, don't use one of those services, but I fail to see how someone else choosing -to- is a problem.
Your analogy is flawed. I have a choice to use AOL|Hotmail|MSN|spamassasin|etc and I pay for the connection to download, view, respond and delete my email (not to mention the time it takes out of my day). I don't have a choice whether or not to use the USPO and it takes FAR less of my time to sort out my real mail than it does email.
If SPAM could somehow be filtered out at the router level, then I would agree with your USPO analogy and would be throwing an utter FIT. But it isn't possible (is that a web page or a webmail, is that IMAP, is that secure IMAP, is that POP3, is that email tunnelled over SSH
Until there is legislation with -teeth- and a way for the little guy to prosecute you are not going to see many people agree with you about server side filtering.
It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.
Qmail is NOT FREE. Last I looked it was distributed without a license; now apparently it has a license, but one with oddball restrictions. If you don't believe me, do a google search with the keywords "qmail debian legal" and spend 30 minutes or so going through the various discussions.
Please help metamoderate.
There's got to be a better way.