Slashdot Mirror

← Back to Stories (view on slashdot.org)

University Capitulates, Switches Off Spam Filters

Posted by timothy on from the spammers-should-be-castrated dept.

Heraklit writes "As reported on German news site Heise, the system administrators of the Technical University of Braunschweig have temporarily given up the fight against spam. Because of the legal obligation to deliver all mail and of the delay time exceeding critical 5 days(!), they decided to switch off all filter mechanisms. Before, the 20 servers dedicated to processing e-mail alone had been breaking down under a load of 100000 unprocessed mail messages, ca. 98% of which had been spam or viruses. ... A similar e-mail jam occurred recently at the IT central of the German Federal Government. Is this the beginning of the end of e-mail?" (The Fish may be useful.)

24 of 470 comments (clear)

  1. Question? by untouchable · · Score: 5, Insightful

    Does anybody know the filtering methods they were using before they decided to toss everything to wind?

    --
    As Seen On TV's? Come back!!!
    1. Re:Question? by dont_think_twice · · Score: 5, Funny

      Does anybody know the filtering methods they were using before they decided to toss everything to wind?

      They had a team of 20 monkeys that would read the emails and determine if they were spam. Unfortunately, the monkeys are easily distracted, so anytime they got spam about banannas, they would lose focus. This lead to the backlog.

      What? you have never gotten bananna spam before?

    2. Re:Question? by Seumas · · Score: 5, Informative

      Simple problems have simple solutions.

      You can increase the threshhold at which you declare spam to be spam. Allows for more misses, but reduces the false positives to, essentially, nothing.

      Or, you can just tag likely spam with ***SPAM*** in the subject and let the user deal with it.

      Or even better, you can direct likely spam into a specific IMAP folder on the server that the user's client can subscribe to and they can glance at their personal SPAM folder on the server whenever they want without having to download all the bodies.

      As someone who personally uses postfix+procmail+spamassassin+razor and recieves 4,000 emails per day, I am currently filtering out 98% of the spam on the server and have had ZERO false positives in two years and 2.9million messages.

      Statistically, you will eventually get some false positives - especially if you have a large userbase (as opposed to just one or two accounts). But if one out of every few million messages isn't acceptable, you can just use one of the previously suggested methods.

      The worst you can do is nothing at all.

  2. I wonder... by BeneathTheVeil · · Score: 5, Funny

    what sort of awful sound the servers made as soon as the filters were turned off? ...I imagine it would be akin to someone who 'just' made it in a mad dash to the bathroom.

    1. Re:I wonder... by Drooling+Iguana · · Score: 5, Funny

      Have you seen Ghostbusters? Remember when the environmentalist guy shut down their containment unit?

      Same thing.

      --
      ... I'm addicted to placebos
  3. Spam And Viruses by FiberOpPraise · · Score: 5, Insightful

    Perhaps just disabling spam filters and leaving virus blocks in place would be a less drastic approach. Detecting spam is non-trivial, but detecting viruses is not. They are easily found and the email should be blocked. This is implemented by my ISP (Road Runner NYC). Emails containing viruses are replaced by a text message warning that a virus was sent to the email address.

    1. Re:Spam And Viruses by slamb · · Score: 5, Interesting
      Emails containing viruses are replaced by a text message warning that a virus was sent to the email address.

      And that warning is so useful. Who do you send it to?

      • The recipients? They don't care.
      • The "senders"? They don't care. (The From: address is forged!)

      These messages are a waste of everyone's time. I get hundreds of worms daily...but I never see them, because they're easy to filter. What I do see are these damned "helpful" messages that "I" sent someone a virus. Those are much harder to filter.

      Much better way: reject viruses in the SMTP transaction. The SMTP client is then responsible for notifying the sender. If that client is a virus or worm, it will do nothing; no one is bothered. If it's a false positive, the sender will get the bounce. Reliable, unobstrusive.

      If you want to filter email politely, you must follow these rules. People who don't cause the rest of us constant headaches. The worst thing is that they don't even realize it.

    2. Re:Spam And Viruses by tomstdenis · · Score: 5, Interesting

      Oh common, the 100s of daily "message has virus" emails I get are very useful. It makes me keep my Gentoo box win32 virus free!

      I once confronted a sysop about this and they told me "if we don't email them back people won't know the message was rejected". Apparently the idea of checking while reading the message never crossed his mind.

      As another poster suggested I just filter out all "warning" emails as junk which helps.

      Tom

      --
      Someday, I'll have a real sig.
    3. Re:Spam And Viruses by Wastl · · Score: 5, Informative
      Much better way: reject viruses in the SMTP transaction. The SMTP client is then responsible for notifying the sender. If that client is a virus or worm, it will do nothing; no one is bothered. If it's a false positive, the sender will get the bounce. Reliable, unobstrusive.

      Two things:

      • in many countries (e.g. Germany) you are actually obliged to deliver a message, regardless of whether its a Virus or not, or at least send the recepient a message that he received an email and can fetch it by some means.
      • your proposal is short-sighted: most viruses are already relayed via several systems before they reach my mail server, so a bounce would be generated in any case; I suspect that this is true for most other systems as well.

      The approach that we take is the following: We mark virus messages with a special header and deliver them in a dedicated folder in the user's mailbox. Most users simply delete all messages in this folder, but then it is their choice, we abide to all laws and do not generate bounce messages.

      Sebastian

  4. 20 servers for only 100,000 messages? by whizkid042 · · Score: 5, Interesting

    Here at the university where I am a sysadmin, we get approx. 100K emails per day and we have no problem pushing them through spamassassin on a single server with dual 2.8 xeon processors. How in the world could this place possibly need 20 servers to process this much mail?!

    1. Re:20 servers for only 100,000 messages? by EvilGrin666 · · Score: 5, Funny

      I bet they run exchange.

    2. Re:20 servers for only 100,000 messages? by dj245 · · Score: 5, Funny
      How in the world could this place possibly need 20 servers to process this much mail?!

      1 server processes spam, 1 processes viruses, 1 is a DNS server. The other 17 process data for the SETI@home German team.

      --
      Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
    3. Re:20 servers for only 100,000 messages? by Seumas · · Score: 5, Informative

      No, Sendmail:

      220 rzcomm5.rz.tu-bs.de ESMTP Sendmail 8.11.1/8.11.1; Mon, 24 May 2004 06:46:39 +0200 (METDST)

  5. Re:First Post by Anonymous Coward · · Score: 5, Informative

    Wait, don't tell me.

    1: They refused to use blacklists to cut the load.
    2: They refused to publish SPF records and use SPF to block all the email forged to look like it's from their domain, significantly cutting the spam load.
    3: They used one of those "commercial-grade" virus/spam mail scanners that's designed to use entirely Bayesian scanning without ever setting time-outs on the generated rules, and which was written for "completeness", not speed.
    4: They forgot to set up a honeypot machine to auto-block spam domains.
    6: They underbudgeted for the servers to actually do the mail handling, forgetting to set up up appropriate MX records with good fallover behavior, so when any of their served domain's MX record listed machine blinked that entire domain went offline.
    7: They're using MS Exchange SMTP servers, which bog down incredibly under load, especially if you run any separate service such as spam processing.

  6. Real Time Blackhole Lists by OldMiner · · Score: 5, Insightful

    Personally, if it were my universtiry, I would prefer they started to use a RTBL. The fact of the matter is, if the likely spam isn't sorted out first, I have to try to discern the stuff entirely by hand. And although I can easily pick out Viagra ads, I have relatives and the occasional acquaintence who send mail that looks awfully like spam. Didn't want to type a subject. Used "hello" as the subject. Didn't configure their mail client properly, so their "replyto" looks crazy. Without some initialy spam filtering, I would miss at least some of these -- in fact, I'd probably miss more mail with no filtering than with a judicious blackhole in front of me.

    Love or hate SPEWS and other kinder, gentler RTBLs, they're better than the present choice. It would certainly reduce the load of these email servers to where it could be more easily handled. And, if nothing else, they couldbe used to prioritize mail. Use Spam Assassin or something else to do some initial tag and filter so that mail coming from Asian IPs or originating from mail servers on cable/ADSL networks gets put into the "slow" processing queue while everything else gets sent down the faster pipe.

    </spouting with little to no knowledge>

    --
    You like splinters in your crotch? -Jon Caldara
  7. Self-Destructing E-Mail helps by MikTheUser · · Score: 5, Informative

    www.spamgourmet.com has always worked well for me. Give your adress to whom you want, receive just as much mail from them as you want.

  8. Beginning of the end? by nurb432 · · Score: 5, Insightful

    No, but its one more nail in the coffin..

    Something has to be done soon or email just wont be practical to have. Between Spam and viruii its overloading a lot of comanines network feed and servers..

    And don't forget the cost of having to maintain antispam and antiviral solutions..

    I know personally where I'm at, we are hitting over 2/3 of all email is spam/virus. ( i hear we drop 10k a day from the black hole list alone )

    At home its 98%...

    --
    ---- Booth was a patriot ----
  9. Re:It's done. by shadow_slicer · · Score: 5, Funny

    "Adding some numbers (*sigh*) helps guard against random address guessing."

    Exactly! That's why I require all my users to use multi-case letters, symbols and numbers as their email address. I also require them to change the address every couple of weeks to a value different than any previous value (in case some spammer has managed to brute force it, or the user has leaked it). This has practically eliminated spam and reduced the mail server's storage usage by 99.9% (though the mail server still has to work really hard sending all those 550's).

  10. Re:blacklists by AtomicBomb · · Score: 5, Insightful

    It is a common misunderstanding. While most web server these spams are pointing to may be located overseas, most of spams are originated from US. Mostly likely from hijacked fast cable/DSL connected home machines.

    You may think it is okay to block email from China or even the whole Asia because you don't know some Asians in person, but please check again where your RAM, mobo, anime etc come from... A lot of companies and university have collaborations overseas as well...

    We don't really have much options left... Basically, you will have to blacklist all the high boardband provider's IP range (rr, earthlink etc)... Sorry, geeks, your email server will no longer work... It is not really an ideal solution. The other idea is kind of similar to secured DNS, ie, mail server retrieves "good IPs" from a central server. Email originated elsewhere are assigned with very low priority or filtered out altogether.

    Everyone needs to be registered with their mail server with the governing body (similar to the domain name idea), say for $100 per IP. It is not that expensive if you really need that... But, prohibitive for spammer... Yes, it makes home run email server more expensive... But, you cannot get a domain name for free anyway. Why should we expect email server to be free? It may be the solution to get the economy of spamming right again.

  11. Wish my university would get rid of filters by foidulus · · Score: 5, Interesting

    I go to Penn State, but since the university feels it has to protect dumb windows users from themselves, I cannot even send or recieve email with the subject, "Hi such-and-such"(Try explaining to a friend overseas who has almost never in her life touched a computer, in her language, why she can't send you mail with that subject) because it might contain the bagle virus. This is the same university that put in a firewall because supposedly too many people on campus had a butt-load of viruses and spyware.
    Yet this same university loves to publish my email address on the web; ensuring I get tons of spam(some even in Chinese!)
    I hate when the community at large has to pay for the transgressions of a few slimeballs and the idiocy of some(not even most) gullible windows users.

  12. No, sendmail by marnanel · · Score: 5, Informative

    7: They're using MS Exchange SMTP servers, which bog down incredibly under load, especially if you run any separate service such as spam processing.

    Nah, it's sendmail:

    $ dig -t MX tu-bs.de
    [...]
    tu-bs.de. 172738 IN MX 10 rzcomm5.rz.tu-bs.de.

    $ telnet rzcomm5.rz.tu-bs.de smtp
    Trying 134.169.9.40...
    Connected to rzcomm5.rz.tu-bs.de.
    Escape character is '^]'.
    220 rzcomm5.rz.tu-bs.de ESMTP Sendmail 8.11.1/8.11.1; Mon, 24 May 2004 04:00:51 +0200 (METDST)
    --
    GROGGS: alive and well and living in
    1. Re:No, sendmail by Cheile · · Score: 5, Insightful

      That may not actually be the server handling the mail though. It's rather common to have a sendmail/postfix mail forwarder on the outside that forwards all mail to/from the Exchange server on the inside.

  13. No false positives? by grahamsz · · Score: 5, Insightful

    How can you know you've had no false positives.

    Have you personally reviewed the 2.9M messages which were filtered out... if you have then i'd question the value of your filtering.

    I know i've occasionally had false positives and i get nowhere near your message volume. My personal favorite is the UK paypal-esque service NoChex which sends emails with the subject line "YOU'VE GOT CASH!!"...

  14. It's a moving target by Cesare+Ferrari · · Score: 5, Insightful

    Because once a solution becomes commercial, the spammers get hold of it and work out how to modify their spam so that it gets through.