Slashdot Mirror
Postfix's Creator Outlines Spam Solution
SATAN writes "Wietse Venema started out as a physicist, but became interested in the security of the programs he wrote to control his physics experiments. He went on to create several well-known network and security tools, including the Security Administrator's Tool for Analyzing Networks (SATAN) and The Coroner's Toolkit with Dan Farmer. He is also the creator of the popular MTA Postfix and TCP Wrapper.
SecurityFocus chatted up Venema to talk about software security, how to improve the code quality, what solutions we might have to fight spam successfully, the principle of least privilege, and the philosophy behind the design of Postfix. Venema is currently a researcher at IBM's T.J. Watson Research Center."
You can do this with spf, but that have not solved the spam problem.
Visit http://www.crunzh.com/ for free software. Mac/Lin/Win
That's because there's very little actual use of SPF. I can do with it X.509 certs (Thawte do free e-mail certs at https://www.thawte.com/secure-email/personal-email-certificates/index.html - highly recommended), or GPG, as well, but the problem is getting uptake high enough for it to work.
(x) Spammers can easily use it to harvest email addresses - How do digital signatures allow easy harvesting of email addresses?
(x) No one will be able to find the guy or collect the money - If the signature doesn't validate, the message never even gets to your inbox. Yeah, people can still send bogus-signature messages, but they wouldn't get to anyone.
(x) It is defenseless against brute force attacks - Of what nature? Few organizations on this planet have the resources to brute force a valid bogus digital signature, and no one can do it on the sort of scale you'd need to send spam.
(x) Microsoft will not put up with it - Microsoft actually suggested a variant of that approach, except server-signed rather than user-signed.
(x) The police will not put up with it - 100% traceability of every message? They've wanted that for years. Now, if enough people realize it takes no more effort to actually send encrypted mail over merely signed mail, we could have a problem, but the GP didn't go that far.
(x) Requires too much cooperation from spammers - How? It depends on the fact that spammers can't cooperate.
(x) Requires immediate total cooperation from everybody at once - Easy to obtain, in that we really only need the mail server admins to cooperate, then everyone (who wants to get their email) will play along pretty damned quick.
(x) Many email users cannot afford to lose business or alienate potential employers - So they would cooperate even quicker.
(x) Anyone could anonymously destroy anyone else's career or business - How do you anonymously send a signed message?
(x) Laws expressly prohibiting it - Clinton actually made digital signatures legally binding under US law... So quite the opposite.
(x) Lack of centrally controlling authority for email - There, we agree. This would require a community rather than central effort.
(x) Asshats - Simply wouldn't get (or receive) mail.
(x) Jurisdictional problems - The GP didn't suggest a legislative solution, so not applicable.
(x) Willingness of users to install OS patches received by email - No one can save those who lick plugged-in lamp cords.
(x) Armies of worm riddled broadband-connected Windows boxes - Can spam as much as they want, it will never get read.
(x) Eternal arms race involved in all filtering approaches - Unless someone finds a trivial crack to RSA, not applicable.
(x) Extreme profitability of spam - Irrelevant.
(x) Joe jobs and/or identity theft - Would require either knowing their private key, or even in the easiest case, physical access to their machine.
(x) Technically illiterate politicians - Have IT staff paid to make sure the bits flow.
(x) Dishonesty on the part of spammers themselves - Once again, irrelevant, this does not require any cooperation on their part.
(x) Bandwidth costs that are unaffected by client filtering - We already get tons of spam, that wouldn't really matter, but it would get better as the spammers eventually give up.
(x) Outlook - To repeat, MS already proposed something similar.
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical - Because of naysayers, not because of any real barriers to implementation.
(x) Blacklists suck (x) Whitelists suck (x) We should be able to talk about Viagra without being censored - Which all have what to do with signed mail???
(x) Countermeasures must work if phased in gradually - Like IPV6 or changes to daylight savings time?
(x) Why should we have to trust you and your servers? - You shouldn't - So block me, you'll know with 100% certainty who you've blocked.
(x) Feel-good measures do nothing to solve the problem
greylistd is an option, though I haven't tested it thoroughly. For those not familiar with it, greylistd works alongside your MTA and rejects ALL incoming e-mails on their first attempt. On the second attempt after some time has passed*, it accepts the email and whitelists that IP/sender for a user-specified amount of time (defaults to 60 days I believe?).
The idea is that spambots do not attempt to redeliver rejected emails, whereas regular "legit" mail servers do. When an email is greylisted, the MTA sends back a special response similar to a rejection, though it does indicate that it's a greylist response. I can see that spambots will eventually get around this by attempting redelivery, I would think. So I don't see greylisting as a long-term solution, but I'd welcome any comments on this.
By the way, if anyone knows a sure-fire way to get spam mail sent to a particular email address, please reply to this comment and let me know. I need a real-world test.
*I noticed most servers attempt to send again within 15-20 minutes; that is also rejected as I suppose the greylist server thinks that's too soon...?
How often do you get spam where the "From" address is someone you know? Nothing is stopping you from doing this today - in fact there are many packages providing "greylisting" which improves on it by sending a message back allowing the sender to "prove" they are not a spammer - no real spammers take the hassle (if the from address is even genuine).
No greylisting implementation that I know of requires the sender to do anything special to "validate" their e-mail. What you are thinking of is a challenge-response system, and those suck because they create blowback spam.
Greylisting works on the principle that most spam comes from systems that don't follow RFC because they do not retry if they receive a temporary error. The MTA with the greylisting implmentation always returns a temporary "4xx" error code for any e-mail with a "new" sender/recipient/source IP triple and stores the information in a database. The greylist server keeps returning a temporary error for anything that matches this tuple for the configured timeout (usually about 5 minutes). After that, it lets the connection through as normal (where other anti-spam measures may be taken).
This stops most bot networks from sending spam. It still works remarkably well, as I only use that and SpamAssassin with a reject score of 10, and I see about 1-2 spam e-mails per week.
The "flowery" thank-you follow-ups you speak of are actually the norm, not vise-versa. On the Sun Managers list, it was EXPECTED that you post a follow-up to your question, explaining what responses you received, what was correct, what you learned, and who to acknowledge for responding and providing correct solutions. It's the de-facto standard on other lists I'm on, though not to as great a degree. It's a user community, not a help-desk queue.
Victor thinks he's so important that he can demand people not extend the courtesy of saying thank you in exactly the way he wants it, because it wastes his precision brainpower and precious seconds to have to read the message body to see whether to hit the "delete" key. If that's not unbridled arrogance, I don't know what is. I'd be willing to bet he doesn't even do that- I bet he's got a rule that deletes any message with "thank you" in the subject.
The funny thing is, I've seen a couple of Postfix-users posters specifically go out of their way to thank him, not put "thank you" in the subject line, AND cc the list. It's delicious.
Please help metamoderate.
As a system administrator, I can't tell you how many times a failure to receive a customer's e-mail was due to a poorly-configured mail server on the sender's network.
Fixed that for you. I think the number of mis-configured mail servers and DNS records far exceeds the number of mis-configured spam filters.
Reason #1 that spam filters tend to be ineffective: Sysadmins do not fill out the suggested (or even required) information in DNS, FQDN identification strings, etc. Because Admin's tend to get ahead of themselves and do not test for strict compatibility with the RFC standards. A lot of false-positive flagging by spam filters is because messages are coming from unverified sources because of missing PTR records, no SPF / DomainKeys information, Server HELO string containing garbage, etc.
If you setup your mail system with proper forward and reverse lookup addresses (stop using PTR records for your MX address!), proper message routing and anti-splashback, sane retry and throttling settings, SPF / Domainkeys, and HELO identification strings, you will likely have 0 problem sending mail to just about anyone. With the exception of Yahoo.com and BellSouth.net of course as they have drunk squirrels running their filters...)
I always operate off of the rule that my mail servers will comply with the RFC requirements to the letter while sending messages. While accepting messages I have to be a bit more lenient though because the other administrators on the net aren't quite as attentive (or even competent)...
Note: The filters and systems I administer process 30,000 messages daily for multiple domain names at multiple locations. This has been our biggest cause of marking messages as junk incorrectly when we are receiving them. Though less savvy sender system administrators like to blame us for having misconfigured junk mail rules.
He's extremely blunt.
In his defense: He's also Dutch and male. You could say he is double handicapped. (Most Dutchmen, like me, are not very politically correct. It's a cultural thing that tends to offend those not in the know)
This sig is just as redundant as the rest of this posting