Postfix's Creator Outlines Spam Solution

SATAN writes "Wietse Venema started out as a physicist, but became interested in the security of the programs he wrote to control his physics experiments. He went on to create several well-known network and security tools, including the Security Administrator's Tool for Analyzing Networks (SATAN) and The Coroner's Toolkit with Dan Farmer. He is also the creator of the popular MTA Postfix and TCP Wrapper. SecurityFocus chatted up Venema to talk about software security, how to improve the code quality, what solutions we might have to fight spam successfully, the principle of least privilege, and the philosophy behind the design of Postfix. Venema is currently a researcher at IBM's T.J. Watson Research Center."

It's easy

[smartin]

Just get everyone to sign their mail including companies that send you receipts and opted in spam.

I would be happy if I could reject any mail that is not digitally signed and then manage the signed mail by signature.

I lost a lot of respect for Wietse Venema

[SuperBanana]

...once I started reading his replies on the postfix-user mailing list. He's extremely blunt. While many are VERY helpful and detailed, a number are a sentence or two long that, paraphrased, consist of "you're an idiot."

However, he's nothing compared to Victor Duchovni (who works for Morgan Stanley, and is a major poster on the postfix-users list). His signature, and I'm not making this up:

--
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Yeah, you read that right. 11 lines long...and this asshole thinks he's so fucking important, he lectures you about how to thank him so he can delete your acknowledgment/thank you as quickly as possible. He's often more willing to insult than help, and on numerous occasions, comes to the wrong conclusion. Worse still, he often presents his solution with complete authority and confidence, putting the helpless user on a primrose path.

Re:I lost a lot of respect for Wietse Venema

[nyctopterus]

You know, even if you're doing something good, if you do it with ill temper and lack of grace, you're still being an arse.

Not only that.

[khasim]

From TFA:

In my personal opinion, the reliability of email reached its maximum near 1998; it has gone down ever since as the result of increasingly aggressive anti-spam/virus measures. This observation has led me to conclude that the spammers aren't destroying the email infrastructure, it's the well-meaning people with their countermeasures.

I use Exim4 as a pre-processor for a GroupWise system.

This allows me to reject messages during the SMTP connection (no receive and then bounce back) and I have customized the rejection messages to include my phone number. As long as YOUR email admin handles error messages in any sane way, you'll get a phone number to call and talk to the guy who set up the system that rejected your email. I get a call about every other month now.

The real problem is not "aggressive anti-spam/virus measures".

It is that 80%+ of the inbound connections are spam-related. So just about ANY action taken will reduce the amount of spam. But the email admins still need to continually evaluate their processes.