I cannot find the page now, so I guess you're right. As of a couple of months ago, they were mentioning that $50 per year was an appropriate payment for use in a small business organization.
I have been using relays.osirusoft.com in my Postfix configuration and also with SpamAssassin for the last few days. I've been unable to access relays.osirusoft.com at all since 6:15 A.M. New York time on Monday 8/25. I checked my mail logs and no messages were bounced because of their supposed blocking of the whole world.
Microsoft could probably produce an update for all versions of Windows, that people would need to install, that would make all future updates automatic.
Another point, with a good filter like SpamAssassin that scores the spamminess of e-mail, you can pretty safely throw away anything with a high score, so you really only have to review the messages that are very likely spam, not the stuff that is most definitely spam.
Also, having really good filters or blocklists in place makes it possible to receive/review your e-mail on a wireless device or a low-bandwidth dialup connection from a remote city. Without good technical solutions to the spam problem, spam would make using wireless devices very expensive and a major waste of time.
Will you please update your software so that it does not generate bounce messages when it finds instances of viruses that fake the sender's address? Why would you not have this feature in your software already?
How do you run out of TCP ports? If my Web server has 1,000,000 requests pending, they may be coming from random ports on various IP addresses, but they're all coming to port 80 on my machines' IP addresses.
One of my biggest annoyances is that there is no smv command, the mv equivalent of the scp command.
Mandrake 9.1 RAID configuration requires reboot after adding partitions, then you need to specify a lot of the manual partition setup information over again.
RedHat 9.0 installation corrupts the RPM database frequently so that no further installation is possible. Only found two other reports of this problem; I guess I'm pretty special!
Dependency problems with older versions Linux. For example, wondering if I can updgrade Python in order to install some software that requires the latest version, without breaking something else that requires Python.
Those technical and economic reasons that make Linux distributions appealing also make the BSD distributions appealing. If I could no longer use my Linux server, I would use FreeBSD instead, not switch back to a Windows server or buy a Sun machine. I would do the same thing for my clients that use Linux servers: migrate them to FreeBSD. This whole legal onslaught by SCO might be a good reason for some management to reconsider GNU/Linux deployments for the time being, but there's no reason not to use GNU/*BSD instead. I'm not going to be deterred in my use of Linux, though, and I will tell anyone who asks me for an opinion that I think SCO is full or shit.
Re:not the answer - you got that right!
on
Replacing SMTP?
·
· Score: 1
I'm also not sure how I would have the system pass the problem from the recipient back to the sender's client program, and then pass the solution from the sender's client back to the recipient. Maybe use some special type of message that will pass through the sender's e-mail server. I would not require the sender's e-mail server to perform the calculation unless it's say a company who wants that function to be server-based.
As someone who has my e-mail address on my Web site, I try to answer as many questions as I can that people send me. Frequently, the e-mail replies I send bounce back to me because the person did not configure their e-mail software correctly, or their configuration changed recently. Do these people wonder why they send messages and never get any replies? I wonder! Anyway, if the protocol could help with this problem by exchanging some information up front, by verifying the e-mail address of the sender, that would be great.
Re:not the answer - you got that right!
on
Replacing SMTP?
·
· Score: 1
I'm not sure it's important to include information about the intermediate relays that the message has passed through, until you decide that want to accept the message based on the very basic header information (from, to, date, subject) and the signature.
I would not have the system require that people on my whitelist (which would include everyone who I have corresponded with before) perform those calculations. I would only have unknown senders perform those calculations. I'm not sure how I would design this calculation feature into the standard if it were up to me. Maybe your e-mail server could send out a very small and simple Java program that the sender could try to run. You can decide how complex the task is that you want unknown senders to perform in order for them to have the privilege of sending you an e-mail. If the program takes too long for their server to run, then they can give up. I think it would be neat if there was some way like this to implement an automated challenge-response system. Instead of having to manually go to a Web page and type in the letters and numbers from a blurry graphic image, you can say that it's worth up 30 GFLOPS of my computer's resources to have each of my messages go through to the people who I have not corresponded with before.
This doesn't eliminate the problem of spammers using zombie PCs to perform these calculations, but it would certainly slow them down. If spammers had to buy powerful computers in order to perform these calculations, that would be a disincentive to spamming.
Re:not the answer - you got that right!
on
Replacing SMTP?
·
· Score: 2, Insightful
I think the spam situation is going to get so bad that everyone is going to have to move to a system where messages are cryptographically signed in order to vouch for their authenticity, and where being whitelisted will be important in order to bypass the otherwise stringent checks required. I think that the sender should basically send a signed copy of the headers of the message, and that would allow the e-mail system to decide if it will accept the message or not. When signatures appear on your whitelist, you can pass the messages right through to the recipient. I think the headers should include the overall size of the message, so that administrators can limit messages based on their size: maybe they want to accept messages from untrusted sources only if they're less than 2K in size, for example. I think the new e-mail protocol should have an option to ask for payment by having the sender perform an operation whose results can be checked easily but that requires a certain number of GFLOPS to complete: maybe some sender is not known to you, but you're willing to accept up to 8K from them if their Pentium-class computer spends 15 seconds calculating some problem.
Re:not the answer - you got that right!
on
Replacing SMTP?
·
· Score: 2, Insightful
I believe in Baysian filtering, but it requires accepting and processing the entire message. As spam gets to be a greater and greater percentage of all e-mail, it's going to take more processing power to process it unless it's categorized quickly. It would be nice if any future solution did not require you to accept the entire message up-front.
I don't really know what they do, if anything, about the clueless residential broadband lusers who have open proxies that are being abused by spammers. I know that they scan their business broadband customers looking for open relays, though I don't know what they do with that information.
But we're not really talking about legitimate customers whose resources are being abused by spammers, because I don't know of any major list that blocks netblocks because of open relays or open proxies in the vicinity. We're talking about actual spammers using addresses on their network, and those addresses being blocked because they're used by spammers, and the entire netblock being blocked in a political protest against the ISP for it's having hosted spammers, inadvertently or not. If you blocked the netblocks of all ISPs who do not have an aggressive policy of prohibiting their customers from exposing exploitable resources like open proxies, open relays, spam-relaying virus-infected PCs, or other spammer-friendly resources, then that would block way too much e-mail for most users. I agree that AOL Time Warner/Roadrunner should do something about all these problems that their customers cause, and so should Verizon DSL, AT&T/Comcast, and everybody else. I wish that I knew how to get them to do that. Blocking the e-mail of my business associates and my client's associates is not good for business!
One trick is to use all of its features. Use its auto-whitelist feature, use its bayes filtering, use its blocklist recommendations (sign-up for spamcop.net and/or mail-abuse.org if possible), and use the collaborative spam message databases (Razor2, DCC, etc.), in addition to SpamAssassin's built-in pattern-based rules.
I use SpamAssassin for one of my clients who lives and dies by e-mail, and it is pretty effective for them. There is an ISP who I deal with sometimes and they also use SpamAssassin. They must not have it tweaked because their scores are much lower than the scores that my client's SpamAssassin installation assigns to the same messages, so there is a lot of variation depending on how you configure its optional components.
In order for the bayes filtering to work well, SpamAssassin needs to have a database of a few thousand messages. I am not sure how well this would work for a large ISP where their customers have such a wide range of non-spam messages, and I'm not sure that the bayes filtering scales very well to large system-wide SpamAssassin installations.
If that's true that it was ruined by spammers, then that's sad, but it was bound to happen, and the people who designed the system should have spent a little time considering this likelyhood. Perhaps if they had a system where you could assign a trust rating to the people rating the servers, then it might solve this problem of people providing dishonest server ratings. Something like PGP implements for recording trust in keyrings. Or maybe if they ran a system like Razor, DCC, or Pyzor, where users could report actual spam, then you could accumulate information about the servers spewing the spam and start blocking addresses based on that.
Dropping your ISP is not an option when they are the only affordable high-speed Internet provider in the area.
I'm guessing that the people at AOL Time Warner/Roadrunner care more about ridding their network of spammers than they care about losing a few customers who don't want to be associated with the same netblock as bunch of spammers who have already moved on. I think lists like SPEWS Level 2 give blocklists a bad name.
I had very similar results when I tried it last Friday. I ran it for about an hour before deciding that what it did block (AOL) was going to cause a lot of false positives.
Yes, you can set that up as long as you have a Windows-based computer available, and either Internet connectivity or a phone line for something like pcAnywhere.
My favorite Linux distribution, Mandrake, is even worse than Microsoft when it comes to supporting their products. Now they only support each version for 18 months. RedHat supports their products with critical updates for 5 years. What is SuSE's policy?
Slashdot Mirror
I cannot find the page now, so I guess you're right. As of a couple of months ago, they were mentioning that $50 per year was an appropriate payment for use in a small business organization.
I think you also need to add this line:
score RCVD_IN_OSIRUSOFT_COM 0 0 0 0
because all those X_OSIRU_* rules add on to the score of this base rule.
I have been using relays.osirusoft.com in my Postfix configuration and also with SpamAssassin for the last few days. I've been unable to access relays.osirusoft.com at all since 6:15 A.M. New York time on Monday 8/25. I checked my mail logs and no messages were bounced because of their supposed blocking of the whole world.
I recommend bl.spamcop.net also although it costs money to use it for business purposes.
Microsoft could probably produce an update for all versions of Windows, that people would need to install, that would make all future updates automatic.
Another point, with a good filter like SpamAssassin that scores the spamminess of e-mail, you can pretty safely throw away anything with a high score, so you really only have to review the messages that are very likely spam, not the stuff that is most definitely spam.
Also, having really good filters or blocklists in place makes it possible to receive/review your e-mail on a wireless device or a low-bandwidth dialup connection from a remote city. Without good technical solutions to the spam problem, spam would make using wireless devices very expensive and a major waste of time.
Will you please update your software so that it does not generate bounce messages when it finds instances of viruses that fake the sender's address? Why would you not have this feature in your software already?
How do you run out of TCP ports? If my Web server has 1,000,000 requests pending, they may be coming from random ports on various IP addresses, but they're all coming to port 80 on my machines' IP addresses.
Mandrake 9.1 RAID configuration requires reboot after adding partitions, then you need to specify a lot of the manual partition setup information over again.
RedHat 9.0 installation corrupts the RPM database frequently so that no further installation is possible. Only found two other reports of this problem; I guess I'm pretty special!
Dependency problems with older versions Linux. For example, wondering if I can updgrade Python in order to install some software that requires the latest version, without breaking something else that requires Python.
Those technical and economic reasons that make Linux distributions appealing also make the BSD distributions appealing. If I could no longer use my Linux server, I would use FreeBSD instead, not switch back to a Windows server or buy a Sun machine. I would do the same thing for my clients that use Linux servers: migrate them to FreeBSD. This whole legal onslaught by SCO might be a good reason for some management to reconsider GNU/Linux deployments for the time being, but there's no reason not to use GNU/*BSD instead. I'm not going to be deterred in my use of Linux, though, and I will tell anyone who asks me for an opinion that I think SCO is full or shit.
As someone who has my e-mail address on my Web site, I try to answer as many questions as I can that people send me. Frequently, the e-mail replies I send bounce back to me because the person did not configure their e-mail software correctly, or their configuration changed recently. Do these people wonder why they send messages and never get any replies? I wonder! Anyway, if the protocol could help with this problem by exchanging some information up front, by verifying the e-mail address of the sender, that would be great.
I would not have the system require that people on my whitelist (which would include everyone who I have corresponded with before) perform those calculations. I would only have unknown senders perform those calculations. I'm not sure how I would design this calculation feature into the standard if it were up to me. Maybe your e-mail server could send out a very small and simple Java program that the sender could try to run. You can decide how complex the task is that you want unknown senders to perform in order for them to have the privilege of sending you an e-mail. If the program takes too long for their server to run, then they can give up. I think it would be neat if there was some way like this to implement an automated challenge-response system. Instead of having to manually go to a Web page and type in the letters and numbers from a blurry graphic image, you can say that it's worth up 30 GFLOPS of my computer's resources to have each of my messages go through to the people who I have not corresponded with before.
This doesn't eliminate the problem of spammers using zombie PCs to perform these calculations, but it would certainly slow them down. If spammers had to buy powerful computers in order to perform these calculations, that would be a disincentive to spamming.
I think the spam situation is going to get so bad that everyone is going to have to move to a system where messages are cryptographically signed in order to vouch for their authenticity, and where being whitelisted will be important in order to bypass the otherwise stringent checks required. I think that the sender should basically send a signed copy of the headers of the message, and that would allow the e-mail system to decide if it will accept the message or not. When signatures appear on your whitelist, you can pass the messages right through to the recipient. I think the headers should include the overall size of the message, so that administrators can limit messages based on their size: maybe they want to accept messages from untrusted sources only if they're less than 2K in size, for example. I think the new e-mail protocol should have an option to ask for payment by having the sender perform an operation whose results can be checked easily but that requires a certain number of GFLOPS to complete: maybe some sender is not known to you, but you're willing to accept up to 8K from them if their Pentium-class computer spends 15 seconds calculating some problem.
I believe in Baysian filtering, but it requires accepting and processing the entire message. As spam gets to be a greater and greater percentage of all e-mail, it's going to take more processing power to process it unless it's categorized quickly. It would be nice if any future solution did not require you to accept the entire message up-front.
But we're not really talking about legitimate customers whose resources are being abused by spammers, because I don't know of any major list that blocks netblocks because of open relays or open proxies in the vicinity. We're talking about actual spammers using addresses on their network, and those addresses being blocked because they're used by spammers, and the entire netblock being blocked in a political protest against the ISP for it's having hosted spammers, inadvertently or not. If you blocked the netblocks of all ISPs who do not have an aggressive policy of prohibiting their customers from exposing exploitable resources like open proxies, open relays, spam-relaying virus-infected PCs, or other spammer-friendly resources, then that would block way too much e-mail for most users. I agree that AOL Time Warner/Roadrunner should do something about all these problems that their customers cause, and so should Verizon DSL, AT&T/Comcast, and everybody else. I wish that I knew how to get them to do that. Blocking the e-mail of my business associates and my client's associates is not good for business!
I use SpamAssassin for one of my clients who lives and dies by e-mail, and it is pretty effective for them. There is an ISP who I deal with sometimes and they also use SpamAssassin. They must not have it tweaked because their scores are much lower than the scores that my client's SpamAssassin installation assigns to the same messages, so there is a lot of variation depending on how you configure its optional components.
In order for the bayes filtering to work well, SpamAssassin needs to have a database of a few thousand messages. I am not sure how well this would work for a large ISP where their customers have such a wide range of non-spam messages, and I'm not sure that the bayes filtering scales very well to large system-wide SpamAssassin installations.
If that's true that it was ruined by spammers, then that's sad, but it was bound to happen, and the people who designed the system should have spent a little time considering this likelyhood. Perhaps if they had a system where you could assign a trust rating to the people rating the servers, then it might solve this problem of people providing dishonest server ratings. Something like PGP implements for recording trust in keyrings. Or maybe if they ran a system like Razor, DCC, or Pyzor, where users could report actual spam, then you could accumulate information about the servers spewing the spam and start blocking addresses based on that.
Dropping your ISP is not an option when they are the only affordable high-speed Internet provider in the area. I'm guessing that the people at AOL Time Warner/Roadrunner care more about ridding their network of spammers than they care about losing a few customers who don't want to be associated with the same netblock as bunch of spammers who have already moved on. I think lists like SPEWS Level 2 give blocklists a bad name.
I had very similar results when I tried it last Friday. I ran it for about an hour before deciding that what it did block (AOL) was going to cause a lot of false positives.
I'm thinking they're definitely_ditzy@Kazaa
Yes, you can set that up as long as you have a Windows-based computer available, and either Internet connectivity or a phone line for something like pcAnywhere.
That can be done with a SQL Server stored procedure, then use SQL Server Agent to run that stored procedure periodically.
My favorite Linux distribution, Mandrake, is even worse than Microsoft when it comes to supporting their products. Now they only support each version for 18 months. RedHat supports their products with critical updates for 5 years. What is SuSE's policy?