anti-spam, was Re: [XCSSA] Looking for Guidance, Experiences,
Email Services
xcssa@xcssa.org
xcssa@xcssa.org
Fri, 06 Apr 2007 20:51:08 -0500
I think a reliable easy to config live mail server setup would be great.
I have been struggling to get my head around a *nix based mail setup for
years. Just never had the time or directions consistent with versions
etc.. Even conscripted help from more enlightened individuals they get
me so far but ultimately I am the one who has to run it..
I would settle for a usable (for dummies) step by step guide I have
tried a few but always hit glitches that I don't have time to work around..
RD
> On Wed, Apr 04, 2007 at 09:16:25PM -0500, xcssa-admin@xcssa.org wrote:
>
>> Bandwidth: 90% of the incoming bytes on port 25 are spam even though
>> 90% of the connections get dropped at the HELO because of RBLs.
>>
>
> Hrml, not a problem for me, but I only serve a couple of users.
>
> I do graylisting/blacklisting though...
>
> I'm half tempted to create the "ultimate mail server distro".
> Does anyone thing this would be worth putting together?
>
> See my security wiki for some anti-spam stuff I do.
>
>
>> Spam: Most of the 10% that gets past the RBLs and land in valid mail
>> boxes are SPAM. I'm getting tired of updating Spam Assassin and the
>> RBLs every time something new comes out.
>>
>
> I don't use signatures (spamassassin). If I had to use any filtering,
> it'd probably be a combination of hand-coded rules like spamassassin
> (don't need HTML email) for things best recognized by humans, and
> a Bayesian classifier like dspam or crm114 for the bulk.
>
> If I were to offer a commercial mail service I'd have an easy web
> interface for marking things spam/nonspam, which feeds the bayesian
> classifer, and then some shared learning between users; if Joe and
> Mary already marked it as spam, I really don't need to read it.
>
> Of course the user should have full control over how it works.
>
>
>> Search: Gmail's search is awesome. I have found nothing that can
>> search IMAP as fast or as well.
>>
>
> This is apples and oranges; gmail searches locally, not over an IMAP
> connection. I find mairix to be quite fast.
>
>
>> Security: I no longer need to worry about smtp, imap, or pop
>> exploits.
>>
>
> Like having someone else host your web site, if it gets hacked it's
> still your data, but you don't have to clean up. Conversely, you
> can't do anything to protect it. As long as your security needs don't
> exceed what the company offers, that's probably okay. Sounds like
> you're mostly worried about being a negative externality; that is,
> you're less concerned about what happens to the data than being the
> source of an attack on another site. Given that email is unencrypted
> anyway, that's perfectly reasonable.
>
> What do people think? I know from personal experience that the best
> anti-spam setup I've gotten from anywhere is ten times less effective
> than the one I'm using now, and that mine could be about a hundred
> times better (no kidding; see the CRM114 page for how that program
> outperformed its author at spam classification). I know that most
> companies (virtually all non-IT shops) really can't do better and
> need/want to outsource.
>
> FWIW, my current setup uses OpenBSD's spamd (blacklisting spews1,
> china and korea), greylisting for everyone the first time, spamtraps
> on my web page and in my sig file (email john -> instant
> blacklisting), and the following postfix config mods:
>
> stmpd_delay_reject = yes
> smtpd_client_restrictions = permit_mynetworks, reject_unknown_client, permit
> smtpd_require_helo = yes
> smtpd_helo_required = yes
> smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown_client, permit
> smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_address, reject_unknown_sender_domain, reject_non_fqdn_sender, reject_unknown_client, permit
> smtpd_recipient_restrictions = reject_unauth_pipelining, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unknown_client, permit
>
> I can easily imagine dspam/crm114, a bottrap on the web site,
> a CGI-BIN that generates a graphical email address instead of
> having mailto links in the HTML, a decent web UI for whitelisting
> and bypassing the various checks.
>
> Plus I get a special feeling every time I waste a spammer's time:
>
> spamd[6530]: 202.109.78.222: disconnected after 543 seconds. lists: china
>
> Thoughts?
>