It just keeps getting worse. I really don't want to change my email address, but it's all over the Internet, and the spammers are killing my inbox. I don't want to spend a lot of time on this issue, I just want to be able to block these idiots. I'm running a postfix mail server. Is there an easy was to thwart spam? I use the filters built into KMail, but they seem almost worthless. -- "Whoever controls the histories of nations controls those nations and their peoples." Germar Rudolf -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 20 Dec 2006, hattons@globalsymmetry.com wrote:
Is there an easy was to thwart spam? I use the filters built into KMail, but they seem almost worthless.
Install, train and use either spamassassin: http://spamassassin.apache.org/ or bogofilter: http://bogofilter.sourceforge.net/ They are included with SuSE. Charles -- /* Only Sun can take such nice parts and fuck up the programming interface * like this. Good job guys... */ linux-2.6.6/drivers/net/sunhme.c
On 12/20/06, Steven T. Hatton
It just keeps getting worse. I really don't want to change my email address, but it's all over the Internet, and the spammers are killing my inbox. I don't want to spend a lot of time on this issue, I just want to be able to block these idiots. I'm running a postfix mail server. Is there an easy was to thwart spam? I use the filters built into KMail, but they seem almost worthless.
There is no easy way. *but* it is possible to combat spam. Some Linuxoids use draconian measures against spam. such as: 1. drop all mails that include attachments. 2. drop all mails that include HTML/Javascript/ActiveX/Flash. 3. require all non-dropped mail to request image recognition. (the recepient's server replies with image-recognition question, and the sender must approve that he is a human, otherwise mail get dropped) 4. make white-list firewalls, only allowed users can send you. else is dropped. NOTE: some Viruses, like "I love you" can come from known ppl, so rule #4 alone won't help you, but when all rules copmbined, and each mail requires image-recognition, then spam stops TOTALLY. With this you can achieve devastating effects, so only friends will be able to mail you. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
such as: 1. drop all mails that include attachments.
or drop all attachments. not mail itself.
2. drop all mails that include HTML/Javascript/ActiveX/Flash.
so only plain text is allowed. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 20 December 2006 15:32, Steven T. Hatton wrote:
It just keeps getting worse. I really don't want to change my email address, but it's all over the Internet, and the spammers are killing my inbox. I don't want to spend a lot of time on this issue, I just want to be able to block these idiots. I'm running a postfix mail server. Is there an easy was to thwart spam? I use the filters built into KMail, but they seem almost worthless.
You can go a long way to filtering the spam out. Spamassassin - good but in my view a lot of maintenance Dspam - maintenance free for the most part, and excellent. My stats for Dspam: TP True Positives: 135370 TN True Negatives: 148860 FP False Positives: 1236 FN False Negatives: 9752 SC Spam Corpusfed: 3733 NC Nonspam Corpusfed: 2883 TL Training Left: 0 SHR Spam Hit Rate 93.28% HSR Ham Strike Rate: 0.82% OCA Overall Accuracy: 96.28% -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 20 Dec 2006, bmarsh@bmarsh.com wrote:
Spamassassin - good but in my view a lot of maintenance
This what cron is for. I use a script to train SA with the mails in my spam mailbox everyday and a weekly script to train SA for HAM. Charles -- printk("VFS: Busy inodes after unmount. " "Self-destruct in 5 seconds. Have a nice day...\n"); linux-2.3.99-pre8/fs/super.c
Steven T. Hatton wrote:
It just keeps getting worse. I really don't want to change my email address, but it's all over the Internet, and the spammers are killing my inbox. I don't want to spend a lot of time on this issue, I just want to be able to block these idiots. I'm running a postfix mail server. Is there an easy was to thwart spam? I use the filters built into KMail, but they seem almost worthless.
Hi Steven, adding smtpd_recipient_restrictions = [ ......], reject_rhsbl_client blackhole.securitysage.com, reject_rhsbl_sender blackhole.securitysage.com, reject_rbl_client relays.ordb.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client cbl.abuseat.org, reject_rbl_client proxies.blackholes.wirehub.net, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl.spamhaus.org, reject_rbl_client opm.blitzed.org, reject_rbl_client dnsbl.njabl.org, reject_rbl_client list.dsbl.org, reject_rbl_client multihop.dsbl.org to the "main.cf" on the mailserver already reduced the amount of spam by approx. 50% on our server [....] means that you should leave your current policies like "permit_mynetworks" how it currently is. Postgrey http://isg.ee.ethz.ch/tools/postgrey/ has also been mentioned to reduce the amount of spam quite well. I'll use that on one of the upcoming mailservers, so I don't have any experience with that up to now. However both recommendations just work on mailservers directly accepting the mail, best Joachim -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Joachim Kieferle wrote:
Steven T. Hatton wrote:
It just keeps getting worse. I really don't want to change my email address, but it's all over the Internet, and the spammers are killing my inbox. I don't want to spend a lot of time on this issue, I just want to be able to block these idiots. I'm running a postfix mail server. Is there an easy was to thwart spam? I use the filters built into KMail, but they seem almost worthless.
Hi Steven,
adding
smtpd_recipient_restrictions = [ ......], reject_rhsbl_client blackhole.securitysage.com, reject_rhsbl_sender blackhole.securitysage.com, reject_rbl_client relays.ordb.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client cbl.abuseat.org, reject_rbl_client proxies.blackholes.wirehub.net, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl.spamhaus.org, reject_rbl_client opm.blitzed.org, reject_rbl_client dnsbl.njabl.org, reject_rbl_client list.dsbl.org, reject_rbl_client multihop.dsbl.org
relays.ordb.org has shut down a few days ago. cbl.abuseat.org \ opm.blitzed.org > all three are included in zen. spamhaus.org sbl.spamhaus.org / bl.spamcop.net is rather heavyhanded. While it will block a lot of spamzombies, indiscriminate use will almost guarantees that you will reject servers you want to receive mail from.
to the "main.cf" on the mailserver already reduced the amount of spam by approx. 50% on our server [....] means that you should leave your current policies like "permit_mynetworks" how it currently is.
With blacklists, helo checks, some basic sanity checks, adress verify you can reject about 80% of spam already.
Postgrey http://isg.ee.ethz.ch/tools/postgrey/ has also been mentioned to reduce the amount of spam quite well. I'll use that on one of the upcoming mailservers, so I don't have any experience with that up to now.
Greylisting works indeed very well against spam but it also introduces some delay until most regular senders are known to the server. You might also consider policyd-weight, that uses the weighted result of many checks to reject/accept mails.
However both recommendations just work on mailservers directly accepting the mail,
Correct. Otherwise you can only use spamassassin to analyse and tag the mail. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 20 December 2006 16:10, Joachim Kieferle wrote:
Steven T. Hatton wrote:
It just keeps getting worse. I really don't want to change my email address, but it's all over the Internet, and the spammers are killing my inbox. I don't want to spend a lot of time on this issue, I just want to be able to block these idiots. I'm running a postfix mail server. Is there an easy was to thwart spam? I use the filters built into KMail, but they seem almost worthless.
Hi Steven,
adding
smtpd_recipient_restrictions = [ ......], reject_rhsbl_client blackhole.securitysage.com, reject_rhsbl_sender blackhole.securitysage.com, reject_rbl_client relays.ordb.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client cbl.abuseat.org, reject_rbl_client proxies.blackholes.wirehub.net, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl.spamhaus.org, reject_rbl_client opm.blitzed.org, reject_rbl_client dnsbl.njabl.org, reject_rbl_client list.dsbl.org, reject_rbl_client multihop.dsbl.org
to the "main.cf" on the mailserver already reduced the amount of spam by approx. 50% on our server [....] means that you should leave your current policies like "permit_mynetworks" how it currently is.
Postgrey http://isg.ee.ethz.ch/tools/postgrey/ has also been mentioned to reduce the amount of spam quite well. I'll use that on one of the upcoming mailservers, so I don't have any experience with that up to now.
However both recommendations just work on mailservers directly accepting the mail,
best
Joachim Well, I'm still getting mail from this list, so it's not blocking everything. It will take some time to determine if I've blocked things I don't want blocked. So far I have no new spam in the inbox in over an hour. That is very good. Far better than 50%. Thanks
Steven -- "Whoever controls the histories of nations controls those nations and their peoples." Germar Rudolf -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Steven T. Hatton wrote:
On Wednesday 20 December 2006 16:10, Joachim Kieferle wrote:
Steven T. Hatton wrote:
It just keeps getting worse. I really don't want to change my email address, but it's all over the Internet, and the spammers are killing my inbox. I don't want to spend a lot of time on this issue, I just want to be able to block these idiots. I'm running a postfix mail server. Is there an easy was to thwart spam? I use the filters built into KMail, but they seem almost worthless.
Hi Steven,
adding
smtpd_recipient_restrictions = [ ......], reject_rhsbl_client blackhole.securitysage.com, reject_rhsbl_sender blackhole.securitysage.com, reject_rbl_client relays.ordb.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client cbl.abuseat.org, reject_rbl_client proxies.blackholes.wirehub.net, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl.spamhaus.org, reject_rbl_client opm.blitzed.org, reject_rbl_client dnsbl.njabl.org, reject_rbl_client list.dsbl.org, reject_rbl_client multihop.dsbl.org
to the "main.cf" on the mailserver already reduced the amount of spam by approx. 50% on our server [....] means that you should leave your current policies like "permit_mynetworks" how it currently is.
Postgrey http://isg.ee.ethz.ch/tools/postgrey/ has also been mentioned to reduce the amount of spam quite well. I'll use that on one of the upcoming mailservers, so I don't have any experience with that up to now.
However both recommendations just work on mailservers directly accepting the mail,
best
Joachim
Well, I'm still getting mail from this list, so it's not blocking everything. It will take some time to determine if I've blocked things I don't want blocked. So far I have no new spam in the inbox in over an hour. That is very good. Far better than 50%. Thanks
Steven
Hi Steven, "grep blocked /var/log/mail" shows which mails are blocked. All sender / recipient combinations that I have seen so far were spam. Counting the amount of blocked spam, for our site it's about 2'000 mails that are blocked per day. IF BY ACCIDENT a mail is blocked, the positive effect from that is, that the senders are informed about blocking (e.g. Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=82.197.44.218), whereas SpamAssassin "just" marks the spam and one tends to delete the spam without even reading the header / sender. Sandy gave some very good comments on the sites one should get the blocking information from. That's very helpful, since I just googled this list from a postfix configuration site and didn't up to now find the time to go into details of each site. Thanks for that. Best and Merry Christmas, Joachim -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Joachim Kieferle wrote: [RBLs listed]
Well, I'm still getting mail from this list, so it's not blocking everything. It will take some time to determine if I've blocked things I don't want blocked. So far I have no new spam in the inbox in over an hour. That is very good. Far better than 50%. Thanks
Steven
Hi Steven,
"grep blocked /var/log/mail" shows which mails are blocked. All sender / recipient combinations that I have seen so far were spam. Counting the amount of blocked spam, for our site it's about 2'000 mails that are blocked per day.
You can even cheaply count the number of rejected recipients per blacklist with this one-liner: grep "blocked using" /var/log/mail | awk '{print $20}' | sort | uniq -c | sort -n I think for postfix 2.2 or older its awk '{print $19}'
IF BY ACCIDENT a mail is blocked, the positive effect from that is, that the senders are informed about blocking (e.g. Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=82.197.44.218), whereas SpamAssassin "just" marks the spam and one tends to delete the spam without even reading the header / sender.
That is the theory. The trouble is that more than one admins think all bounces are spam and silently delete them or refuse to accept mails with empty envelope sender. It had happened more than one time that the sender did not get any notification. :-((
Sandy gave some very good comments on the sites one should get the blocking information from. That's very helpful, since I just googled this list from a postfix configuration site and didn't up to now find the time to go into details of each site. Thanks for that.
The temptation is great but you should find the time to investigate the site policy and research user experience with the blacklist. You are after all delegating the decision if a mail should be accepted or not to an external third-party. Currently I am using three blacklists: zen.spamhaus.org list.dsbl.org dynablock.njabl.org A lot of spam is rejected by helo checks and greylisting. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sandy Drobic wrote:
Joachim Kieferle wrote:
[RBLs listed]
[... more info about blocking mails]
A lot of spam is rejected by helo checks and greylisting.
Sandy Hi Sandy,
two questions about that: 1. could you please point to some info about how to implement "helo checks" (maybe a snippet from the main.cf?) and 2. is there greylisting available out of the (OpenSuSE 10.2) box? Best Joachim -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Joachim Kieferle wrote:
Sandy Drobic wrote:
Joachim Kieferle wrote:
[RBLs listed]
[... more info about blocking mails]
A lot of spam is rejected by helo checks and greylisting.
Sandy Hi Sandy,
two questions about that: 1. could you please point to some info about how to implement "helo checks" (maybe a snippet from the main.cf?) and
/etc/postfix/main.cf: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination check_client_access hash:/etc/postfix/client_whitelist reject_invalid_hostname, reject_non_fqdn_hostname, check_helo_access hash:/etc/postfix/helo_blacklist /etc/postfix/client_whitelist: # put all idiot server here from which you want to accept # mails despite their stupid admins. # allowed are ips and server hostnames # do NOT add sender domains here!! # # remember to execute "postmap /etc/postfix/client_whitelist" # after changing this file!! # 1.2.3.4 permit_auth_destination idiotsrv.example.com OK /etc/postfix/helo_blacklist: # Put all helo names here that you immediately want to reject, # for example your own hostname and ip when other servers try # to impersonate your domain. # # remember to execute "postmap /etc/postfix/helo_blacklist" # after changing this file!! # yourdomain.example.com 554 Do not use my name as your HELO!! 11.22.33.44 554 Do not use my ip address as your HELO!! reject_invalid_hostname blocks HELO that do not use hostnames allowed in DNS. reject_non_fqdn_hostname blocks HELO that do not have a fully qualified domain name like "localhost", "friend" etc.
2. is there greylisting available out of the (OpenSuSE 10.2) box?
Not that I am aware of. But Postgrey is not difficult to implement. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2006-12-21 at 11:18 +0100, Sandy Drobic wrote:
2. is there greylisting available out of the (OpenSuSE 10.2) box?
Not that I am aware of. But Postgrey is not difficult to implement.
Yes, it is. There is a sample in (2.1) "SMTPD_POLICY_README.html", another in "postconf.5.html". There is a "greylist.pl" and "spf.pl" script in the "./examples/smtpd-policy/" directory. I don't know if that's the best implementation, but at least it is there. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFin9KtTMYHG2NR9URAlc3AJ4gxrUMVbAyY9Sltxszje24HlrUQQCeMZZ3 MWzLHh+hN2xYahNrwrWzD2o= =ONvg -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 20 December 2006 23:37, Joachim Kieferle wrote:
IF BY ACCIDENT a mail is blocked, the positive effect from that is, that the senders are informed about blocking (e.g. Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=82.197.44.218), whereas SpamAssassin "just" marks the spam and one tends to delete the spam without even reading the header / sender.
Whoa there big fella! You are ADDING to the PROBLEM by generating backscatter, and probably joe jobbing some poor schmuck who the spammer pretended to be. -- _____________________________________ John Andersen
John Andersen wrote:
On Wednesday 20 December 2006 23:37, Joachim Kieferle wrote:
IF BY ACCIDENT a mail is blocked, the positive effect from that is, that the senders are informed about blocking (e.g. Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=82.197.44.218), whereas SpamAssassin "just" marks the spam and one tends to delete the spam without even reading the header / sender.
Whoa there big fella!
You are ADDING to the PROBLEM by generating backscatter, and probably joe jobbing some poor schmuck who the spammer pretended to be.
Wrong. The mail is not accepted and instead REJECTED during the smtp dialogue. The responsibility for the mail remains with the sending client. May that be the spammer or a normal mailserver. Dec 17 04:52:12 spamkill postfix/smtpd[18477]: NOQUEUE: reject: RCPT from customer.optindirectmail.83.sls-hosting.com[204.14.1.83]: 554 5.7.1 Service unavailable; Client host [204.14.1.83] blocked using zen.spamhaus.org; http://www.spamhaus.org/SBL/sbl.lasso?query=SBL27197; Opt-in, yeah, sure... Not even a queue file has been created yet. That is exactly the difference to the normal use of amavisd-new or spamassassin: that filtering happens after you accepted the mail, so you can't reject the mail at that stage. At that point you can only tag-and-deliver. The biggest problem on the corporate side are gateway mailserver that accept a mail without knowing if the recipient is even valid. They try to relay the mail to the internal exchange server which is then telling them the recipient is invalid. Then they bounce the mail back to the, in case of spam forged, sender address. That is the backscatter we all know and love. :-(( Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 21 December 2006 11:26, Sandy Drobic wrote:
John Andersen wrote:
On Wednesday 20 December 2006 23:37, Joachim Kieferle wrote:
IF BY ACCIDENT a mail is blocked, the positive effect from that is, that the senders are informed about blocking (e.g. Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=82.197.44.218), whereas SpamAssassin "just" marks the spam and one tends to delete the spam without even reading the header / sender.
Whoa there big fella!
You are ADDING to the PROBLEM by generating backscatter, and probably joe jobbing some poor schmuck who the spammer pretended to be.
Wrong. The mail is not accepted and instead REJECTED during the smtp dialogue. The responsibility for the mail remains with the sending client. May that be the spammer or a normal mailserver.
Dec 17 04:52:12 spamkill postfix/smtpd[18477]: NOQUEUE: reject: RCPT from customer.optindirectmail.83.sls-hosting.com[204.14.1.83]: 554 5.7.1 Service unavailable; Client host [204.14.1.83] blocked using zen.spamhaus.org; http://www.spamhaus.org/SBL/sbl.lasso?query=SBL27197;
Opt-in, yeah, sure...
Not even a queue file has been created yet. That is exactly the difference to the normal use of amavisd-new or spamassassin: that filtering happens after you accepted the mail, so you can't reject the mail at that stage. At that point you can only tag-and-deliver.
The biggest problem on the corporate side are gateway mailserver that accept a mail without knowing if the recipient is even valid. They try to relay the mail to the internal exchange server which is then telling them the recipient is invalid. Then they bounce the mail back to the, in case of spam forged, sender address. That is the backscatter we all know and love. :-((
Sandy
I am not at all an expert, but I dislike the option of rejecting emails due to a blacklist. I prefer to have spam in my spam-folder (after it has been marked by Spam-Assassin), where I can quickly overview the subject lines. Some years ago my (old) ISP started rejecting e-mails using a blacklist. At that moment one of the lagest german ISP's ("Schlund+Partner" and its numerous sub-companies) was blacklisted. I suddenly had no more business contacts to Germany anymore and it took quite a while for me to find out why... The ISP told me, I should write to my business partners that they shall change their ISP. This sounded like a joke to me, as many of my partners are quite large companies and their IT staff for sure is much more experienced than I am. In the end I changed to another ISP that let *me* decide from whom I want to receive mail or not. Using blacklists for warning/marking purposes seems ok to me, but letting a blacklist make decisions can be dangerous. Just my opinion. Daniel -- Daniel Bauer photographer Basel Switzerland professional photography: http://www.daniel-bauer.com Madagascar special: http://www.sanic.ch -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Daniel Bauer wrote:
I am not at all an expert, but I dislike the option of rejecting emails due to a blacklist. I prefer to have spam in my spam-folder (after it has been marked by Spam-Assassin), where I can quickly overview the subject lines.
This is only possible if you do not receive too much spam. We lost some emails in the past because they were buried in a heap of spam. The woman who had to wade through all the junk just skimmed over the subject lines and then deleted all mail that didn't catch her eye.
Some years ago my (old) ISP started rejecting e-mails using a blacklist. At that moment one of the lagest german ISP's ("Schlund+Partner" and its numerous sub-companies) was blacklisted. I suddenly had no more business contacts to Germany anymore and it took quite a while for me to find out why... The ISP told me, I should write to my business partners that they shall change their ISP. This sounded like a joke to me, as many of my partners are quite large companies and their IT staff for sure is much more experienced than I am. In the end I changed to another ISP that let *me* decide from whom I want to receive mail or not.
The purpose of a mailserver is to receive desired mails and send valid mails. If an administrator is using restrictions that defeat that purpose he needs the change these settings. I definitely can understand your decision, I would have done the same. That is exactly the reason why I am warning everyone not to use a huge list of blacklists without investigating their listing policy, delisting policy and the user experience. A company mailserver can afford to apply stricter checks than a general purpose isp mailserver. I spend half an hour every day just to review the maillog to verify that I did not misconfigure my systems to reject the wrong clients.
Using blacklists for warning/marking purposes seems ok to me, but letting a blacklist make decisions can be dangerous. Just my opinion.
Spamassassin and consorts do that kind of check. Unfortunately, these checks are expensive (many external dns queries and cpu intensive content checks). If you have a high-volume mailserver you will probably choke on all the spam that gets processed by the content_filter. My approach is to weed out most of the obvious spam clients with reasonable blacklists, postfix checks and selective greylisting and then let spamassassin deal with the rest. For better detection of picture spam I even installed FuzzyOCR to recognize these spams. That spam only gets tagged and then delivered to the mailbox of the recipient. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2006-12-21 at 12:35 +0100, Sandy Drobic wrote:
Using blacklists for warning/marking purposes seems ok to me, but letting a blacklist make decisions can be dangerous. Just my opinion.
Spamassassin and consorts do that kind of check. Unfortunately, these checks are expensive (many external dns queries and cpu intensive content checks). If you have a high-volume mailserver you will probably choke on all the spam that gets processed by the content_filter.
However, I understand that this is precisely what SuSE server does. You know, _I_ would be rejected otherwise ;-) - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFioCatTMYHG2NR9URArL+AKCWn+2VwtjlMnXfvpEVSE5KS/12PwCeKiVy D5cMQBI7DeevFNTqGba1jS0= =zT9Q -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Thursday 2006-12-21 at 12:35 +0100, Sandy Drobic wrote:
Using blacklists for warning/marking purposes seems ok to me, but letting a blacklist make decisions can be dangerous. Just my opinion. Spamassassin and consorts do that kind of check. Unfortunately, these checks are expensive (many external dns queries and cpu intensive content checks). If you have a high-volume mailserver you will probably choke on all the spam that gets processed by the content_filter.
However, I understand that this is precisely what SuSE server does. You know, _I_ would be rejected otherwise ;-)
The Suse server is not exactly high-volume. It may receive some ten thousand mails per day, not much more. Believe me, if the list server had to process all mails that it is SENDING for spam and viruses it would need some SERIOUS hardware. (^-^) I am very glad that the suse server accepts mails from dynamic ips. Though the listserver has the protection of only allowing the list subscribers as sender addresses. That is probably why it is possible at all. The postfix-users mailing list gets a lot of cries for help because the mail queue has piled up into dimensions that threaten to bury the server. Usually it is because either to many mails are waiting to be processed or because of a misconfiguration the machine is not used efficiently. Unfortunately nothing can be done if the machine is simply buried in a spam run. So my policy is to use pretty reasonable checks that seldom reject wanted mails, configure a whitelist for those few (usually a handful within some month) and let spamassassin analyse the rest. Since robust and capable server hardware has become easily affordable it is possible for low-level volume sites (less than 50000 mails per day) to use pre-queue content filtering and reject the mails directly. The configuration is a bit more difficult because all filtering has to be done fast and only as many concurrent connections are possible as concurrent content_filter processes are supported by the hardware. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2006-12-21 at 14:08 +0100, Sandy Drobic wrote:
However, I understand that this is precisely what SuSE server does. You know, _I_ would be rejected otherwise ;-)
The Suse server is not exactly high-volume. It may receive some ten thousand mails per day, not much more. Believe me, if the list server had to process all mails that it is SENDING for spam and viruses it would need some SERIOUS hardware. (^-^)
Probably. What about gmail? I can send to them ;-)
I am very glad that the suse server accepts mails from dynamic ips. Though the listserver has the protection of only allowing the list subscribers as sender addresses. That is probably why it is possible at all.
That's true, but I understand the entry server was the same for the whole company - SuSE, that is, not Novell. Maybe the use other blocks, but AFAIK, not dymamic IPs. Which is very fortunate for me, of course.
The postfix-users mailing list gets a lot of cries for help because the mail queue has piled up into dimensions that threaten to bury the server. Usually it is because either to many mails are waiting to be processed or because of a misconfiguration the machine is not used efficiently. Unfortunately nothing can be done if the machine is simply buried in a spam run.
:-(
So my policy is to use pretty reasonable checks that seldom reject wanted mails, configure a whitelist for those few (usually a handful within some month) and let spamassassin analyse the rest.
I suppose I would do mostly the same in your place.
Since robust and capable server hardware has become easily affordable it is possible for low-level volume sites (less than 50000 mails per day) to use pre-queue content filtering and reject the mails directly. The configuration is a bit more difficult because all filtering has to be done fast and only as many concurrent connections are possible as concurrent content_filter processes are supported by the hardware.
pre-queue? Wow. :-O What kind of software do they use for that? Can postfix do that? - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFiyrBtTMYHG2NR9URAvcVAJ4+F+LOb19GRQ6mSRi3G+lMmNUQiQCeJ9rh KSo0dvWgVr+W1jCLEB6JgjM= =GeM2 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Thursday 2006-12-21 at 14:08 +0100, Sandy Drobic wrote:
However, I understand that this is precisely what SuSE server does. You know, _I_ would be rejected otherwise ;-) The Suse server is not exactly high-volume. It may receive some ten thousand mails per day, not much more. Believe me, if the list server had to process all mails that it is SENDING for spam and viruses it would need some SERIOUS hardware. (^-^)
Probably. What about gmail? I can send to them ;-)
They are welcome to receive whatever spam they want. On the other hand I am not happy when they forward the crap to my server, which does happen again and again.
I am very glad that the suse server accepts mails from dynamic ips. Though the listserver has the protection of only allowing the list subscribers as sender addresses. That is probably why it is possible at all.
That's true, but I understand the entry server was the same for the whole company - SuSE, that is, not Novell. Maybe the use other blocks, but AFAIK, not dymamic IPs. Which is very fortunate for me, of course.
True, it is after all a Linux product they support, and on linux you will likely have more network services installed like a web or mailserver than on a windows machine.
So my policy is to use pretty reasonable checks that seldom reject wanted mails, configure a whitelist for those few (usually a handful within some month) and let spamassassin analyse the rest.
I suppose I would do mostly the same in your place.
In the end it comes down to "how do I implement a transparent and robust mail system, that works efficiently without needing too much fiddling and attention?". So each administrator has do decide for himself: - how reliable should mail be received - how much spam can be received without hindering daily work - what legal requirements does he have to obey The answers and your priorities change with every company.
Since robust and capable server hardware has become easily affordable it is possible for low-level volume sites (less than 50000 mails per day) to use pre-queue content filtering and reject the mails directly. The configuration is a bit more difficult because all filtering has to be done fast and only as many concurrent connections are possible as concurrent content_filter processes are supported by the hardware.
pre-queue? Wow. :-O
What kind of software do they use for that? Can postfix do that?
I know that postfix and amavisd-new are used on some low-level volume sites to filter mail in a pre-queue configuration. The real trouble is you have to configure your system with two priorities: - filtering must be fast to avoid time-outs during mail processing - hardware must be reasonable fast to provide enough resources for sufficient concurrent mail connections These days you can buy a decent but relatively cheap server with - 2 dualcore cpus - fast raid controller with big cache and bbu - 4 GB RAM - GBit LAN That will allow you to set up a server that can process at least 30 concurrent mails (depending on your max allowed mailsize, header/body checks and your content_filter configuration) without much problems. For most low-volume sites this will be enough, and they can reject recognized spam directly. Of course this does not work if you need to allow huge mails. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 21-Dec-06 Daniel Bauer wrote:
[...] I am not at all an expert, but I dislike the option of rejecting emails due to a blacklist. I prefer to have spam in my spam-folder (after it has been marked by Spam-Assassin), where I can quickly overview the subject lines. [...] Using blacklists for warning/marking purposes seems ok to me, but letting a blacklist make decisions can be dangerous. Just my opinion.
Daniel
I've been reading this discussion--technicalities and conflicts
of automated spam-filtering--and welcome Daniel's common-sense
approach.
I was going to write, anyway, that the very best filter for
unwanted mail is yourself. The real issue is how you implement
that filter.
In my case, I have mail delivered to a different machine (call
it "mailhost") to the one I actually handle mail on (call it
"mailagent").
Logged in to mailhost, I open my inbox with good old fast and
compact 'elm'. This displays a text window with 1 line per mail,
showing sender and subject for each mail.
Then, with one finger on "D" (delete) and one on "J" (skip
down one line), I can work through the bunch of delivered mail
very quickly indeed--the decision to "D" (get rid of it) and "J"
(keep it) is made in a fraction of a second, and I can work
through 100 mails in perhaps a minute. Then quit 'elm', confirming
deletions and keep-in-inbox in the process. Any slips of the fingers
can be rectified with "Shift-K" (move up 1 regardless of status)
and "U" (undelete), though I don't often need that.
Having done that, I then use POP3 retrieval to bring the
remainder over to mailagent, where can deal with it normally
using a mail client (XFMail).
The advantage of this approach is that not only spam (which one
can almost always easily recognise from Sender and Subject) but
also mails from mailing-lists on topics one doesn't want to read
about, etc., are handled all in one go. if there's any doubt,
then pressing the spacebar in 'elm' shows you the body, so you
can then definitively decide. Being eing 'elm', it's very fast.
And, being you, it's as fast as you can be and also flexible,
discriminating and accurate.
Doing this in the MUA (XFMail) would be more tedious, because
it's GUI-based, so you waste ages moving and clocking the mouse!
I get on average about 500 mails a day, of which about 2/3 is
spam, and most of the rest is not interesting, so I only retrieve
some 5-15% for further consideration.
False negatives (retrieving mail I don't really want) are unusual,
and false positives (deleting mail I do want) are very rare.
I reckon that, with the 500 or so per day, dealing with spam and
unwanted mail in this way probably takes 5-10 minutes in total.
By the way, you don't need to use two machines for the above
(depending on your MUA). XFMail stores mail in MH folders,
one of which is "inbox", so doesn't directly deal with the
user's system mailbox /var/spool/mail/user except when pulling
mail. So with an MUA which works that way, you could use 'elm'
on the inbox as above. But if your MUA's inbox is the user's
system mailbox, you may find that the MUA puts a lock on it.
Best wishes, and Season's Greetings to all!
Ted.
--------------------------------------------------------------------
E-Mail: (Ted Harding)
Steven T. Hatton wrote:
It just keeps getting worse. I really don't want to change my email address, but it's all over the Internet, and the spammers are killing my inbox. I don't want to spend a lot of time on this issue, I just want to be able to block these idiots. I'm running a postfix mail server. Is there an easy was to thwart spam? I use the filters built into KMail, but they seem almost worthless.
If you are running a postfix mailserver you have the perfect means to kill off most of the spam by rejecting the mail. Do you really administer the mx server of your domain? The problem is that each setup has specific needs and you can't use one-approach-fits-all-situation recipe. That's why I am a bit careful about giving concrete advice without knowing your situation and needs. My company is using a postfix mailgateway to weed out most spam and viruses before spamassassin even gets the opportunity to check the rest of the accepted mails. In any case, you have to decide for yourself how important it is not to reject mails from badly configured servers, that you still want to accept or to reduce the number of spams effectively. If you want to reduce spam to a comfortable small number you can either invest money (buy the neccessary expertise) or time (understand the system). You won't get a reasonable result without investing some hours into spamfighting. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2006-12-20 at 15:32 -0500, Steven T. Hatton wrote:
It just keeps getting worse. I really don't want to change my email address, but it's all over the Internet, and the spammers are killing my inbox. I don't want to spend a lot of time on this issue, I just want to be able to block these idiots. I'm running a postfix mail server. Is there an easy was to thwart spam? I use the filters built into KMail, but they seem almost worthless.
SpamAssassin, with a well trained bayes database, can filter most of the spam. I get over a hundred daily, and perhaps two false negatives a week. The false positives I get are all due to over zealous network tests: I had to reduce their score. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFibnHtTMYHG2NR9URAsd/AJ9HSGS+WoXLX566Ao43cynpHbgobQCfQWjM euD3q+4zGKWFTWkxLIpAnI8= =ZhqP -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
It just keeps getting worse. I really don't want to change my email address, but it's all over the Internet, and the spammers are killing my inbox. I don't want to spend a lot of time on this issue, I just want to be able to block these idiots. I'm running a postfix mail server. Is there an easy was to thwart spam? I use the filters built into KMail, but they seem almost worthless. If you are running your own mail server, that is the place to filter spam, not in a mail client. I get maybe 1 or 2 spam messages a day, although spammers try to send me perhaps 1000 spam messages per day. Just by using the cool tools that ship with suse, and in certain cases supplementing them with other open source tools, we block over 99% of
Steven T. Hatton wrote: the spam, reducing it to a manageable situation. Layered defense is the key, and as I said, it's just a matter of using the open source tools: 1. Right up front, have postfix do sanity checks, greylisting, etc - that will block a large amount of spam with little effort. 2. use amavis+spamassasin+clamav - very powerful tools that ship with suse, and if you supplement the stock rules with the best custom rules from rules emporium and goodies like the botnet plugin, the fuzzyocr plugin etc, that can takes the effectiveness of the filter from the 80-90% range up to the 98-99% and better range. 3. For added convenience, install a quarantine management and automated spam reporting and bayes training system, which will make life much easier - I highly recommend maia mailguard for this. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 20/12/06, Steven T. Hatton
Is there an easy way to thwart spam?
I let the clever chaps at Google do all the hard work for me, and pass all my mail through GMail. There are very few false negatives and even fewer false positives. Mike -- Michael Leuty Nottingham, UK -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Michael Leuty wrote:
On 20/12/06, Steven T. Hatton
wrote: Is there an easy way to thwart spam?
I let the clever chaps at Google do all the hard work for me, and pass all my mail through GMail. There are very few false negatives and even fewer false positives.
Mike
BTW, and maybe somebody can tell me this, is there some sort of mindset of the spammer which justifies sending out all these e-mails. Something that says, yes my actions are horribly reprehensible and wrong, but people will like me enough to buy my merchandise. The good will you shoot to crap with this must be intense. And I know it's hard to look at things from the perspective of slime, but maybe somebody can explain it to me. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2006-12-20 at 16:16 -0700, John Meyer wrote:
BTW, and maybe somebody can tell me this, is there some sort of mindset of the spammer which justifies sending out all these e-mails. Something
Business... from their point of view. Sending is cheap, so they probably send by the million. If sucess rate is one per thousand, that's a one thousand hit. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFic3WtTMYHG2NR9URAgWjAJ9qPmFjPWfIPaSFQYUYSikkgcd8NwCcD094 zjE/pqwGR483r4iPFRN2JvI= =2m68 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Wednesday 2006-12-20 at 16:16 -0700, John Meyer wrote:
BTW, and maybe somebody can tell me this, is there some sort of mindset of the spammer which justifies sending out all these e-mails. Something
Business... from their point of view. Sending is cheap, so they probably send by the million. If sucess rate is one per thousand, that's a one thousand hit.
Last I heard the return rate was about one per thirty thousand, so they need to send LOTS of spam. :-(( Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday December 20 2006 3:32 pm, Steven T. Hatton wrote:
It just keeps getting worse. I really don't want to change my email address, but it's all over the Internet, and the spammers are killing my inbox. I don't want to spend a lot of time on this issue, I just want to be able to block these idiots. I'm running a postfix mail server. Is there an easy was to thwart spam? I use the filters built into KMail, but they seem almost worthless.
This is a very complex issue with complex answers. To my knowledge, there's NO single appliance nor software that will "get it all" - NOT even Baracuda! Fred -- MickySoft, the ultimate corporate parasite. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Steven T. Hatton wrote:
It just keeps getting worse. I really don't want to change my email address, but it's all over the Internet, and the spammers are killing my inbox. I don't want to spend a lot of time on this issue, I just want to be able to block these idiots. I'm running a postfix mail server. Is there an easy was to thwart spam? I use the filters built into KMail, but they seem almost worthless.
A possible solution/link I have is: Easy SPAM blocking with TMDA(Tagged Message Delivery Agent) http://ct.techrepublic.com.com/clicks?t=23033582-c55bc3b61974813922cfaaafffbee890-bf&s=5&fs=0 I have not visited it nor used it so YMMV As you already have postfix, why not incorporate a couple of anti spam tools as well. Hell then if the first one doesn't nail te spam , the ssecond one will, hopefully. :) -- ======================================================================== Using SuSE 9.2 Professional with KDE and Mozilla Mail 1.7.13 Linux user # 229959 at http://counter.li.org ======================================================================== -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (15)
-
Alexey Eremenko
-
Bruce Marshall
-
Carlos E. R.
-
Charles philip Chan
-
Daniel Bauer
-
efh@nessie.mcc.ac.uk
-
Fred A. Miller
-
Hylton Conacher(ZR1HPC)
-
J Sloan
-
Joachim Kieferle
-
John Andersen
-
John Meyer
-
Michael Leuty
-
Sandy Drobic
-
Steven T. Hatton