Anti spam solutions
waltdnes-SLHPyeZ9y/tg9hUCZPvPmw at public.gmane.org
waltdnes-SLHPyeZ9y/tg9hUCZPvPmw at public.gmane.org
Thu Oct 9 02:27:58 UTC 2003
On Wed, Oct 08, 2003 at 12:34:19AM -0400, Fraser Campbell wrote
> I had nothing much to say or ask when I started writing this email but
> now that I've thought about it ... do any of you have any experience
> with commercial anti-spam solutions?
I want to admin my spamblocks, but I don't want to have to admin an
MTA. For $30 US per year, I got a personal account at clss.net in
Logansport, Indiana. No dialup, I use ssh access instead. They've
hacked up qmail so that it parses a config file in the user's home
directory ( http://uptime.netcraft.com/up/graph/?host=www.clss.net
indicates that clss.net is running on linux ) just after the RCPT
stage of the SMTP transaction, and rejects (550) where specified. On
request, they'll accept email for your personal domain and forward it to
your clss.net account. So I was ble to keep my waltdnes.org address...
host -t MX waltdnes.org
waltdnes.org mail is handled by 10 manson.clss.net.
I can whitelist/block on...
- IP address (or CIDR)
- DNSbls like countries.nerd.dk, and Easynet, and Spamhaus, etc.
- envelope sender (or final portion thereof)
- rDNS (or final portion thereof)
- bad rDNS
- total lack of rDNS
This has almost eliminated spam (virus is a different story). Because
blocked email gets the big 550 just after RCPT, I'm not contributing to
the proxy-mailbombing of innocent 3rd-parties whose addresses have been
forged as "From:" or envelope-sender. You're allowed 10 accounts, each
of which can have it's own filter, or you can symlink filter-rulesets
for several accounts (yes, you can get a shell prompt). For newbies and
windows users, there's a text-menu-driven system. I prefer to get my
hands dirty and ssh in and edit the ruleset with vim. You can append
your own messages to the 550. For most of my rejects, I put in a
pointer to a web page that lists my current unfiltered address. This is
a nice safety feature. The main disadvantage is that I only get logs
once a month.
Speaking of which, September's logs show over 2400 rejects. Since I
normally get 250-to-300 spam attempts blocked per month, I assume that
2100+ were viruses. An additional 1200 viruses got through in the last
2 weeks of September, but simple procmail filters sent the vast majority
of them to my spam folder.
Because end-users set their own blocks, CLSS doesn't unilaterally
block, unless things get to the DOS attack stage. I had my mailbox
(10 megs) overflow in the early stages of the swen fiasco. I set up a
loop which got mutt to poll the POP server over an ssh-tunnel every
hour. I then backed off to 2, 3, 6 hours as the flow decreased. I had
to put the loop in its own tty. If anybody has figured out how to
properly run, from cron, a script that calls ssh and mutt, I'd be very
interested in hearing.
Oh, forgot to mention, I'm *NOT* getting paid by clss.net for this
"unsolicited testimonial" <g>.
--
Walter Dnes <waltdnes-SLHPyeZ9y/tg9hUCZPvPmw at public.gmane.org>
Email users are divided into two classes;
1) Those who have effective spam-blocking
2) Those who wish they did
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list