[NCLUG] Re: Spam Help

DJ Eshelman djsbignews at gmail.com
Wed Dec 10 12:38:19 MST 2008 

I use procmail with a recipe that sends thru clamav then SA, then on to 
postfix

it works pretty well but CPU utilization tends to be high under load.  
I've only had a big problem with that once.  This is on a server hosting 
about 15 domains, if that matters to you.  It's also pretty old- dual 
Xeon 866's :)

Usually we recommend a dedicated spam filter off-site for anyone; we 
even have two Privacy Networks servers we make available for a pretty 
small fee.  It works out pretty darn well because those servers are on a 
pier1 network, super fast.

I've also been playing around more and more with pre-configured *nix 
distros specifically for these kinds of purposes- I'm currently playing 
with Untangle.  So far I've been pretty happy with it's interface and 
performance.  Guess I'm just getting lazy is what it comes down to.

-DJ

Matt Rosing wrote:
> Bob wrote:
>  > This is mostly from somewhat more knowledgeable users but not quite a
>  > skilled hacker yet, right?  I never see this from the clueless newbie
>  > crowd.  They all use a mailserver run by a larger organization such as
>  > Yahoo, Hotmail, Gmail, or corporate entity.  So the truly clueless
>  > ones are okay.
>
> Maybe it's something else. There were a dozen or so people and they
> ranged from clueless to half way between clueless and dangerous. (Of
> course, I'm only a bit better than dangerous.)  I looked at the mail
> headers and they came directly from their homes. It could be they have
> a friend that helped them out. A few work at small companies and I'm
> guessing things weren't set up correctly. 
>
>  > By the time that you have received the mail it is really too late and
>  > very problematic.  If you can't reject at smtp time then it is just a
>  > bad situation.
>
> Here's where I prove I'm dangerous: Does spamassasin sit too far down
> the pipe to reject it at smtp time? I use Postfix and I'm not sure how
> spamassasin fit in. I assume the configurations you're talking about
> should be in postfix?
>
>  > I can't disagree there.  But I don't think it does them favors to work
>  > around their problem.  Instead it would be better for all involved if
>  > it just did not work for them at all until they had a hostile Internet
>  > compatible configuration.
>
> I agree, but it became my problem because nobody else complained.
>
>  > For what it is worth I also use greylisting.  But then there are a
>  > different set of misconfigured mail servers that 1) Drop mail upon a
>  > greylisting.  Those would lose mail in normal operation anyway.  And
>  > those that 2) produce DSNs which confuse the sending user and create
>  > backscatter spam.  And that 3) retry at a very slow rate causing
>  > excessive mail delays.  I still use it anyway.  (shrug)
>
> I see the delays but haven't seen the dropped mail. Well, I guess I
> wouldn't know! But nobody complains like they used to :)
>
>  > Concerning blocking dynamic IP blocks: I have yet to run into anyone
>  > who didn't fall into the hacker wannabe category trying to send me
>  > email that couldn't.  And that is only at the rate of once every few
>  > of years.  In fact it may have been five years or more since the last
>  > time I ran into this issue.  My family and friends all use mail relays
>  > on static ip addresses.  Most importantly I can't think of any
>  > business associations that would ever fall into trouble here.
>
> I must be special.
>
>  > Many ISPs now block outgoing smtp port 25 from their internal networks
>  > as part of their virus spam control policy.  The environment has
>  > changed in recent years.  I think there are much less of these users
>  > on dynamic IP blocks being even partially successful sending mail
>  > these days.  (I would enjoy reading counter examples.)
>
> Could be. I pulled out spamassasin and put in grey listing a little
> over a year ago. 
>
>  > Try setting "warn_if_reject" for DUL clients and then taking a survey
>  > of the mail logs later to see if it would have rejected anything that
>  > you didn't want it to reject.  That would be safe.
>
> Thanks for the good idea.
>
> _______________________________________________
> NCLUG mailing list       NCLUG at nclug.org
>
> To unsubscribe, subscribe, or modify 
> your settings, go to: 
> http://www.nclug.org/mailman/listinfo/nclug
>

More information about the NCLUG mailing list