On 03/30/2012 04:48 AM, Markus Falb wrote:
On 30.3.2012 05:26, Nataraj wrote:
The way that I finally got rid of all the residual spam that makes it through greylisting, SPF, spamassassin, clamav is to handout unique mail addresses and use black/whitelists. So for example if I assign an email address for incoming mail from a mailing list and then setup a whitelist entry that only allows that address to receive email from the mailservers that serve that mailing list and then blacklist all other incoming mail to that address it is very effective.
But how to tell which mailservers are "serving" that mailing list? That's the thing SPF or similar is supposed to do, isn't it? Don't tell me you are looking at the MX Records! Incoming and Outgoing Mailservers are not the same necessarily.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
My white/blacklisting software happens to allow regular expressions as well as IP addresses and has the capability to match on one or more of the following fields in the message:
envelope sender envelope recipient helo name remote IP address Remote hostname
When it matches on remote hostname, it does a reverse dns lookup. I already have my mailserver configured so that It will not accept mail from any site for which the forward and reverse dns entries do not match. So I can create a whitelist entry which allows .*.centos.org or .*@centos.org.
Yes, it limits the ability for people to contact me off list, but people that need to reach me seem to find a way. There is a price for everything. If you happen to own a 3 letter domain name that was around from the days of the original arpanet, and you have had a bad enough spam problem, then it may be worthwhile to pay that price. I am on a fair number of mailing lists and find that spammers do harvest addresses on these lists.
Generally when I join a new list, I just create the unique email address, but don't do the whitelist/blacklist thing until I start seeing spam to that address, so I can tell which lists or people that I gave my email address too was harvested or leaked.
I've see my email address leaked to spammers from presumably secure sites like major banks and financial institutions, various websites where I've made online purchases, etc. It is unbelievable how insecure these supposedly secure sites are. On two occasions I reported to a major financial institution that they had leaked my email address and after several months got back a notice that they had found that the security of their systems had been compromised, but assured me that it affected only my email address and not my bank account or other personal information.
Yes it is the case that I generally do not recommend this technique to inexperienced user. For my users I do the best I can with greylisting, spamassassin, etc. For users who do not highly publicize their email address this is usually enough. I have one client though that advertises their customer service email address and has a massive spam problem. I told them that the best way to solve that was to create a properly designed web page for customer service requests that was protected from automated submission methods.
There are also tools that implement auto-whitelisting, that will send out an auto-response requiring the user to send back a confirmation or click on a web page and be automatically whitelisted. Some people are strongly opposed to this method because it will generate more spam to what ever return address is given in the spam that you do receive. This would not work so well for things like receiving a confirmation message for your online purchase from amazon.com.
Nataraj
Nataraj