[CentOS] spam control

Wed Oct 25 16:45:24 UTC 2006
John Hinton <webmaster at ew3d.com>

James Fidell wrote:
> Aleksandar Milivojevic wrote:
>> In short, while greylisting reduces spam significantly, be prepared that
>> it's not trouble-free solution.  Be prepared to implement workarounds
>> for troublesome sites (boils down to some sort of whitelisting).  Your
>> users don't care that MTA on the sender's side is broken.  They want to
>> exchange emails, and the intial delay introduced by greylisting is
>> already annoying enough for them (for some even more annoying than spam).
> Very true.  One of the reasons I only greylist based on the sbl/xbl is
> to avoid some of the problems you list.  I also use a whitelist of sites
> known to have problems with greylisting elsewhere in my spam filtering.
> It's never going to be a perfect solution though.
>> As more sites implement greylisting, spammers are more likely to start
>> retrying addresses they got 4xx.  I already see more and more spammers
>> doing this.  This makes gerylisting a "temporary solution" that works
>> now.  In future it will be less and less effective.
> Quite so.  It will still slow them down, but given the resources they
> have access to, probably not very much.  Combining it with teergrubing
> may help, too, but things will just escalate :(
> James
Teergrubing/tarpitting is actually a technology I am most interested in. 
Maybe allow 0.1k/sec flow in. It's not one that alone, as in just my 
mailservers, would have a lot of effect... but if it were used by many 
systems, this could drastically reduce the flow of spam. It could be 
done at varying levels, such as only on SpamHaus sbl/xbl... and then 
perhaps on local rules created adding those new boxes/IP addresses which 
show up each day. To me, it also seems this has the potential of tying 
up the compromised computers to the point where the owner/user might 
realize that they must do something about 'this slow computer'.

I don't think my users would be too happy with greylisting, unless it 
was done only on blocklist, as they have come to enjoy the immediate 
delivery of email. Also, greylisting has the potential of hurting other 
ISPs, clogging their systems, just because they signed up a few 'stupid 
users' who got the latest virus/trojan. If you think back to some of the 
more successful viruses, mailservers everywhere suffered with many 
choking and going down. Adding to their mail queues isn't so nice.

I do believe that the bulk of spam is still coming from compromised 
systems... or for sure the bulk of the troublesome spam. We subscribe to 
SpamHaus and that's the only blocklist I really trust. Our business is 
primarily in the lodging industry and the internet is responsible for 
around 80% of their bookings. No false positives is of utmost importance.

Another way to fight spam is to keep up with those networks that seem to 
invite spammers. Someone mentioned AOL as doing a great job. I have to 
agree. Yes, I've had my moments of frustration, but.... we have cures. I 
also much commend Earthlink and as of lately, Comcast. Only about a year 
ago Comcast was the largest spammer in the world. They joined in with 
what many providers agreed to as 'good email practices' and since April 
of this year have moved out of the top ten.

Verizon!!!! Boycot Verizon... turn in your cell phone, dump your DSL, 
change your T1 provider... Verizon is now by far the largest spamming 
network in the world. During a recent conference call between one of my 
clients and a Verizon Wireless technician, I discovered that their 
stance is "We provide a connection to the internet period." And the 
bottom line is they don't care if their network is being abused, don't 
care if a spammer is landing their other clients on blacklists... and 
seem to simply be turning their heads... selling connections to 
absolutely anyone for any use/abuse. Hurt them in the billfold.... 
they'll put an end to it. They have known spammer issues which go back 
as far as February of 2002!

John Hinton