Spam - Query

[CookMySock]

The email address the email comes from can be faked, made up, etc. I could write the software necessary to send out an email appearing to be from anyone I liked.

You don't even need to write software.. (which of course you will know..)

C:\WINDOWS>telnet someserver 25

Trying xx.xxx.xxx.xx
Connected to server.
Escape character is '^]'.
220 someserver.com ESMTP Postfix (Ubuntu)
helo dell01
250 someserver.com
mail from: madeup@bogus.com <--- ficticious
250 2.1.0 Ok
rcpt to: anyone@anywhere.com <--- ficticious
250 2.1.5 Ok
data
354 End data with .
subject line goes here
Dear Sir,

Please buy our spam!

bye

.
250 2.0.0 Ok: queued as 0327B406049
quit
221 2.0.0 Bye
Connection closed by foreign host.

I manage several private mail servers for companies, processing at least 1000-2000 legit emails every day, and spam would make up 80-90% of emails. Public mail servers would have a much higher rate of spam. In short Mom, getting the odd spam (less than 10 a day) is not too bad. If spam stopped existing... it would be great (and make my days a lot better).

coughgreylistcough...

Steve

[Gremlin]

greylist has big downsides. We've found other people's servers are configured to try again in a few days, not 5-10 min. SPF records are great, if everyone was able to put hard fail records on their domains...

[CookMySock]

greylist has big downsides. We've found other people's servers are configured to try again in a few days, not 5-10 min. SPF records are great, if everyone was able to put hard fail records on their domains...

woh.. I see retry times of 15-20 mins. They should configure their server properly.

Greylisting IS a pain though, business customers' new contacts are always delayed by 20 mins - that's just the way of it. Once they have emailed each other once, then it is all go, but not until. Still, the total lack of spam here is breathtaking. I don't tell them about the delay, and no one seems to notice it, and correspondingly no one seems to notice the lack of spam, but yeah 90% reduction in traffic, zero permanent failures, zero false blocks, and zero virus spam is pretty hard to turn down. If everyone greylisted then the bot writers would fix it, and we don't want that now do we.

Of course, it is possible to whitelist all .co.nz et all inside greylist, and that does cut back the delays.

Can the virus just use the ISPs' gateway to circumvent? Surely it could look up that information in outlook?

edit: postgrey comes with loads of whitelisting already done, and its trivial to add your own.
$ grep -v "\#" /etc/postgrey/whitelist_* | wc -l
199


Steve

[Gremlin]

grep? linux? ewwww

.co.nz isn't nearly enough for me however. I work with .com, .net, .co.uk, .com.au, .co.jp etc etc every day. I manage most common TLD's as well (always amusing having a .co.uk, registered in NZ, managed in NZ, mail servers in NZ etc ). Also, best to not drill massive holes in your defence by whitelisting .co.nz, only takes one spammer to fake email addresses on that...

A while ago, had massive problems with viagra/pfizer emails going right through. Put in a custom rule with great success... until a while later a client started dealing with Pfizer

[CookMySock]

A while ago, had massive problems with viagra/pfizer emails going right through. Put in a custom rule with great success... until a while later a client started dealing with Pfizer

Thats why server-side greylisting is cool.. it's not about the content, it's about the relationship between sender and receiver. All the common stuff is whitelisted so theres no delay, but anything that has never been seen before gets the run-around just to make sure it's serious. 90% of spam doesn't even get to the server.

On what month in the following graph was greylisting installed?


*from http://users.aber.ac.uk/auj/spam/greyperf.shtml

Steve

[Max Preload]

People who bulk email jokes without BCCing are often to blame for the reasons DB spoke of - email address harvesting through worms on any of the recipient's machines and they have all the email addresses the email was sent to.

If you set up another email address (most ISPs will give you at least 5 free with your account) that you never use, it'll never get spammed. So the spammers are not just brute force emailing random addresses.

[Tank]

Bullshit - do not read

Seriously - you should have that as a header for all your post.

[Tank]

Upshot - 'ol (as opposed to old ;-) ) Mom is techie light.

Thus the simple answer is - just have your mail with a ISP that has reasonable spam filtering. They get 99% of it - but the odd one will always get thru. When they do - just delete them. It only takes a second.

No need to do anything - no need to configure greylist, no need to run linux commands. Simple.

[Max Preload]

Thus the simple answer is - just have your mail with a ISP that has reasonable spam filtering.

Xtra used to be fantastic. Then when it became YahooXtra it turned to shit. But now, after training it by logging into webmail to mark SPAM that made it to my Inbox and to retrieve email wrongly marked as SPAM it's back to being pretty damn good again.