[Mailman-Users] Spam to list-owner
Lindsay Haisley
fmouse-mailman at fmp.com
Sat Dec 20 20:54:33 CET 2008
On Sat, 2008-12-20 at 13:13 -0600, Brad Knowles wrote:
> Unfortunately, milters are not widely supported outside of modern
> versions of sendmail and postfix.
Courier's maildrop implements a perl-like structured scripting language
that's about as flexible as anything I'm aware of for this purpose. Any
program that generates output and an exit code can be executed from a
maildrop script and the results analyzed and appropriate action taken.
> > BTW, as I mentioned, about 80% of the spam _I_ (personally) get is
> > rejected by courier based on RBL lookups, and I assume the percentage is
> > similar for other system users. I have a cron job which generates a
> > daily report on these rejections for me, and anyone else who wants one.
>
> I have my own scripts that I've written for the same purpose. Your
> statistics do not accurately describe the situation that I personally see.
Well I'm probably not doing as effective a job of pre-filtering as you
are at UT. I've looked a bit at the stats for other users on FMP's
servers and what I see for myself is in the same ballpark. Mind you,
I'm only using about 6 RBL lists. _Most_ of the catches are from the
CBL, <http://cbl.abuseat.org/>.
> At UT Austin, we reject ~95% of all incoming mail at the SMTP dialog
> level, because we use Ironport e-mail security appliances that check the
> incoming connection against the SenderBase reputation system, and
> SenderBase has several hundred different inputs that are used to
> calculate an overall score for that sender. They monitor all the major
> RBLs (and a lot that you've never heard of), but they also consider what
> the registered nameservers are for the sending domain, who the
> registered owner of the network is in whois, and all those other things
> that you might want to check.
I'm just running a couple of colo'd Linux boxes running F/OSS software,
for family, friends and several dozen commercial clients. I'm a small
fish. Every now and then I need to revisit mail filtering issues and
re-think what I'm doing and make sure it's compliant with the current
situation. Nothing ever stays the same on the Internet.
> Do some research on the economics of spam, and how these guys get their
> money. It is an entire black economy, and they get paid based on their
> deliverability, just like any other bulk mail service.
I either have to make decisions out front about rejecting spam based on
content, or I need to accept it and pass it on to users for them to
analyze and reject it, and if they set their filtering levels too high
and their SA Bayes data store isn't properly "well educated", they get
false positive hits and have to fish stuff out of their spam mail
folder.
I think the idea of picking a SA level of, say, 10 and rejecting
outright anything at or above this is probably a sound policy. I'm not
doing this now, but using maildrop and SA it's pretty easy to do.
> If more people rejected spam outright during the SMTP dialog, we would
> make a measurable impact on the spammer economy. So long as there are
> plenty of people who are happy to just throw it away after-the-fact,
> then the spammers continue to win.
As always, your advice and concerns are well-considered, Brad. I do
need to accept a certain amount of this stuff, consistent with the
requirement that 100% of legitimate email be delivered (and SA is far
from perfect), and because I'm a SOHO business, and a small one at that,
I can't afford dedicated analytical appliances and proprietary software
for this, most of which is outside my budget. There's doubtless more I
can do.
It's a beautiful day, and I'm wasting it sitting indoors in front of a
computer. I'm outa here!!!
--
Lindsay Haisley | "The voice of dissent | PGP public key
FMP Computer Services | was arrested before the | available at
512-259-1190 | president cleared his | http://pubkeys.fmp.com
http://www.fmp.com | throat to speak |
| of freedom" |
| (Chris Chandler) |
More information about the Mailman-Users
mailing list