-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I will preface this by saying that I will always err on the side of
allowing communication rather than impeding it. We have to be careful
not to do more damage as a result of an emotional reaction. SPAM is
bad/evil/annoying/amoral/illegal etc., but blocking legitimate email is
a worse offence IMO.
Also, whenever you block a message, you should bounce it as oppose to
dropping it silently. This way if there are false positives, the sender
is at least aware that there is a problem.
I use a combination of RBL and greylisting, with spam assassin Rules Du
Jour.
The following are the RBL lists we use, I have commented out two that
have been problematic:
dnslists = sbl-xbl.spamhaus.org : \
list.dsbl.org : \
dul.dnsbl.sorbs.net : \
web.dnsbl.sorbs.net : \
dnsbl.njabl.org : \
# relays.ordb.org : \
cbl.abuseat.org : \
http.dnsbl.sorbs.net : \
misc.dnsbl.sorbs.net : \
socks.dnsbl.sorbs.net : \
smtp.dnsbl.sorbs.net : \
zombie.dnsbl.sorbs.net : \
opm.blitzed.org : \
blackholes.mail-abuse.org : \
dialups.mail-abuse.org : \
hijacked.dnsiplists.completewhois.com : \
# bogons.dnsiplists.completewhois.com : \
dnsbl.net.au
These are the Rules Du Jour we have in place:
RulesDuJour Run Summary on eq-ml01:
TripWire has changed on eq-ml01.
Version line: # Version 1.18 More Typo's fixed.
Matt Kettler's AntiDrug has changed on eq-ml01.
Version line: # rev 0.65 10/01/2006 - updated URL, etc
EvilNumber has changed on eq-ml01.
Version line: # Version: 02.00.01 # The evilnumber set has been renamed
to match SARE's updated standards, the new name is 70_sare_evilnum0.cf.
Please remove evilnumber local language files
William Stearn's RANDOM WORD Ruleset has changed on eq-ml01.
Version line: #release: 2004052501
SARE Adult Content Ruleset has changed on eq-ml01.
Version line: # Version: 01.02.07 # The Adult set has been renamed to
match SARE's updated standards, the new name is 70_sare_adult.cf
SARE Fraud Detection Ruleset (for SA ver. 2.5x and greater) has changed
on eq-ml01.
Version line: # Version: 01.03.02 # NOTE: Please update your scripts to
pull this file from it's new location
http://www.rulesemporium.com/rules/99_sare_fraud_post25x.cf
SARE BIZ/Marketing/Learning Ruleset (for SA ver. 2.5x and greater) has
changed on eq-ml01.
Version line: # Version: 01.02.02 # The BML set has been renamed to
match SARE's updated standards, the new name is 72_sare_bml_post25x.cf
SARE Spoof Ruleset has changed on eq-ml01.
Version line: # Version: 1.09.18
SARE 70_sare_bayes_poison_nxm.cf Ruleset has changed on eq-ml01.
Version line: # Version: 1.00
SARE OEM Ruleset has changed on eq-ml01.
Version line: # Version: 1.05.14
SARE Random Ruleset for SpamAssassin 2.5x and higher has changed on eq-ml01.
Version line: # Version: 1.30.21
SARE Obfuscation catching Ruleset (set 0 -- hits mostly spam) has
changed on eq-ml01.
Version line: # Version: 01.00.08
SARE Top 200 spamcop ip addresses Ruleset (automatically generated) has
changed on eq-ml01.
Version line: # Modified: 12/5/2006 5:18:59 PM EST
Greylisting is a technique that blocks a large portion of our spam.
Basically the first time you receive a message from someone, your mail
server replies with a temporary failure. Most sending mail servers will
retry within 15 minutes to an hour. It does require some work in SQL
(mySQL is what we use) but it has been worth every second of the time we
invested in it.
One caveat, some mail servers have disabled retries. 9 out of 10 times
it is an Exchange server. This is incorrect behaviour for a mail
server, so don't hesitate to let the offending admins know that they
have made a mistake that should be corrected.
A good greylisting resource can be found here:
http://projects.puremagic.com/greylisting/links.html
This tends to be a mostly fire and forget solution. Logcheck and our
users keep us informed when things inevitably go wrong (with or without
anti-spam measures).
Hth,
Roy Souther wrote:
> I am running spamassassin and using sbl-xbl.spamhaus.org and they to
> stop a lot of SPAM but I am still getting way more then I can stand.
> What are people doing to stop SPAM? I do not want to run a program that
> needs constant attention from me to keep it up to date and working.
>
> There seems to be a lot of IP's and server networks that are dumping a
> lot of SPAM on to the Internet but the block lists are not identifying
> as SPAM'ers. I tried to find some way to submit offending IP addresses
> to SPAMhaus.org but I could not find any way. Perhaps you can only
> submit offending IP's if you are subscribed to a paid service of
> SPAMhaus.org.
>
> Is there a community driven SPAM block listing service? Queries to
> SPAMhaus.org automatically include other block lists but they all seem
> to not let the public submit offending IP's either.
>
> _Royce Souther <mailto:[EMAIL PROTECTED]>_
> _www.SiliconTao.com <http://www.SiliconTao.com>_
> Let Open Source help your business move beyond.
>
> For security this message is digitally authenticated by _GnuPG
> <http://www.gnupg.org>_.
>
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> clug-talk mailing list
> [email protected]
> http://clug.ca/mailman/listinfo/clug-talk_clug.ca
> Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
> **Please remove these lines when replying
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFgDkqwRXgH3rKGfMRAoRxAJ9ULiS2X4mCCQqvk0qB6pkQYLEfRwCeOiC3
1fYxpNG6Cg8yta/YUjqS2uE=
=FP3X
-----END PGP SIGNATURE-----
_______________________________________________
clug-talk mailing list
[email protected]
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
**Please remove these lines when replying
