Re: spamd question (4.1)
RW wrote: On Mon, 23 Jul 2007 20:51:33 -0700, Darrin Chandler wrote: Also, though spamd works GREAT, it is what it is. As I mentioned above, it will not stop spam from real mail servers, whether open relays or spam house servers. You may get to the point where you do want to add ports/packages). I deal with a few different domains. On some I need more filtering, and on others I use only spamd. Don't add extra stuff unless you find you need it. Even so, having spamd take the major brunt will let you do additional filtering without needing a beefy server. Well I host two domains here and spamd stops plenty of mail from real servers or spambots that use the host's idea of an outbound MX. I do NO content inspection whatsoever and spam into mailboxes is almost zero. I hate spam but my philosophy is that deleting one spam every week or so (actually I'm getting less than one a month) is better than losing genuine mail and hardly qualifies as a stressor. The default blacklisting of China and Korea is OK for me as I haven't had work in Korea since well before spamd came along. even when running in pure greylisting mode, i get almost no spam (assuming users are not retarded and don't whitelist bad hosts). the only thing worth watching for is organizations that use their email as a short lead-time communication method. in this case people will call and say where is my email from new client X! and you have to either manually whitelist or tell them what they don't want to hear well, you have to wait 25 minutes or more for their server to be whitelisted. for domains that have multiple MX records, it might be nice to have all those IPs whitelisted when sending to that domain. maybe this is already done or there is a reason it isn't :). guess someone could publish a list of bogus IPs in their MX records...
Re: spamd question (4.1)
On Tue, Jul 24, 2007 at 06:01:07AM -0500, Jacob Yocom-Piatt wrote: even when running in pure greylisting mode, i get almost no spam (assuming users are not retarded and don't whitelist bad hosts). the only thing worth watching for is organizations that use their email as a short lead-time communication method. in this case people will call and say where is my email from new client X! and you have to either manually whitelist or tell them what they don't want to hear well, you have to wait 25 minutes or more for their server to be whitelisted. Just say that you are investigating it, and take 25 mins over your investigation (surf for pictures of enema discharges to send to them), tail the logs, and let them know that the host is now white listed. Job done. for domains that have multiple MX records, it might be nice to have all those IPs whitelisted when sending to that domain. maybe this is already done or there is a reason it isn't :). guess someone could publish a list of bogus IPs in their MX records... http://www.rfc-ignorant.org/policy-bogusmx.php Can be used to weight spam assain -- Craig Skinner | http://www.kepax.co.uk | [EMAIL PROTECTED]
Re: spamd question (4.1)
On Tue, 24 Jul 2007 06:01:07 -0500, Jacob Yocom-Piatt wrote: for domains that have multiple MX records, it might be nice to have all those IPs whitelisted when sending to that domain. maybe this is already done or there is a reason it isn't :). guess someone could publish a list of bogus IPs in their MX records... Outgoing server pools do not have MX records . Some biggies use SPF (Bob Beck has good info in a presentation about why you would not use it at your own MX to check incoming mail) and those usually provide records that you can access with dig or host. Use -ttxt and see. e.g. _spf.google.com has a /16, a /17, a/ 18, two /19s and a /20 which you can add by hand to your own whitelist if you trust all gmail clients. Rod/ From the land down under: Australia. Do we look umop apisdn from up over?
Re: spamd question (4.1)
Craig Skinner wrote: On Tue, Jul 24, 2007 at 06:01:07AM -0500, Jacob Yocom-Piatt wrote: even when running in pure greylisting mode, i get almost no spam (assuming users are not retarded and don't whitelist bad hosts). the only thing worth watching for is organizations that use their email as a short lead-time communication method. in this case people will call and say where is my email from new client X! and you have to either manually whitelist or tell them what they don't want to hear well, you have to wait 25 minutes or more for their server to be whitelisted. Just say that you are investigating it, and take 25 mins over your investigation (surf for pictures of enema discharges to send to them), tail the logs, and let them know that the host is now white listed. Job done. that's a shitty suggestion =). for domains that have multiple MX records, it might be nice to have all those IPs whitelisted when sending to that domain. maybe this is already done or there is a reason it isn't :). guess someone could publish a list of bogus IPs in their MX records... http://www.rfc-ignorant.org/policy-bogusmx.php heh. oh, and rod, you're right about the outbound IPs, that was my confusion blush. Can be used to weight spam assain
Re: spamd question (4.1)
On 2007/07/24 06:37, Jacob Yocom-Piatt wrote: heh. oh, and rod, you're right about the outbound IPs, that was my confusion blush. Masking on /24 in spamlogd would help with this for many sites.
Re: spamd question (4.1)
qui ce devout pour faire le site car finalement le ror ca reste du web donc ca reste pas fait pour moi 2007/7/24, Stuart Henderson [EMAIL PROTECTED]: On 2007/07/24 06:37, Jacob Yocom-Piatt wrote: heh. oh, and rod, you're right about the outbound IPs, that was my confusion blush. Masking on /24 in spamlogd would help with this for many sites. -- Gallon sylvestre Astek michant / Assistant CISCO Rathaxes Core Developper http://blog.evilkittens.org/~syl/
Re: spamd question (4.1)
2007/7/24, Stuart Henderson [EMAIL PROTECTED]: On 2007/07/24 13:53, syl wrote: qui ce devout pour faire le site car finalement le ror ca reste du web donc ca reste pas fait pour moi If you're going to write in French on an English-language mailing list, please can you at least try and use the correct accents (it's a lot harder to translate without them) and avoid idioms, so we stand some chance of understanding you ... Sorry for this message without relation with this discution. I'm french and I think this french message is a mistake, perhaps a mail for a french RubyOnRails mailing list (ror in message seems to talk about it). It's not about spamd or openbsd (Or I don't understand my birth language :-/ ) Sorry about this. /except_subject -- Yannick Pouype Francois http://www.typouype.org http://www.rubyfrance.org
Re: spamd question (4.1)
Sorry I made a mistake and send the message at the wrong mailling list, I'm very confused , since this morning I do not stop to make mistake... Maybe the amount of beer drank yesterday may help find a reason to my miscalculation 2007/7/24, Yannick Francois [EMAIL PROTECTED]: 2007/7/24, Stuart Henderson [EMAIL PROTECTED]: On 2007/07/24 13:53, syl wrote: qui ce devout pour faire le site car finalement le ror ca reste du web donc ca reste pas fait pour moi If you're going to write in French on an English-language mailing list, please can you at least try and use the correct accents (it's a lot harder to translate without them) and avoid idioms, so we stand some chance of understanding you ... Sorry for this message without relation with this discution. I'm french and I think this french message is a mistake, perhaps a mail for a french RubyOnRails mailing list (ror in message seems to talk about it). It's not about spamd or openbsd (Or I don't understand my birth language :-/ ) Sorry about this. /except_subject -- Yannick Pouype Francois http://www.typouype.org http://www.rubyfrance.org -- Gallon sylvestre Astek michant / Assistant CISCO Rathaxes Core Developper http://blog.evilkittens.org/~syl/
Re: spamd question (4.1)
sorry I make a mistake and send my mail at the wrong mailling list Le 24/07/07, syl[EMAIL PROTECTED] a icrit : qui ce devout pour faire le site car finalement le ror ca reste du web donc ca reste pas fait pour moi 2007/7/24, Stuart Henderson [EMAIL PROTECTED]: On 2007/07/24 06:37, Jacob Yocom-Piatt wrote: heh. oh, and rod, you're right about the outbound IPs, that was my confusion blush. Masking on /24 in spamlogd would help with this for many sites. -- Gallon sylvestre Astek michant / Assistant CISCO Rathaxes Core Developper http://blog.evilkittens.org/~syl/ -- Gallon sylvestre Astek michant / Assistant CISCO Rathaxes Core Developper http://blog.evilkittens.org/~syl/
Re: spamd question (4.1)
On 7/23/07, Darrin Chandler [EMAIL PROTECTED] wrote: It seems normal enough. What I and some others have done in addition is to add a whitelist that bypasses spamd altogether. Into that whitelist goes gmail (host -ttxt gmail.com) and other large providers using pools for outgoing mail. Good point. If you are concerned about the entries that you saw whitelisted, have you checked where the mail went that they sent? If this is wholly your domain then you should be able to easily see that. If you can't look (because it's other people's mail) then you can still ask around and see if people have been getting spam. I've not had a chance to examine where the white listed hosts were trying to send to (yet). I have yet to run sendmail to accept incoming mail. However, while monitoring the output from spamdb, I did noticed most to addresses for the GREY trapped hosts were bogus recipients. Also, though spamd works GREAT, it is what it is. As I mentioned above, it will not stop spam from real mail servers, whether open relays or spam house servers. You may get to the point where you do want to add I see your point about open relays and such. Thanks for your input! --patrick
Re: spamd question (4.1)
On Mon, 23 Jul 2007 20:51:33 -0700, Darrin Chandler wrote: Also, though spamd works GREAT, it is what it is. As I mentioned above, it will not stop spam from real mail servers, whether open relays or spam house servers. You may get to the point where you do want to add ports/packages). I deal with a few different domains. On some I need more filtering, and on others I use only spamd. Don't add extra stuff unless you find you need it. Even so, having spamd take the major brunt will let you do additional filtering without needing a beefy server. Well I host two domains here and spamd stops plenty of mail from real servers or spambots that use the host's idea of an outbound MX. I do NO content inspection whatsoever and spam into mailboxes is almost zero. I hate spam but my philosophy is that deleting one spam every week or so (actually I'm getting less than one a month) is better than losing genuine mail and hardly qualifies as a stressor. The default blacklisting of China and Korea is OK for me as I haven't had work in Korea since well before spamd came along. Greytrapping, using Bob Beck's list plus a bunch of locally harvested never-been-used addresses that seem to be on many spam target lists, added to the OK domains feature that came with 4.1, does the rest. It can be a bit of a pain dealing with the outbound server pools but I usually spot spamdb telling me that it has the one sender/ one target combo listed from several IPs and then I go and get the pool details (if I can) and whitelist it. Most get through eventually. Content inspection is playing catchup and most of the well heeled spammers own a bunch of hardware filters (Barracuda etc) and run Spamass and other cpu wasters. All of them are kept right up to date and the mailings are rapidly changed to address the latest hurdles. I see this because I keep one remote mailbox entirely unfiltered in another domain. It gets NO genuine mail but its address has been put invisibly on webpages and seeded onto similar locations. Mostly I just junk the entire contents regularly, but on an idle day I have a sniff at a few to see what the bastards are up to. Very educational. Of course there are poorboys who don't have any track on the latest bayesian-guessing toys and they seem to persist but they don't get through here either so why waste cycles? It's all a judgement call but I'm very happy with what the devs have provided for our use. I only use one BL lookup on the MX and that is zen.spamhaus.org but I never seem to see hits from it anyway. Good luck! Rod/ From the land down under: Australia. Do we look umop apisdn from up over?