On 08/07/03 at 02:43 -0500, Ron Johnson opined:
> I have several questions. First, this spamtrap thing I've seen
> postings about on here - I understand what it is, but do I actually
> need to go to the DNS system and create 'A' records, creating new
> addresses, for this to work
No, spamtrap addresses are e-mail addresses, not IP addresses. They have
nothing to do with DNS (other than the DNS for the domain in the spamtrap,
but you'll want to use an existing domain with existing MX records for
that).
> or can I just go into the user accounts module of SIMS & create 2 or
> 3, or so, accounts for this purpose?
You don't even need to do that. Spamtrap addresses don't need to correspond
to actual accounts on your server. By design, they'll never accept mail
anyway. All that's needed is an appropriate entry in your SIMS router.
E.g., if you wanted to make [EMAIL PROTECTED] into a spamtrap
address, where yourdomain.tld is your SIMS' primary domain, you'd add this
entry to your router:
die_spammer = spamtrap
That's it.
> Whichever way I have to use this feature, can I embed these spamtrap
> addresses into my web pages, in addition to the email addresses I
> already have on it for public use, or not?
Absolutely. You can salt them wherever you think harvesting robots might
pick them up.
> If I need to embed them into the 'meta' info in my web page headers,
> is there a Mac-Based app for doing this, as well as, generating any
> other meta info needed?
Any text editor or HTML editor (HTML is just plain text).
> Next, I have several RBL Servers in my DNS/RBL list. Is this all I
> need to do for them to work for me, or do I need to do more? I seem
> to recall a handful of posts dealing with this subject, and I seemed
> to glean from them needing to add the response IP for each RBL Server
> to my blacklisted IP list. True, or not?
True.
> If so, where do I look for these IP numbers, and what, exactly, does
> using them in my blacklist do for me? If needed, I can provide a
> list of the RBL Servers I'm currently using.
Check the web sites of the respective RBLs, they should say what addresses
they return. Almost all of them are in the 127.0.0.2-127.0.0.255 range. The
Blitzed open proxy list (opm.blitzed.org) returns responses in
127.1.0.1-127.1.0.32.
> Next, would it be safe & prudent, to use the originating IP info, I
> mentioned was in two of the message headers, in my blacklisted IP
> list?
In general, the only 'received' line that you can really trust is the one
that was written by your own server (the topmost one). It shows the IP
address of the host that relayed the message to your server. Any other
'received' lines might be forged and are therefore suspect, so what you
might think is the 'originating' IP address for the message might not have
had anything to do with it. Besides, the only address that matters for
blacklisting is the one that actually talks to your server to relay
messages -- that's the only one your server is going to reject connections
from.
> As far as examining the logs to determine the IPs to blacklist,
> suppose there are 2, or more of them, showing for the spam message in
> question - which one(s) do/should I use? I can provide an example
> from one of my logs, if needed.
For any given single message, there should only be one IP address in your
server log (that of the host that relayed the message to you). If two
copies of the same message are relayed to you by two different hosts, then
by all means blacklist both hosts.
> Generally, I'm looking for assistance in nipping this thing in the
> bud, before it gets any worse, especially since I have a church, a
> friend, a relative & 2 roommates, with accounts on my server! I know
> I've received 25 messages I'd consider spam in my personal account,
> and other than examining the logs, I have no idea, whatsoever, how
> many such messages the church has received. Might it be helpful to
> put '[EMAIL PROTECTED]' on mine, & the church's site, so that I
> can get spam reports?
Abuse addresses are generally used by people outside your network to report
spam and other abusive activities that come, or appear to come, from your
network. So posting an abuse address on your web site would not be a
generally useful tool in fighting incoming spam. In fact, it would probably
increase the volume of spam you receive as the spambots pick up the address
from your site and start targeting spam at it.
> I presume, the best thing to do is ask my users to actually forward
> any suspected spam messages to this account, so that I can examine
> the logs, and take whatever action I deem necessary?
Yes, that would be helpful. Make sure you tell them to send you the full
headers of the messages, though, or else their reports won't do you any
good. You need to see the final (top) 'received' line to determine who
relayed the message to your server. Also, the Return-Path will sometimes
fall into a pattern that is useful to route to ERROR. I periodically ask my
users to forward spam to me for the same purpose, but they almost never do.
Maybe your users will be different. ;-) On the other hand, I get enough
spam to my own accounts that I have plenty of grist for the spam-fighting
mill all on my own. 8-\
> Well, this should suffice for the moment. I know many of you guys
> have been doing this a lot longer, and on a *much* grander scale than
> I, so your expertise is welcomed! Better I learn how to deal with
> this crap now, before it spins out of control! TIA!
--
Christopher Bort | [EMAIL PROTECTED]
Webmaster, Global Homes | [EMAIL PROTECTED]
<http://www.globalhomes.com/>
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
