John, Because we are both network admins, and the best time of the week to work on server changes is late at night, on weekends? That's my excuse! Being an insomniac doesn't hurt, either. :-)
William Van Hefner Network Administrator Vantek Communications, Inc. 555 H Street, Ste. C Eureka, CA 95501 > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) > Sent: Saturday, October 15, 2005 1:34 AM > To: [email protected] > Subject: RE: [sniffer] Large amounts of spam still getting through > > > On a very off topic note, why are we still both up? > > John T > eServices For You > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] > On > > Behalf Of William Van Hefner > > Sent: Saturday, October 15, 2005 1:01 AM > > To: [email protected] > > Subject: RE: [sniffer] Large amounts of spam still getting through > > > > John, > > > > This may be slightly OT. Hope Pete doesn't mind. :-) > > > > The default in greylisting that comes with Postfix is 300 seconds, > although > > you can change that value to whatever you want. The first > reason that > > greylisting was implemented was because almost no spamware > ever tried > > resending messages at the time the idea was originally > brought about. > > Now, > I > > would say that about 85% of spamware and zombies never retry. It is > > the > BIG > > spamhauses that always retry, and Sniffer is an excellent companion > > for catching those. It is currently best suited for stopping zombie > > spamware, and the majority of small spammers that never > retry sending > > messages. > > > > As far as the delay timing goes, that is really up to each > individual > admin > > and should be fine tuned depending upon what kind of > traffic patterns > > you are dealing with. I could certainly see the need for > some admins > > to crank the delay up to 15-20 minutes, while I have other hosting > > customers that > are > > whitelisted entirely (you can whitelist individual domains or just > > users using greylisting). The best use may be to whitelist > some user > > addresses, and leave others with significant delays. I > always believe > > that users > should > > use a "personal" e-mail address, and another one that is > strictly for > > mailing lists, online ordering, and stuff like that. > > > > There is a lot of tweaking that can be done with > greylisting, but it > > is > only > > one part of the overall antispam picture. One of its biggest > > advantages is the bandwidth and CPU processing it can save > you, as it > > rejects a substantial amount of spam with very little bandwidth > > consumption. There > are > > also technically no "false positives", as all mail (even spam) will > > eventually be passed through. Obviously, it only works best > for SOME > > spam though, and other things like Sniffer solve different parts of > > the puzzle. Between the different methods I am using, which > don't even > > include > Bayesian > > at the moment, I am seeing far better than a 99% success > (rejecting or > > deleting spam) rate, with very few false positives. > > > > > > > > William Van Hefner > > Network Administrator > > > > Vantek Communications, Inc. > > 555 H Street, Ste. C > > Eureka, CA 95501 > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) > > > Sent: Saturday, October 15, 2005 12:41 AM > > > To: [email protected] > > > Subject: RE: [sniffer] Large amounts of spam still getting through > > > > > > > > > 5 minutes would hardily be noticed. Discussions I was having with > > > others involved delays of an hour or two. > > > > > > I do not see how "greylisting" a message for 5 minutes would help > > > except when fighting harvesting or dictionary type spam attacks. > > > > > > John T > > > eServices For You > > > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED] > > > On > > > > Behalf Of William Van Hefner > > > > Sent: Saturday, October 15, 2005 12:22 AM > > > > To: [email protected] > > > > Subject: RE: [sniffer] Large amounts of spam still > getting through > > > > > > > > John, > > > > > > > > I have no clue what the "legal implications" would be, as > > > long as both > > > > my customers know that I'm using it and the sender is notified > > > > appropriately via SMTP. I use greylisting via > IMGate/Postfix and > > > > it works like a charm. > > > It > > > > takes a good couple of weeks to build up decent whitelist > > > (both manual > > > > whitelisting and automated whitelisting are recommended), but > > > > after that > > > it > > > > is pretty much smooth sailing. I've yet to have a > single complaint > > > > from my users over greylisting, other than the fact that it > > > > delayed their e-mails > > > by > > > > around 5 minutes for the first couple of weeks. If I > had planned > > > > it > > > better, > > > > even those delays would largely not have occurred. > > > > > > > > I know of no way to implement greylisting on a Windows box. See > > > > greylisting.org for more info. > > > > > > > > > > > > William Van Hefner > > > > Network Administrator > > > > > > > > Vantek Communications, Inc. > > > > 555 H Street, Ste. C > > > > Eureka, CA 95501 > > > > 707.476.0833 ph > > > > > > > > > > > > > -----Original Message----- > > > > > From: [EMAIL PROTECTED] > > > > > [mailto:[EMAIL PROTECTED] On Behalf Of John T > > > > > (Lists) > > > > > Sent: Friday, October 14, 2005 12:55 PM > > > > > To: [email protected] > > > > > Subject: RE: [sniffer] Large amounts of spam still > getting through > > > > > > > > > > > > > > > There has been a good amount of discussion about > > > temporarily "grey > > > > > listing" an e-mail message and there are many questions > > > surrounding > > > > > it, one of which is legal. > > > > > > > > > > John T > > > > > eServices For You > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: [EMAIL PROTECTED] > > > > > > [mailto:[EMAIL PROTECTED] > > > > > On > > > > > > Behalf Of Mike Nice > > > > > > Sent: Friday, October 14, 2005 12:43 PM > > > > > > To: [email protected] > > > > > > Subject: Re: [sniffer] Large amounts of spam still > > > getting through > > > > > > > > > > > > > getting much better at what they do. When a spammer uses > > > > > Geocities > > > > > links, > > > > > > > hijacks real accounts on major providers to send spam > > > through, > > > > > > > and > > > > > changes > > > > > > > their techniques every few hours, it makes it difficult > > > > > for Sniffer > > > > > > > to proactively block them, and the delay between rulebase > > > > > > > updates means a delay in catching things that have > > > been tagged. > > > > > > > > > > > > This brings to mind a technique with optional > > > adaptive delay - > > > > > > enabled > > > > > by > > > > > > the user. Each mail is assigned a 'triplicate': (To_Email, > > > > > From_Email, > > > > > > and domain_of_sending_server). Previously unknown > > > triplicates are > > > > > > held for a period of time before being examined for spam. > > > > > The delay > > > > > > is long enough that SpamCop, Sniffer, and InvURIBL > > > mailtraps see > > > > > > copies of the spam and update the blacklists. > > > > > > > > > > > > This would be hard to do with the stock IMail, but > > > > > possibly could > > > > > > be > > > > > done > > > > > > by Declude with the V3 architecture and a database. > > > > > > > > > > > > It still doesn't provide a good answer to the problem of > > > > > spammers > > > > > > hijacking a computer and sending spam through > > > legitimate servers. > > > > > > > > > > > > > > > > > > This E-Mail came from the Message Sniffer mailing list. For > > > > > > information > > > > > and > > > > > > (un)subscription instructions go to > > > > > > http://www.sortmonster.com/MessageSniffer/Help/Help.html > > > > > > > > > > > > > > > This E-Mail came from the Message Sniffer mailing list. For > > > > > information and (un)subscription instructions go to > > > > > http://www.sortmonster.com/MessageSniffer/Help/Help.html > > > > > > > > > > > > > > > > > This E-Mail came from the Message Sniffer mailing list. For > > > > information > > > and > > > > (un)subscription instructions go to > > > > http://www.sortmonster.com/MessageSniffer/Help/Help.html > > > > > > > > > This E-Mail came from the Message Sniffer mailing list. For > > > information and (un)subscription instructions go to > > > http://www.sortmonster.com/MessageSniffer/Help/Help.html > > > > > > > > > This E-Mail came from the Message Sniffer mailing list. For > > information > and > > (un)subscription instructions go to > > http://www.sortmonster.com/MessageSniffer/Help/Help.html > > > This E-Mail came from the Message Sniffer mailing list. For > information and (un)subscription instructions go to > http://www.sortmonster.com/MessageSniffer/Help/Help.html > This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
