[lug] Stopping the New Generation of Spam

George Sexton gsexton at mhsoftware.com
Mon Dec 4 08:44:39 MST 2006 

I've done a few different things. My current false negative rate is 
about 10-15 pieces a day. Without filtering, I get about 700 pieces of 
spam a day.

I've tightened up my mail server using the recommendations here:

http://www.freesoftwaremagazine.com/articles/focus_spam_postfix/

Specifically, I tightened up the HELO checking, and implemented SPF. I 
didn't do greylisting because we do phone tech support a lot. Waiting an 
indeterminate time for a message to clear greylisting just would not work.

Since 2:00 AM this morning, 850 messages were rejected from my mail 
server because of bogus HELO, and 269 messages were rejected because of 
SPF validation. Primarily, people trying to send spam to me on my domain 
name.

Before someone sends me a rant on SPF, just save it.

Finally, at the server side I use Amavisd (w/ SpamAssassin turned off), 
and bogofilter. My false positive rate is 0, and as I said above, the 
false negative rate is less than 2%.


Bill Thoen wrote:
> Over the last 2-3 months I've been getting a *lot* more spam than ever
> before and Spamassassin doesn't seem to be reacting fast enough or
> effectively enough to deal with it. In particular, it doesn't seem to be
> able to block these messages filled with random snippets of english
> text and/or those where the message is embedded as an image. It also looks
> like some of these spams are coming form large networks of compromised
> machines (same message comes from many different unrelated IPs) so blocking
> by IP is less effective. I used to get about 250 spams a day, but now it's
> up to 350-500 a day, and it's increasing.
>
> How are people dealing with this new onslaught? What sort of filtering or
> tools work these days? If this keeps up it will eventually overwhelm my
> little Linux server and become sort of indistinguishable from a Denial of
> Service attack!
>
> Or is this just the holiday rush where all the spammers just squeal louder
> and shove harder trying to get their snouts into the trough?
>
> - Bill Thoen
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
>   

-- 
George Sexton
MH Software, Inc.
Voice: +1 303 438 9585
URL:   http://www.mhsoftware.com/

More information about the LUG mailing list