[lug] Spam solutions

Steve Webb steve at badcheese.com
Tue Jan 23 09:48:28 MST 2007 

Another good spam-prevention technique in Slashdot today (suggests that 
spam-bots don't try a second DNS MX record, so point your primary MX at a 
bogus server and only compliant servers will hit your real one (marked as 
secondary)):

http://it.slashdot.org/article.pl?sid=07/01/23/0220218&from=rss

- Steve

On Mon, 22 Jan 2007, Steve Webb wrote:

> Date: Mon, 22 Jan 2007 10:34:30 -0700 (MST)
> From: Steve Webb <steve at badcheese.dyndns.org>
> To: "Boulder (Colorado) Linux Users Group -- General Mailing List"
>     <lug at lug.boulder.co.us>
> Subject: Re: [lug] Spam solutions
> 
> My company's rejected email actually has fallen off since around mid-Dec:
>
> http://mail.pronto.com/mrtg/mail.rejected-year.png
> (chart is based on RTBL rejection only).
>
> I use: sendmail -> RTBL -> bogofilter -> spamassassin -> inbox
>
> I put bogofilter before spamassassin because it's less resource-intensive and 
> it's actually one of the better filters that I've found.  I've got about 50 
> users on my server and it seems to catch almost everything pretty well.
>
> * RTBL catches most of the old-timer "known" spammers by IP (these are going 
> away quickly though)
> * bogofilter is good at catching the Stock-pumping stuff (if trained to do 
> so), nigerian email and the random words to try to confuse your baysean 
> filter that email from this account is good.
> * spamassassin is only good if kept patched - it seems to be the popular one 
> to use, so most of the spammers write stuff to get around spamassassin first.
>
> I set up two email addresses on my server so that users can bounce false 
> positives or false negatives through the system and it'll train bogofilter at 
> a system-wide level so one user can train the whole system (like gmail).
>
> Using these three together, I get about 1-2 spam emails every couple of 
> weeks, and a couple of false positives every couple of week, but it's nice 
> and quiet now and that's what email's supposed to be like.  :)
>
> - Steve
>
> On Sun, 21 Jan 2007, Collins Richey wrote:
>
>> Date: Sun, 21 Jan 2007 10:56:15 -0700
>> From: Collins Richey <crichey at gmail.com>
>> Reply-To: "Boulder (Colorado) Linux Users Group -- General Mailing List"
>>     <lug at lug.boulder.co.us>
>> To: "Boulder (Colorado) Linux Users Group -- General Mailing List"
>>     <lug at lug.boulder.co.us>
>> Subject: Re: [lug] Spam solutions
>> 
>> On 1/21/07, Daniel Webb <lists at danielwebb.us> wrote:
>>> On Sat, Jan 20, 2007 at 09:59:18PM -0700, Collins Richey wrote:
>>> 
>>> > In a word, yes. End of November spammers took a break - only 10-15 per
>>> > day, then the gates of hell opened. Fortunately, I use gmail, and it
>>> > only takes 2 clicks to whack them all. I've only ever seen 1-2 false
>>> > hits every three months, and all of those are for this list!!!
>>> > Something about Boulder and lug in conjunction with the usual spamming
>>> > words triggers a hit <grin>.
>>> >
>>> > I wouldn't run my own mailer for all the tea in China.
>>> 
>>> There's certainly nothing irrational about that sentiment from what I've 
>>> seen.
>>> It takes a certain kind of nerdy masochism to run any kind of server 
>>> yourself
>>> I think, but especially mail servers.
>>> 
>>> One thing I have found odd, though, is that even though I signed up for a
>>> gmail account early on and have used it for almost nothing, there is a 
>>> massive
>>> amount of spam directed to it.
>> 
>> Spam has increased tremendously since three years ago, but I got
>> proportionately just as much spam on my previous Comcast isp account.
>> I had a brief respite on gmail before I was discovered there.
>> 
>> Where's the UN when you need them? What we need is international
>> troops to go in and wipe out the spammers wherever they're found
>> <grin>.
>> 
>> 
>> 
>
>

-- 
EMAIL: (h) steve at badcheese.com  WEB: http://badcheese.com/~steve

More information about the LUG mailing list