[TriLUG] Another seal broken... thinking of installing a C/R anti-spam system

Brad Jorsch anomie at users.sourceforge.net
Sun Jan 28 17:15:54 EST 2007


On Sun, Jan 28, 2007 at 12:40:58PM -0500, Jon Carnes wrote:
> 
> You're right, forwarding services would be more limited. However, your
> "Reply-To:" should still work. Even though the "From:" would be whatever
> local account you are using; the "Reply-To:" could still be the
> forwarding service. 

Unless you're using SenderID, neither 'From:' nor 'Reply-To:' matters as
far as SMTP goes. And even then, you probably want 'Sender:' rather than
'From:'.

For SMTP, we care about the 'Mail From', aka the Envelope Sender.

Requiring 'From:' to be the account being used for sending mail just
doesn't seem workable. Right here, that would have to be
sourceforge at anomie.xo, which is completely meaningless outside my LAN.
Then the message would have to be *rewritten* with a different 'From:'
when it gets passed on to my ISP's smarthost. Incoming mail would be
even worse: Sourceforge would have to obliterate the actual 'From:' to
forward it on to my ISP account, and every message I got would seem to
be 'From' some-forwarder-process-user at sourceforge.net.

"Oh, but we'll make something for forwarders so they don't have to do
that!" might be the response, but then every spammer would just pretend
to be a forwarder.


> Now that I'm looking around at Grey-listing, I'm seeing all kinds or
> interesting stats (and kicking myself for not using it earlier). I'm
> seeing stats of 90% of spam being turned away by just rejecting the
> initial connection.... 

Interestingly enough, I've been looking at actually implementing
greylisting the past few days. Probably only on hosts that do something
wrong though, e.g. get listed on DNSBLs, have bad DNS on their HELOs,
come from the wrong country, etc.

I'm not quite sure which parameters to pick, though. Initial delays run
from effectively 0 to 1 hour or so, delivery windows are seldom
mentioned, some recommend using the /24 instead of the /32 to allow
delivery from big senders with lots of outgoing servers... Any advice,
anyone?


> The current system of SMTP has worked so well for so long, it is very
> difficult to change it. But there is currently a problem with that
> system. A growing problem. We need to address the problem of spam with
> more than just defensive moves (like gray listing). 

Unfortunately, the only way to address spam is to make it unprofitable:
income - cost <= 0. With huge zombie-nets to send the spam cost
approaches zero, while there will always be stupid people to generate
some income... Hopefully I'm just too pessimistic.



More information about the TriLUG mailing list