[TriLUG] Looking to beef up my spam blocking efforts

[matt at noway2.thruhere.net]

Paul,

The first question(s) I would ask are: what anti-spam measures and tools
are you currently using, and what sort of problems are you facing?

Looking over the list of features of this application, which seems to be a
bundle of things, mostly written in perl with supporting text files for
objects like IP white lists, I see several common email functions.  For
example: DNS Blacklisting, Bayesian filtering, attachment control,
greylisting, etc.  By way of comparison, I am using a combination of
Postfix with Dovecot, Spamassassin, Amavis, ClamAV, and pfsense, providing
these features as well as others that are listed on the project site.

When it comes to dealing with spam, there are several things that I have
learned over the years.
1 - you need to be extremely adaptive
2 - as with most things security related, you need to apply your
techniques in layers.
3 - you need to decided on your approach.  Specifically, will you try to
reject spam before it even hits your mail queue or will you try to
identify it and then either let the end user decide on disposition (e.g.
inbox filtering), or quarantine it.  The answer to this question will have
a major impact on how you should organize your system.

With regards to running an SMTP proxy, if you have a large email load,
this can make a lot of sense and properly implemented will greatly enhance
your throughput capacity.  For example, you could use the proxy to perform
the majority of your checks, eliminating most spam and then let the
secondary, back end, system handle body content filtering.  Unless you
have a resource bottleneck issue, using a proxy may not be worth the
costs.

Lastly, I was on the Trilug IRC channel a few months ago and the subject
of spam came up.  One suggestion was that BSD has an application called
DSPAM, (not to be confused with the anti-spam filter similar to SA), that
allows a feature called tar pitting that is designed to frustrate spammers
by wasting a lot of their resources.  In theory, this hits them in the
pocketbook because they get paid per email delivered and this slows the
connection to a crawl, keeps it open, and then keeps telling them to "try
again" while using negligible resources on your end.  By wasting their
server time, they can't send as many spam and earn less.



> Greetings,
>
> As the subject states, I am looking to beef up my spam blocking efforts.
>   I ran across the "Anti-Spam SMTP Proxy Server" project
> (http://sourceforge.net/projects/assp/) and it has peeked my curiosity.
>   Do any of you have experience with this (or other similar) tools?
>
> For better or worse:
>   - I am currently running sendmail 8.14 on centos 6.3.
>   - The idea of a smtp proxy is quite appealing to me.
>   - I plan to use two servers, one for the smtp proxy and one for the
> actual MTA (not run 2 daemons on one server).
>
> Thanks in advance for your opinions / advice!
> Paul