Re: [9fans] spam protection vs. secondary mx'es

Re: [9fans] spam protection vs. secondary mx'es

[Steve Simon]

I just gave up on secondaries, my ISP and my smtp server are
pretty reliable and as you say the advantage is not worth the
extra spam.

I starting using Gabriel's spf code today, nothing worth
reporting yet, but I am hopeful.

I am also trying to use ratfs(1) to validate reverse
IP addresses so I can reject spam from DSL machines. This
is a shame but seems nescessary.

-Steve

Re: [9fans] spam protection vs. secondary mx'es

[William Josephson]

On Thu, Nov 30, 2006 at 08:53:41PM +0000, Steve Simon wrote:
> IP addresses so I can reject spam from DSL machines. This
> is a shame but seems nescessary.

It really isn't.

Re: [9fans] spam protection vs. secondary mx'es

[Michael Batchelor]

William Josephson wrote:
> On Thu, Nov 30, 2006 at 08:53:41PM +0000, Steve Simon wrote:
>
>> IP addresses so I can reject spam from DSL machines. This
>> is a shame but seems nescessary.
>>
>
> It really isn't.
>

It really isn't a shame, or it really isn't necessary?

--
Michael R. Batchelor

www.ind-info.com/training/Schedule.pdf

GUERRILLA MAINTENANCE [TM] PLC Training
5 Day Hands on PLC Boot Camp for Allen Bradley
PLC-5, SLC-500, and ControlLogix

If you aren't satisfied, don't pay for. Guaranteed. Period.

training@ind-info.com

Industrial Informatics, Inc.
1013 Bankton Cir., Suite C
Charleston, SC 29406

843-329-0342 x111 Voice
843-412-2692 Cell
843-329-0343 FAX

Re: [9fans] spam protection vs. secondary mx'es

[William Josephson]

On Thu, Nov 30, 2006 at 06:16:28PM -0500, Michael Batchelor wrote:
> William Josephson wrote:
> >On Thu, Nov 30, 2006 at 08:53:41PM +0000, Steve Simon wrote:
> >>IP addresses so I can reject spam from DSL machines. This
> >>is a shame but seems nescessary.
> >
> >It really isn't.
>
> It really isn't a shame, or it really isn't necessary?

It really isn't necessary -- in fact it is actively
harmful as there a number of people (including some on
this list!) from whom I want to receive mail and who
send mail from DSL connected machines.   Every so often
I consider more agressive filtering, but have found that
greylisting plus careful use of SMTP call back plus SPF
plus bayesian filtering kills all but a very few spams.
Actually, almost all of the occasional spam I do get
are via mailing lists at MIT and Princeton, so even if
the spam does originate from DSL and Cable modem
connected machines, it doesn't much matter by the time
it gets to me since I'm not going to dig through the
headers automatically.

Re: [9fans] spam protection vs. secondary mx'es

[Dave Lukes]

Secondary MXes?  We don't need no stinking secondary MXes.

Seriously: does anyone see a reason why you'd want one?

A long time ago I saw a well-argued case for losing it.
Basically
1) it encourages spammers
2) a secondary MX is just another hop in the store-and-forward chain,
   so why bother?
   Leave it where it is until the primary comes back up.

I implemented the change nervously on anvil.com and, guess what?
Our spam volumes plummeted.

It may feel comforting to have a "backup",
but unless you expect your primary to be dead for days
(and have a means to pick the queued mail up from the secondary MX),
it actually makes very little difference:
you're just asking your secondary MX to queue it for you instead of the
sender.

DaveL

erik quanstrom wrote:
> i had this problem a while back.  i eventually convinced
> my secondary to run greylisting, but in the mean time i
> just dropped my secondary mx.
>
> - erik
>
> On Wed Nov 29 04:42:41 EST 2006, r.raschke@tombobWegDamit.com wrote:
>
>> Hiya,
>>
>> how do people use greylisting and /mail/lib/sender protection in the
>> presence of a secondary MX?
>>
>> My greylisting is roughly 80% useless, since spammers appear to know
>> that a secondary MX will effectively bypass the greylist protection.
>>
>> Having recently started using /mail/lib/senders, I am seeing a lot of
>> rejections due to the secondary MX. At the moment it does not really
>> look like I am loosing any real mailing list traffic, but it is
>> slightly disconcerting, since a network outage near me will probably
>> mean I'll be rejecting real traffic once things are back.
>>
>> I am starting to question my belief in running my own mail server.  Do
>> people just use gmail or something and not bother with anything else?
>>
>> Robby
>>
>> --
>> "Weg damit" is german for "get rid of this".
>>

Re: [9fans] spam protection vs. secondary mx'es

[William Josephson]

On Wed, Nov 29, 2006 at 05:24:59PM +0100, Georg Lehner wrote:
> I have been happy with TMDA for the past three years, it's
> effectiveness draws from a "blacklist by default" with intelligent
> whitelisting.  If anybody is interested I'll be glad to share my
> experiences, however TMDA is written in Python and I wouldn't know if
> it can be made to run on Plan9.

There's already challenge/response for upas,
but many people find challenge/response for
e-mail as annoying as spam.

Re: [9fans] spam protection vs. secondary mx'es

[Gabriel Diaz]

Hello

 >
> Nowadays running a mailserver is becoming cumbersome.  However in the
> overall picture it is better not to use a mass-mail hoster like yahoo,
> gmx and the like, because it allows spammers to masquerade their
> messages behind *@yahoo.com addresses, which you are unlikely to
> block, since so much other people use them.
>

SPF can help with this one, if the spammer's mail from: is from
yahoo.co.jp or gmail.com, or gmx.de, you can test against their spf
records. (actually yahoo only have spf on its co.jp domain and gmail
is ?neutral).

http://oliva.9grid.es/magic/webls?dir=/soft/gdiaz/spf

you can download spf.c. mkfile and a "man page".

i'm testing it, but i cannot find domains with macro strings, so i
tested offline as much as i could.

feedback and fixes appreciated :)

gabi

 PD: you will need to modify /sys/src/upas/smtp/smptd.c and
/mail/lib/validatesender to get it running.

Re: [9fans] spam protection vs. secondary mx'es

[Georg Lehner]

Hello!

Robert Raschke <r.raschke@tombobWegDamit.com> writes:

> Hiya,
>
> how do people use greylisting and /mail/lib/sender protection in the
> presence of a secondary MX?
>
> My greylisting is roughly 80% useless, since spammers appear to know
> that a secondary MX will effectively bypass the greylist protection.

When using spam protection measures they have to be identical on all
MX's of your domain.  Some Spammers even try secondary MX's first,
since they know that these are most times weeker protected than the
main MX.

The SMTP protocol is very resilient however, and personally I do not
bother to set up secondary MX's for "small" domains, since well
behaved mailers will try to reach your MX up to one week before
discarding a message.  By the way, greylisting takes advantage of this
feature too.

> Having recently started using /mail/lib/senders, I am seeing a lot of
> rejections due to the secondary MX. At the moment it does not really
> look like I am loosing any real mailing list traffic, but it is
> slightly disconcerting, since a network outage near me will probably
> mean I'll be rejecting real traffic once things are back.
>
> I am starting to question my belief in running my own mail server.  Do
> people just use gmail or something and not bother with anything else?
...

Nowadays running a mailserver is becoming cumbersome.  However in the
overall picture it is better not to use a mass-mail hoster like yahoo,
gmx and the like, because it allows spammers to masquerade their
messages behind *@yahoo.com addresses, which you are unlikely to
block, since so much other people use them.

I have been happy with TMDA for the past three years, it's
effectiveness draws from a "blacklist by default" with intelligent
whitelisting.  If anybody is interested I'll be glad to share my
experiences, however TMDA is written in Python and I wouldn't know if
it can be made to run on Plan9.

Regards,

    Jorge-León

Re: [9fans] spam protection vs. secondary mx'es

[William Josephson]

On Wed, Nov 29, 2006 at 09:35:19AM +0000, Robert Raschke wrote:
> how do people use greylisting and /mail/lib/sender protection in the
> presence of a secondary MX?

For Unix hosts, consider mail avenger.  On secondary MXes,
mail avenger will contact the primary and reject/defer mail
when the primary MX is up.  Seems to work well in practice
since it is rarely the case that there is a route from the
secondary to the primary and the sender to the secondary but
not the sender to the primary and in that case mail can just
be deferred.  One can also greylist on the secondary as well
as the primary, but most senders (even well behaved ones) will
try the secondary as soon as the primary defers so you end up
with twice the greylisting delay.  I've also found that greylisting
is generally less effective than it was a year ago and that
SMTP call back is not really all that reliable.

Re: [9fans] spam protection vs. secondary mx'es

[erik quanstrom]

i had this problem a while back.  i eventually convinced
my secondary to run greylisting, but in the mean time i
just dropped my secondary mx.

- erik

On Wed Nov 29 04:42:41 EST 2006, r.raschke@tombobWegDamit.com wrote:
> Hiya,
>
> how do people use greylisting and /mail/lib/sender protection in the
> presence of a secondary MX?
>
> My greylisting is roughly 80% useless, since spammers appear to know
> that a secondary MX will effectively bypass the greylist protection.
>
> Having recently started using /mail/lib/senders, I am seeing a lot of
> rejections due to the secondary MX. At the moment it does not really
> look like I am loosing any real mailing list traffic, but it is
> slightly disconcerting, since a network outage near me will probably
> mean I'll be rejecting real traffic once things are back.
>
> I am starting to question my belief in running my own mail server.  Do
> people just use gmail or something and not bother with anything else?
>
> Robby
>
> --
> "Weg damit" is german for "get rid of this".

[9fans] spam protection vs. secondary mx'es

[Robert Raschke]

Hiya,

how do people use greylisting and /mail/lib/sender protection in the
presence of a secondary MX?

My greylisting is roughly 80% useless, since spammers appear to know
that a secondary MX will effectively bypass the greylist protection.

Having recently started using /mail/lib/senders, I am seeing a lot of
rejections due to the secondary MX. At the moment it does not really
look like I am loosing any real mailing list traffic, but it is
slightly disconcerting, since a network outage near me will probably
mean I'll be rejecting real traffic once things are back.

I am starting to question my belief in running my own mail server.  Do
people just use gmail or something and not bother with anything else?

Robby

--
"Weg damit" is german for "get rid of this".