An It-Slave in the digital saltmine » spam http://www.it-slav.net/blogs Another Blog from a Geek that has no life Fri, 02 Jul 2010 07:33:08 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 Spamfighting http://www.it-slav.net/blogs/2008/11/02/spamfighting/ http://www.it-slav.net/blogs/2008/11/02/spamfighting/#comments Sun, 02 Nov 2008 09:38:50 +0000 peter http://www.it-slav.net/blogs/?p=70 I do not like spam.

This a problem that grows and there are many technologies how to fight it.

As I’m the sysadmin of my mailserver it makes it possible to use many approaches. The best way is to find out if it is a spam before it is accepted at the SMTP server. I’m using a Fairly-Secure Anti-SPAM Gateway Using OpenBSD, Postfix, Greylisting, Amavisd-new, SpamAssassin, Razor and DCC and it is very effective.

  • The first filter is to check if the receiver of the mail is valid. It might seem like a obvious first filter but in many cases the host that receives mails from internet only forward the mail to an inner mail server and suddenly invalid mails with probably incorrect from address is the receiving organizations problem. With this approach a valid mail but misspelled to address will bounce back to the sender. If it is a spam mail it will be the sending hosts problem how to handle. I graph this and it can be found here. A qualified guess is that more or less all of them are spams.
  • The second step is a little bit more complex, the mail is scanned before it is accepted. So if my spam scanner finds that the mail is a spam it will tell the sending mailserver that it-slav.net thinks that this mail is a spam and that it is not accepted. If nothing suspicious is found the mailserver accept the mail and it will be sent to my mailserver. The number of mails that are scanned and a spam is found is graphed and it can be found here.
  • A third technology I have used is greylistening, it is very effective but the technologies described above is good enough for me so I’m not using it now. It puts a little more burden on the sending host and the first time a host sends a mail to a new host it will take some extra time.
  • A promising technlogy is SPF, the idea is to guarantee that the sending mail comes from the place were it claims to come from, a good description can be found at wikipedia. Spamassassin use SPF. If you want to avoid that your domain can be used as the sender of a spam, add some extra lines to your DNS record.
  • To annoy spamsenders a good idea could be to start a tarpit. Send all spammsenders to your tarpitt and enjoy when they use their resources for nothing. It is included in OpenBSD in compination with greylistening.

Graphs

]]> http://www.it-slav.net/blogs/2008/11/02/spamfighting/feed/ 0