[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Qube 3 - How to stop spam? (sliding OT)
- Subject: Re: [cobalt-users] Qube 3 - How to stop spam? (sliding OT)
- From: Parker Morse <morse@xxxxxxxxxxx>
- Date: Wed Nov 14 08:32:39 2001
- Organization: Sinauer Associates, Inc.
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Wayne Sagar said:
> On this same subject: I've been stripping whatever information I can from
> incoming spam and then adding the information to the reject list in the
> control panel. The list is getting rather long. Does this cause a
> significant hit on performance on the mail server? How many entries are "too
> many entries"
I've heard of people with several hundred blocks in procmail. We've got a
few dozen and haven't noticed a performance hit yet, but mail is the primary
application on our Qube.
It is possible to configure sendmail to consult a "DNS Blackout List", which
is remotely maintained; there are at least six that I can think of off the
top of my head. (See <http://www.spews.org/> and
<http://relays.osirusoft.com/>.) Sendmail checks the source against the
blackout list, and if the source is listed, sendmail rejects the mail. Saves
the ever-expanding access db, but reconfiguring sendmail to use it will
probably void your warrantee. :-)
> It's often hard to tell exactly where the mail comes from. Some have two
> recived from headers.
If you're patient, you can trace the "received" headers back. There are a
few tutorials on the web. Drop by <http://www.spamcop.net> for one
description; they'll also do an automatic header-parse for mail you forward
to them.
In a nutshell, every machine which handles the mail puts on a received line.
Most spammers send their mail through innocent "open relays" (like our
friend John Lee is trying not to be) to get around source blocks. (This is
known as "relay rape.") So there's one line from the relay, and another from
your box. If there are more than two, odds are good the rest are forged to
confuse you.
Unfortunately, the only way to block that spam is to also block mail from
all open relays... which is why Mr. Lee is trying to close his open relay.
If he doesn't, he'll probably be blacklisted, and his customers' mail won't
get delivered in a lot of places. (This is known as "collateral damage", but
it's this kind of pressure which is closing doors on spammers.)
> Semi OT: Do these spammers actually get results from this crap? I wonder who
> is buying the services.
In a previous job I ran two weekly email newsletters (sign-up only, though
in hindsight it should've been confirmed sign-up.) We were ecstatic if we
got response above 2%; 1% was the average. Spammers probably get much less,
given the general unwelcomeness of their approach. But you're correct, even
.1% of 50 million is a lot of responses.
> I suppose someone who just opens up a new site and sees the "Gazzillion
> email addresses bargain prices" spams have a light bulb go off and figure...
> "hey.. this would work" are the source of a lot of it?
According to "The Spamhaus Project" <http://www.spamhaus.org/> there are
about 25 "hardened spammers" who generate 90% of the spam. The rest are
either small-time scammers, or ignorant people who wouldn't spam if they
knew better.
I have some opinions about "Just Hit Delete" vs. active spam-blocking that
I'd happily share, but they're even more OT than I've already been...
pjm