TELECOM Digest OnLine - Sorted: Re: It Happened Again


Re: It Happened Again


News Subsystem (news@news.astraweb.com)
24 Apr 2005 22:39:00 GMT

TELECOM Digest Editor wrote:

>> You might want to think about investing in a good anti-spam appliance.
>> Of course for that to be feasible, you must host your own email (run
>> your own mail server) which I am not sure you do.

> [TELECOM Digest Editor's Note: Alas, I do not. The mail server is
> purely part of the MIT system, besides which, I am not sure I am
> smart enough to run a mail server. PAT]

There are a couple of services which allow you to administer your
SMTP-stage filters, without having to administer the MTA. It's not
for everybody.

- you're basically using a separate ISP for inbound email, so you'll
have to pay for it. For someone with your level of incoming traffic,
that might be a lot.
- you do have to take responsibility for your own filtering decisions
and blocking choices. It does help to understand CIDRs, whois, and
DNSbls, etc. My provider has a "user-friendly menu", but to get the
maximum benefit it helps to dive into the config file with vim
- you'll probably have to ssh to the provider.
- you either need to use your provider's email account, or else
arrange to have them accept email for your domain, and also you
have to point your MX at their MTA (once they've agreed to accept
email for your domain)
- and fer-cryin-out-loud, turn off any secondary MX records. The
spammers will pound on them.

Years ago, I was gung-ho on procmail. Spam evolved, and email went
from almost 100% sendmail to a gazillion different MTAs, with their
own weird header conventions, which made things rather difficult for
my procmail filter. My procmail filter's false-positive rate went up,
as did its false-negative rate. I got an account at a provider as
described above, and my incoming spam rate (the part that got through)
went way down. Out of 780 blocked delivery attempts last month, the
biggest catches were ...

Badly forged HELO = 119
No hostname = 377
Dynamic IP by rDNS regex = 143
Country by rDNS = 58

Walter Dnes; my email address is *ALMOST* like wzaltdnes@waltdnes.org
Delete the "z" to get my real address. If that gets blocked, follow
the instructions at the end of the 550 message.

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Tony P.: "Re: Last Laugh! One Way to Get 911's Attention"
Go to Previous message: R. T. Wurth: "Re: Lingo (Primus Telecommunications) Horror Story"
May be in reply to: TELECOM Digest Editor: "It Happened Again"
TELECOM Digest: Home Page