need spam help - Security

This is a discussion on need spam help - Security ; In article , Barton L. Phillips wrote: > I will look at teergrubing to see what it is. I have looked at > graylisting and even downloaded a couple implementation for mimedefang > but have not started using it as ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 31 of 31

Thread: need spam help

  1. Re: need spam help

    In article , Barton L. Phillips wrote:
    > I will look at teergrubing to see what it is. I have looked at
    > graylisting and even downloaded a couple implementation for mimedefang
    > but have not started using it as I didn't really feel the need as yet.


    Teergrubing isn't useful in fighting spam.
    Years ago, before almost all spam was emitted from botnets,
    it might have slowed some senders down. But now all it does
    is consume your kernel resources.
    The spammer sees no effect. The amount of spam delivered is
    not measurably affected. Disconnect from spam sources as fast as
    possible, don't get into prolonged sessions with them.

    Graylisting looks like a great idea, provided your users will
    tolerate incoming mail from unfamiliar hosts being delayed
    for a duration neither you nor they can predict nor control.
    Mine wouldn't.


    Cameron



  2. Re: need spam help

    Cameron L. Spitzer wrote:
    > In article , Barton L. Phillips wrote:
    > Teergrubing isn't useful in fighting spam.
    > Years ago, before almost all spam was emitted from botnets,
    > it might have slowed some senders down. But now all it does
    > is consume your kernel resources.
    > The spammer sees no effect. The amount of spam delivered is
    > not measurably affected. Disconnect from spam sources as fast as
    > possible, don't get into prolonged sessions with them.

    I looked up teergrubing on Wikipedia and when I saw it was teergrube
    (German for tar pit) I understood your comment. It is sometime funny
    that when we try to make a verb out of a German noun by adding ING the
    word no longer looks German and therefore has almost no meaning. I
    actually speak German but teergrubing just didn't push me into the
    German side of my brain.

    I certainly agree that there is little use in prolonging a spam session!
    Dump it in the NULL can as soon as possible. Thanks

    --
    ----------------
    Barton L. Phillips
    Applied Technology Resources, Inc.
    Tel: (818)652-9850
    Web: http://www.applitec.com

  3. Re: need spam help

    In comp.os.linux.security Barton L. Phillips :
    > Cameron L. Spitzer wrote:
    >> In article , Barton L. Phillips wrote:
    >> Teergrubing isn't useful in fighting spam.
    >> Years ago, before almost all spam was emitted from botnets,
    >> it might have slowed some senders down. But now all it does
    >> is consume your kernel resources.
    >> The spammer sees no effect. The amount of spam delivered is
    >> not measurably affected. Disconnect from spam sources as fast as
    >> possible, don't get into prolonged sessions with them.


    > I looked up teergrubing on Wikipedia and when I saw it was teergrube
    > (German for tar pit) I understood your comment. It is sometime funny
    > that when we try to make a verb out of a German noun by adding ING the
    > word no longer looks German and therefore has almost no meaning. I
    > actually speak German but teergrubing just didn't push me into the
    > German side of my brain.


    > I certainly agree that there is little use in prolonging a spam session!
    > Dump it in the NULL can as soon as possible. Thanks


    Not really, it seems both of you didn't really got the idea
    behind it. Strongly suggested:

    http://www.iks-jena.de/mitarb/lutz/u...rgrube.en.html

    Especially if your MTA supports adaptive teergrubing, which isn't
    addressed in the above documentation at all. Only downside, iirc
    there aren't many MTA capable of adaptive teergrubing?

    Good luck

    --
    Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
    mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
    #bofh excuse 348: We're on Token Ring, and it looks like the
    token got loose.

  4. Re: need spam help

    "Michael Heiming" wrote in message
    news:05kfs3-ol7.ln1@news.heiming.de

    > As I pointed out because it was missing in the document if your
    > MTA supports adaptive teergrubing you will not slow down any
    > legitimate connection to your MTA. But just spammer, now if they
    > try to avoid your MTA because you make them run out of resources,
    > you have already won...
    >
    > That's all about it, sorry if the meaning of adaptive teergrubing
    > was unclear?


    When "you make them run out of resources", it requires extensive resources
    to do so, and over a period of "several hours" as the article stated.
    There's no benefit in doing so.


  5. Re: need spam help

    In comp.os.linux.security ynotssor :
    > "Michael Heiming" wrote in message
    > news:05kfs3-ol7.ln1@news.heiming.de


    >> As I pointed out because it was missing in the document if your
    >> MTA supports adaptive teergrubing you will not slow down any
    >> legitimate connection to your MTA. But just spammer, now if they
    >> try to avoid your MTA because you make them run out of resources,
    >> you have already won...


    >> That's all about it, sorry if the meaning of adaptive teergrubing
    >> was unclear?


    > When "you make them run out of resources", it requires extensive resources
    > to do so, and over a period of "several hours" as the article stated.
    > There's no benefit in doing so.


    Of course there is, they obviously need one port per outgoing
    connection, if you and other MTA keep them open, after reaching a
    certain SA score (adaptive teergrubing) they will run out of
    resources quite fast. There aren't much resources need on your
    side, since there are only a additional bytes you send. Just a
    couple of thousand MTAs worldwide using adaptive teergrubing
    would slow done spammers tremendously.

    --
    Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
    mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
    #bofh excuse 201: RPC_PMAP_FAILURE

  6. Re: need spam help

    "Michael Heiming" wrote in message
    news:0pjgs3-l5m.ln1@news.heiming.de

    > There aren't much resources need on your
    > side, since there are only a additional bytes you send. Just a
    > couple of thousand MTAs worldwide using adaptive teergrubing
    > would slow done spammers tremendously.


    Go ahead on it with your MTA then. We have real work to do here for real
    users and don't have the time or taste to play games with spammers.


  7. Re: need spam help

    In comp.os.linux.security ynotssor :
    > "Michael Heiming" wrote in message
    > news:0pjgs3-l5m.ln1@news.heiming.de


    >> There aren't much resources need on your
    >> side, since there are only a additional bytes you send. Just a
    >> couple of thousand MTAs worldwide using adaptive teergrubing
    >> would slow done spammers tremendously.


    > Go ahead on it with your MTA then. We have real work to do here for real
    > users and don't have the time or taste to play games with spammers.


    No need to be rude. ;-)

    --
    Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
    mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
    #bofh excuse 80: That's a great computer you have there;
    have you considered how it would work as a BSD machine?

  8. Re: need spam help

    ynotssor wrote:
    > "Michael Heiming" wrote in message
    > news:0pjgs3-l5m.ln1@news.heiming.de
    >
    >> There aren't much resources need on your
    >> side, since there are only a additional bytes you send. Just a
    >> couple of thousand MTAs worldwide using adaptive teergrubing
    >> would slow done spammers tremendously.

    >
    > Go ahead on it with your MTA then. We have real work to do here for real
    > users


    and does not this SPAM detract from the work of your 'real users'?

    and don't have the time or taste to play games with spammers.
    >


    Then you continue to be deserved to get SPAMMED.

    It really isn't a game, you know!

  9. Re: need spam help

    On Wed, 30 Aug 2006 16:26:07 +0200, Michael Heiming wrote:

    >In comp.os.linux.security ynotssor :
    >> "Michael Heiming" wrote in message
    >> news:05kfs3-ol7.ln1@news.heiming.de

    >
    >>> As I pointed out because it was missing in the document if your
    >>> MTA supports adaptive teergrubing you will not slow down any
    >>> legitimate connection to your MTA. But just spammer, now if they
    >>> try to avoid your MTA because you make them run out of resources,
    >>> you have already won...

    >
    >>> That's all about it, sorry if the meaning of adaptive teergrubing
    >>> was unclear?

    >
    >> When "you make them run out of resources", it requires extensive resources
    >> to do so, and over a period of "several hours" as the article stated.
    >> There's no benefit in doing so.

    >
    >Of course there is, they obviously need one port per outgoing
    >connection, if you and other MTA keep them open, after reaching a
    >certain SA score (adaptive teergrubing) they will run out of
    >resources quite fast. There aren't much resources need on your
    >side, since there are only a additional bytes you send. Just a
    >couple of thousand MTAs worldwide using adaptive teergrubing
    >would slow done spammers tremendously.


    This tar-pit strategy may backfire, in the sense that one may make
    themselves a target for DDoS? Besides, it also consumes local
    resources to keep each port open, and the timing of several hours?.

    OTOH I use a delay in web-server response to calm unwanted crawler
    traffic, but this is less than a minute, so not wasting so much local
    resources, some crawlers are nice enough to recognise the response
    delay as a 'back off, I'm busy' signal -- except for Slurp

    I choose to keep port 25 closed, too much work But then, I'm not
    adminning multi-user site.

    Grant.
    --
    http://bugsplatter.mine.nu/

  10. Re: need spam help

    On Wed, 30 Aug 2006 16:26:07 +0200, Michael Heiming wrote:

    > Of course there is, they obviously need one port per outgoing
    > connection, if you and other MTA keep them open, after reaching a
    > certain SA score (adaptive teergrubing) they will run out of
    > resources quite fast. There aren't much resources need on your
    > side, since there are only a additional bytes you send. Just a
    > couple of thousand MTAs worldwide using adaptive teergrubing
    > would slow done spammers tremendously.


    Michael, here is a very naive question - what are the implications for
    botnets? will it slow down unsuspecting Otto V's computer?

    Felmon

  11. Re: need spam help

    "SadOldGit" wrote in message
    news:77KdnZknM-GrumvZRVnyhQ@eclipse.net.uk

    >> Go ahead on it with your MTA then. We have real work to do here for
    >> real users

    >
    > and does not this SPAM detract from the work of your 'real users'?


    Nope, multiple RBLs are used to immediately terminate such connections; any
    incidental spam received is dealt with by spam assassin.


+ Reply to Thread
Page 2 of 2 FirstFirst 1 2