need spam help - Security

This is a discussion on need spam help - Security ; Hi All, My users are getting spammed at a 500 to one ratio. Yikes! Anyone have a favorite solution to manage spam? -T...

+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 31

Thread: need spam help

  1. need spam help

    Hi All,

    My users are getting spammed at a 500 to one ratio. Yikes!
    Anyone have a favorite solution to manage spam?

    -T

  2. Re: need spam help

    Todd and Margo Chester wrote:

    > Hi All,
    >
    > My users are getting spammed at a 500 to one ratio. Yikes!
    > Anyone have a favorite solution to manage spam?
    >
    > -T


    My favourite is spamassassin

  3. Re: need spam help

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Todd and Margo Chester sent the following transmission through subspace:

    > Anyone have a favorite solution to manage spam?


    We use Postfix as our mailserver and have implemented this solution:
    http://advosys.ca/papers/postfix-filtering.html

    In addition we have added a few lines with blackholes (SBL) filtering.

    - --
    Solbu - http://www.solbu.net
    Remove 'ugyldig' for email
    PGP key ID: 0xFA687324
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.2 (GNU/Linux)

    iD8DBQFEgvvkT1rWTfpocyQRAoA3AJ992DOttXWWWOMovXuCIM bSzgpg7gCfV5+4
    Vf/HRtwj6YEEYQBTkkS5cjY=
    =uFKF
    -----END PGP SIGNATURE-----

  4. Re: need spam help

    Todd and Margo Chester said the following on 2006-06-04 03:39:

    > My users are getting spammed at a 500 to one ratio. Yikes!
    > Anyone have a favorite solution to manage spam?


    A combination of grey listing, Spamassassin, Procmail and Bogofilter is
    working quite well for me (even though I'm only running a small server
    with ~10 users).

    --
    Jon Solberg (remove "nospam" from email address).

  5. Re: need spam help

    On Sat, 03 Jun 2006 18:39:22 -0700, Todd and Margo Chester wrote:
    >
    > My users are getting spammed at a 500 to one ratio. Yikes!
    > Anyone have a favorite solution to manage spam?


    1. Consult a spam group, rather than this security group. I
    follow spamtools: majordomo@lists.abuse.net.

    2. Some basic hygiene:
    2a. Encourage the use of user names that are not easily
    guessed, e.g., pkpearson@nowhere.invalid rather than
    peter@nowhere.invalid. Spammers try all the common names.
    (This advice, of course, does nothing for your existing
    accounts.)
    2b. Make sure your mail transfer agent rejects mail to invalid
    user names, rather than accepting everything and then
    generating delivery-failure notices for the messages that
    turned out to have invalide RCPT-TO addresses.

    3. It's easy to have your mail transfer agent lookup the IP
    address of the connecting sender in a blocklist database.

    4. It's nicer for your users if, rather than rejecting spam,
    you just insert a header line flagging it as probable spam,
    so the user can make the final determination.


    --
    To email me, substitute nowhere->spamcop, invalid->net.

  6. Re: need spam help

    Todd and Margo Chester wrote:
    > Hi All,
    >
    > My users are getting spammed at a 500 to one ratio. Yikes!
    > Anyone have a favorite solution to manage spam?
    >
    > -T


    My users are very happy with postfix/amavis-new/spamassassin/clamav. A
    setup guide is at http://www.gentoo.org/doc/en/mailfilter-guide.xml

    Doug

    --
    Dr. Douglas O'Neal
    Manager, Bioinformatics Center
    Delaware Biotechnology Institute
    (302) 831-3456

  7. Re: need spam help

    On Sat, 03 Jun 2006 18:39:22 -0700, Todd and Margo Chester
    wrote:

    >Hi All,
    >
    > My users are getting spammed at a 500 to one ratio. Yikes!
    >Anyone have a favorite solution to manage spam?
    >
    >-T


    I recommend MailScanner at http://www.mailscanner.info - if you're
    using an RPM based system simply follow the instructions, download,
    build, install and configure

    JC

  8. Re: need spam help

    Todd and Margo Chester wrote:

    > Hi All,
    >
    > My users are getting spammed at a 500 to one ratio. Yikes!
    > Anyone have a favorite solution to manage spam?
    >
    > -T


    I am using dspam currently and quite like it.

  9. Re: need spam help

    BNAZ wrote:
    > Todd and Margo Chester wrote:
    >
    >> Hi All,
    >>
    >> My users are getting spammed at a 500 to one ratio. Yikes!
    >> Anyone have a favorite solution to manage spam?
    >>
    >> -T

    >
    > I am using dspam currently and quite like it.

    I guess it depends on the OS you are using. I use Linux (RedHat 9, and
    Ubuntu) and use Spamassassin with mimedefang. Not much slips through.
    There are about 10 people on my host and if I didn't have the filter we
    would get around 3,000 spam messages per day. I have a three tear
    system: with a score less than 5 the message goes into the user's inbox,
    between 5 and 10 the message goes into a user's SPAM box, and over 10
    the message goes into NULL (that is it is discarded).

    I have a whitelist and the users can have me put addresses into the
    whitelist if they find stuff in the SPAM folder that should not be
    there. Spamassassin is good enought that if the score is over 10 is
    really is spam. I audited the discard stuff for almost 6 months and
    never found a single false positive. Every once in a while I do an audit
    be it always come up just spam.

    Without Spamassassin email would be useless, with it (and continuous
    training) email works like it once did.

    I have no idea what one would use on Windows other than the filters in
    the various email clients like Thunderbird, which seems to be pretty good.

    --
    ----------------
    Barton L. Phillips
    Applied Technology Resources, Inc.
    Tel: (818)652-9850
    Web: http://www.applitec.com

  10. Re: need spam help

    In comp.os.linux.security Barton L. Phillips :
    > BNAZ wrote:
    >> Todd and Margo Chester wrote:


    >>> Hi All,


    >>> My users are getting spammed at a 500 to one ratio. Yikes!
    >>> Anyone have a favorite solution to manage spam?


    >>> -T


    >> I am using dspam currently and quite like it.

    > I guess it depends on the OS you are using. I use Linux (RedHat 9, and
    > Ubuntu) and use Spamassassin with mimedefang. Not much slips through.
    > There are about 10 people on my host and if I didn't have the filter we
    > would get around 3,000 spam messages per day. I have a three tear


    Lucky you, I might reject that hourly...

    > system: with a score less than 5 the message goes into the user's inbox,
    > between 5 and 10 the message goes into a user's SPAM box, and over 10
    > the message goes into NULL (that is it is discarded).


    > I have a whitelist and the users can have me put addresses into the
    > whitelist if they find stuff in the SPAM folder that should not be
    > there. Spamassassin is good enought that if the score is over 10 is
    > really is spam. I audited the discard stuff for almost 6 months and
    > never found a single false positive. Every once in a while I do an audit
    > be it always come up just spam.


    Difficult depending on users. On the other hand you might
    sometimes get spam attacks that look somehow like a trial DOS
    attack.

    > Without Spamassassin email would be useless, with it (and continuous
    > training) email works like it once did.


    Do you use greylisting or/and teergrubing? What about Bayes? It's
    usually quite good, but a problem to train, if there are various
    language used in valid mails? Being able to run SA per receiving
    domain would probably help somehow.

    > I have no idea what one would use on Windows other than the filters in
    > the various email clients like Thunderbird, which seems to be pretty good.


    Indeed, TB does a good job. The best protection seems to be a
    clean mail address that can't be found online, though it might be
    soon, if you have contacts using M$ OE just after another
    Trojan/virus spread those people address book...

    --
    Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
    mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
    #bofh excuse 128: Power Company having EMP problems with
    their reactor

  11. Re: need spam help

    On Sun, 27 Aug 2006 17:18:20 GMT, "Barton L. Phillips" wrote:

    >Without Spamassassin email would be useless, with it (and continuous
    >training) email works like it once did.
    >
    >I have no idea what one would use on Windows other than the filters in
    >the various email clients like Thunderbird, which seems to be pretty good.


    I use gmail.com to get offsite decent spam filtering for free

    Grant.
    --
    http://bugsplatter.mine.nu/

  12. Re: need spam help

    On Sun, 27 Aug 2006 21:03:48 +0200, Michael Heiming wrote:

    >Indeed, TB does a good job. The best protection seems to be a
    >clean mail address that can't be found online, though it might be
    >soon, if you have contacts using M$ OE just after another
    >Trojan/virus spread those people address book...


    I got spam on one address that I use with only two people -- never
    published on the 'net... Advantage of gmail is that their filter
    is trained by many -- I gave up trying to train a local filter :-/

    Grant.
    --
    http://bugsplatter.mine.nu/

  13. Re: need spam help

    In comp.os.linux.security Grant :
    > On Sun, 27 Aug 2006 21:03:48 +0200, Michael Heiming wrote:


    >>Indeed, TB does a good job. The best protection seems to be a
    >>clean mail address that can't be found online, though it might be
    >>soon, if you have contacts using M$ OE just after another
    >>Trojan/virus spread those people address book...


    > I got spam on one address that I use with only two people -- never
    > published on the 'net... Advantage of gmail is that their filter
    > is trained by many -- I gave up trying to train a local filter :-/


    "Record" on my personal accounts, like the one I use (little
    obfuscated) now is 10 month without a single mail being able to
    pass SA. Though a well trained bayes is sometimes the last
    resort.

    Today (last 23 h):

    Spam detected by SA: 104
    Top score: 48.2

    I run sa-learn from cron on the Mozilla mail directory anything
    being able to pass SA ends up. Either manually or through Mozilla
    spam filtering. Not that difficult since Mozilla mail uses (iirc)
    plain mbox format. However it is easy to keep mail for a single
    user more or less spam free with a little effort in SA and the
    possibility to use bayes. For a large enough amount of users it
    is next to impossible, though a reduction of 70-90% is quite
    possible.

    --
    Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
    mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
    #bofh excuse 354: Chewing gum on /dev/sd3c

  14. Re: need spam help

    Michael Heiming wrote:
    >
    > Lucky you, I might reject that hourly...
    >

    Yes we are a small shop, but still 3,000 spam per day would make email
    useless.
    > Do you use greylisting or/and teergrubing? What about Bayes? It's
    > usually quite good, but a problem to train, if there are various
    > language used in valid mails? Being able to run SA per receiving
    > domain would probably help somehow.

    I have not added greylisting or teergrubing though I have looked at
    them. The current setup seems to get 99% of the spam (having said that
    that leaves about 30 spam a day to sort through and train the Bayes on.
    Actually it is less than 30 because I toss anything with a score of 10
    or higher so what gets into the SPAM folder is only about two or three a
    day). Yes I do you Bayes and have tweaked the scores on many items to
    make them more stringent. We have also added some special tests for spam
    we seem to get. For example:
    header ALAN_S_RULE To:name =~ /krisben eldridge/i
    This seems to always be spam.
    I also use the RulesDuJour to grab new rules for some areas.
    For us 99% is livable, but I am sure if my daily dose of spam were more
    like 72,000 (3,000 an hour as you said) I would be looking at even more
    efficient spam filtering techniques.

    Have you had good results with greylisting and teergrubing? How much
    additional filtering do you think you get form these techniques, if you
    use them?

    --
    ----------------
    Barton L. Phillips
    Applied Technology Resources, Inc.
    Tel: (818)652-9850
    Web: http://www.applitec.com

  15. Re: need spam help

    Grant wrote:
    > On Sun, 27 Aug 2006 17:18:20 GMT, "Barton L. Phillips" wrote:
    >
    >> Without Spamassassin email would be useless, with it (and continuous
    >> training) email works like it once did.
    >>
    >> I have no idea what one would use on Windows other than the filters in
    >> the various email clients like Thunderbird, which seems to be pretty good.

    >
    > I use gmail.com to get offsite decent spam filtering for free
    >
    > Grant.

    I also use gmail.com and my sbcglobal.net (yahoo) mail for some of my
    personal mail needs. I often give these email addresses when I am afraid
    that the requester might spam me. I have had quite good results with
    both services.

    --
    ----------------
    Barton L. Phillips
    Applied Technology Resources, Inc.
    Tel: (818)652-9850
    Web: http://www.applitec.com

  16. Re: need spam help

    Grant wrote:

    > On Sun, 27 Aug 2006 17:18:20 GMT, "Barton L. Phillips"
    > wrote:
    >
    >>Without Spamassassin email would be useless, with it (and continuous
    >>training) email works like it once did.
    >>
    >>I have no idea what one would use on Windows other than the filters in
    >>the various email clients like Thunderbird, which seems to be pretty good.

    >
    > I use gmail.com to get offsite decent spam filtering for free
    >
    > Grant.


    Well I have never used GMail so I cannot say anything about its spamfilter.
    But GMail is known to scan/read the contents of *every* email to attach
    content specific advertisment to it. They even tell you that in their EULA
    or whatever they call it. For me, this would be a reason for not using
    GMail. Unencrypted E-Mails are always like postcards, though...

  17. Re: need spam help

    In comp.os.linux.security Barton L. Phillips :
    > Michael Heiming wrote:


    >> Lucky you, I might reject that hourly...


    > Yes we are a small shop, but still 3,000 spam per day would make email
    > useless.


    Indeed, per user this can be lots if there are only a few dozen.
    [..]

    > them. The current setup seems to get 99% of the spam (having said that
    > that leaves about 30 spam a day to sort through and train the Bayes on.
    > Actually it is less than 30 because I toss anything with a score of 10
    > or higher so what gets into the SPAM folder is only about two or three a
    > day). Yes I do you Bayes and have tweaked the scores on many items to
    > make them more stringent. We have also added some special tests for spam
    > we seem to get. For example:
    > header ALAN_S_RULE To:name =~ /krisben eldridge/i
    > This seems to always be spam.
    > I also use the RulesDuJour to grab new rules for some areas.


    Sounds good! I'll have a look, thx! Usually the more you can
    reject before even starting SA the better. If possible you should
    run SA during smtp time, so you can still reject.

    [ tons of spam ]

    Catching 90-95% isn't that bad without bayes.

    > Have you had good results with greylisting and teergrubing? How much
    > additional filtering do you think you get form these techniques, if you
    > use them?


    Not until now, I'm just thinking about it after acknowledging to
    use mysql non shared cluster to sync between systems.

    Teergrubing is another pretty interesting feature at least if
    your MTA supports adaptive Tg. IMHO if just 5% of worldwide MTA
    would use it, there would be soon a real problem for sad
    spammer. They would perhaps try to avoid systems using it, which
    on the other hand is likely to get more people using it...

    --
    Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
    mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
    #bofh excuse 80: That's a great computer you have there;
    have you considered how it would work as a BSD machine?

  18. Re: need spam help

    Michael Heiming wrote:
    > Sounds good! I'll have a look, thx! Usually the more you can
    > reject before even starting SA the better. If possible you should
    > run SA during smtp time, so you can still reject.

    I think (pretty sure) mimedefang runs during smtp and mimedefang calls
    SA. You can also do a lot of things in mimedefang before and after
    calling SA.
    >
    > Teergrubing is another pretty interesting feature at least if
    > your MTA supports adaptive Tg. IMHO if just 5% of worldwide MTA
    > would use it, there would be soon a real problem for sad
    > spammer. They would perhaps try to avoid systems using it, which
    > on the other hand is likely to get more people using it...
    >

    I will look at teergrubing to see what it is. I have looked at
    graylisting and even downloaded a couple implementation for mimedefang
    but have not started using it as I didn't really feel the need as yet.
    Thanks


    --
    ----------------
    Barton L. Phillips
    Applied Technology Resources, Inc.
    Tel: (818)652-9850
    Web: http://www.applitec.com

  19. Re: need spam help

    On Mon, 28 Aug 2006 19:29:55 +0200, Matthias Kirchhart wrote:

    >Grant wrote:

    ....
    >> I use gmail.com to get offsite decent spam filtering for free

    ....
    >Well I have never used GMail so I cannot say anything about its spamfilter.
    >But GMail is known to scan/read the contents of *every* email to attach
    >content specific advertisment to it. They even tell you that in their EULA
    >or whatever they call it. For me, this would be a reason for not using
    >GMail. Unencrypted E-Mails are always like postcards, though...


    Mail being parsed by a machine when viewed online is an issue? All email
    (header info) is parsed by machines in order to be delivered -- that's
    hardly a security issue. And plaintext email is open like postcards, but
    in today's world, do you know if a particular telephone call is not being
    recorded? Do you worry about your mobile phone being tracked continually,
    that others know your location within a few hundred metres at all times
    the phone is turned on (for roaming access)?

    Grant.
    --
    http://bugsplatter.mine.nu/

  20. Re: need spam help

    Grant wrote:

    > On Mon, 28 Aug 2006 19:29:55 +0200, Matthias Kirchhart
    > wrote:
    >
    >>Grant wrote:

    > ...
    >>> I use gmail.com to get offsite decent spam filtering for free

    > ...
    >>Well I have never used GMail so I cannot say anything about its
    >>spamfilter. But GMail is known to scan/read the contents of *every*
    >>email to attach content specific advertisment to it. They even tell you
    >>that in their EULA or whatever they call it. For me, this would be a
    >>reason for not using GMail. Unencrypted E-Mails are always like
    >>postcards, though...

    >
    > Mail being parsed by a machine when viewed online is an issue? All
    > email (header info) is parsed by machines in order to be delivered --
    > that's hardly a security issue. And plaintext email is open like
    > postcards, but in today's world, do you know if a particular telephone
    > call is not being recorded? Do you worry about your mobile phone being
    > tracked continually, that others know your location within a few hundred
    > metres at all times the phone is turned on (for roaming access)?


    What you said is all correct. However I tend to take a more sympathetic
    view of the circumspect perspective to which you are responding.

    Header info is parsed universally, since these are the data needed for
    delivery. However content is not normally parsed or recorded, at least
    not in an organized and openly acknowledged business plan. I do
    personally respect google for their ethics ("Do no evil."), but if they
    get a NSL they will probably cooperate with the spooks. An open subpoena
    might be another story, but to disregard a NSL today is "suicide". And
    the difference is between acknowledged, consensual parsing of header data
    as compared to acknowledged parsing of content.

    For those (few) who care to be "bothered" with security concerns, I
    communicate with encrypted e-mail (which is not post-card readable).
    Others are still sending HTML (-only) mail and forwarding (FWD FWD FWD
    FWD) ".pps" cuties from people they don't know.

    I don't use a mobile phone (or carry any RFID chips), so nobody can track
    my location. All my landline calls are currently encrypted with high
    strength algorithms (there are exceptions), although agreeably, they all
    do need to be decrypted and normally intelligible at some point. At some
    point, they are all susceptible to simple interception. I am doing what I
    can to defend my rights to privacy but I cannot rule out overwhelming
    power and technology and intent by ".gov".

    I am not doing or planning anything nefarious, so some might say that
    presumably I am safe, or "have nothing to fear". But those criteria have
    not saved the many innocuous victims of rogue regimes in long history. If
    you mischance to become onto an "enemies list" of a powerful rogue
    government regime that does not respect law or human rights, (hopefully
    not) - your chances are slim, at best.

    Ultimately it should be expected that what is parsed and recorded will at
    some time become available to those who seek and succeed to have ultimate
    power. Make no mistake that the current US Administration has given every
    possible, conceivable indication of that intent.

    There are lots of cheap and free ways to have (good) e-mail that do not
    involve explicitly agreeing to having your content parsed and recorded.
    I'll gladly post a few here if that is valuable to anyone. I think I
    found many by googling for "free e-mail".

    Respects for your many valuable, constructive contributions, and
    interesting web site. (I enjoyed reading.) I think the circumspect
    perspective still has some value.

    As much as I respect google, their advertising model irreparably impairs
    any expectation of privacy. gmail may have may good uses, but not for
    personal or security-sensitive needs. My $.02. Maybe $.03.

    Good wishes.

+ Reply to Thread
Page 1 of 2 1 2 LastLast