Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Abrupt spam increase

"Rich Braun" <richb at> writes:

> (1) Have any of y'all tried to keep stats on the flow of spam?  Are my
> observations about message flow on-target?

I'd like to find them, myself..

> (2) Beyond SpamAssassin, have you tried out any tools which reject spam before
> it reaches your mailbox?  I know that I could configure sendmail to reject
> mail from sites listed in certain blacklist databases, but before I take that
> step I want to make sure to use the right blacklists and I also want to keep
> better statistics on a per-recipient basis (example, I get mail to "daemon"
> and "amanda", in addition to "richb", at my domain).

I've got a number of measures to help prevent spam before it hits an
inbox.  First, I configured sendmail to require valid sender domains.
If the sender domain doesn't exist, the mail is rejected during the
SMTP connection.  I also configured sendmail to use spamcop and
spamhaus DNS blacklists -- I trust those guys to actually respond
appropriately and not block sites like MIT or Harvard just because
someone's dorm machine is compromised.

Then I've got three milters set up to help block spam.  First is
Clamav; check if it's a virus and drop it if it is.  Second is
milter-sender, which is an active sender verification tool.  It probes
the purported sender's site to see if the sender's address is valid,
and drops the mail if it is not.  It also performs greylisting for
sites who don't differentiate between valid and invalid user-ids (e.g.
yahoo).  I should note that this greylisting only works if you DON'T
have MXes set up for your site -- or if your MXes are also performing
the greylist.  Last, I run the mail through a spamassassin milter and
auto-drop it if it's above something reasonable, like 5.

> (3) Are there any spam-folder statistical analysis tools that are useful?
> I'm not sure why I care to keep stats, but somehow I think it'll be useful in
> the future.  Having piles of old spam on-tap has often helped me to craft new
> rules to block the deluge.  Local rules that I've defined here keep 99% of
> spam out of my in-box and another 80% of the remaining flow gets tagged on the
> subject line.

Again, I don't know.  I'd like to see a logwatch script that reads the
logfile and gives me stats...  :)

> -rich


       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL:    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /