--- Date: Sun, 15 Jun 2003 12:19:54 -0700 (PDT) From: Joe St Sauver <JOEat_private> Subject: Re: "Nice" Spam Filtering Respones To: declanat_private, bradat_private Hi, Your recent post to politech was passed along to my by a colleague... had a few comments for y'all (interposed inline below): # A) Of the Open Relay blockers, most people seemed to like ORDB ( #http://www.ordb.org ). It scours the net looking for open relays, just #like Orbz used to do. I would encourage you to also check out the mail-abuse.org RBL+ (see http://mail-abuse.org/rbl+ ). Not free, but pretty cheap (at for .edu/nonprofit type folks). It does a nice job on open relays and some other classes of content. # B) Of the proxy blockers, there was no clear consensus, but #opm.blitzed.org and proxies.relays.monkeys.com seemed to be the favorites. I've been looking at the open proxy problem a little, and I think I'd suggest Wirehub/Easynet instead. Feel free to see: http://darkwing.uoregon.edu/~joe/proxy-dnsbl-comparison.gif http://darkwing.uoregon.edu/~joe/open-proxies-used-to-send-spam.html http://darkwing.uoregon.edu/~joe/proxies/ (this last link is for a paper talking about the Open Proxy Problem that I presented at the Internet2 Member Meeting in Arlington a month or two ago; PDF and PowerPoint formats are provided) # C) Of the manual spam blockers, ones that add known spam sources manually, #the Spamhaus SBL ( http://sbl.spamhaus.org ) is by far the most recommend, #and probably fits the bill of the "nicest". Yep, the SBL is definitely the correct choice there. # D) There is actually one aggregate. blackholes.easynet.nl contains both a #list of open proxies and the spamhaus sbl, but not an open relay blocker. # #2) Additionally, there are two other methods for blocklists, but I'm not so #sure they fall under "nice". The first is country blockers. These block #all e-mail from the designated country. ( china.blackholes.us #korea.blackholes.us nigeria.blackholes.us ) As a business ISP, I'm not so #sure I can just go and block whole countries, but I'll wager they would #stop a good chunk of spam. I would urge ASN-based blocks rather than country based blocks. There are definitely ISPs that don't give a damn (including Chinanet, China Netcom and Kornet, among others, see http://darkwing.uoregon.edu/~joe/spam-friendly-carriers.html ), but those ISPs don't necessarily fully occupy a given geographic region. :-) #The second is blocking "dynamic" and "dialup" #IP's. Essentially, these sites try to track IP's that belong to dialup and #cable modem users. As someone who runs a home server off his cable modem, #I think this is a bad idea, but others might want to consider it. We handle these via local /etc/mail/access rulesets -- works great for us for the most part. #3) Lastly, everyone seems to love SpamAssassin. One person even sent me a #message ten times saying I should use SpamAssassin and probably just didn't #know how to use it properly, despite my original message stating #SpamAssassin was not what I was looking for. I guess I must be the one exception. I discuss a number of the reasons why I'm less than enthusiastic about content based filtering as a solution at http://darkwing.uoregon.edu/~joe/spamwar/ (presented at the Northwest Academic Computing Consortia meeting a week or two ago). #The problem is managing its #use for 20,000 people. Different people will want different levels of #SpamAssassin. I use it myself, but I have to order it in procmail #carefully, otherwise it will mark all of my nightly root-mail and other #cron jobs as spam. delay_checks allows one to exempt certain addresses from filtering if you're using sendmail. This should be done to insure that RFC 2142-mandated addresses don't filter complaints/requests for unblocking, etc. Regards, Joe ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. ------------------------------------------------------------------------- To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ Like Politech? Make a donation here: http://www.politechbot.com/donate/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Jun 17 2003 - 00:06:55 PDT
