Anoying Peter Whalley Spam messages.

Tue Apr 5 04:59:25 UTC 2005

On Mon, 2005-04-04 at 16:17 -0400, Scot L. Harris wrote:
> On Mon, 2005-04-04 at 15:34, David Hoffman wrote:

> But I don't understand your last sentence.  Not sure if you are talking
> about the recipient of a TMDA message or the user that implemented it?
> 
> Either way you can achieve similar results that reduce spam by 99%+ by
> using greylisting and spamassassin with a well trained bayes database
> which does not require the sender to do anything new or different.  Yes,
> at some point the spammers can start retrying messages to get around
> greylisting but they have not done so yet and when they do it will cost
> them more to maintain the list of messages to retry, consuming more
> resources on the bots they are using, making it more likely that they
> will be discovered.  It also slows down the delivery of more spam to
> someone else since they now need to send the message at least twice
> possibly more than that.  
> 
> Because of this I don't think the spammers will change anytime soon as
> it will start costing them to much to send spam, which is the basic
> idea.
> 
> And if they do start retrying messages in large numbers greylisting can
> utilize various RBLs which will most likely catch such spammers during
> the wait period and the next time they come in you reject their messages
> due to the RBLs that were populated from spam collectors.
----
FWIW - RBL's sometimes blacklist rather idiotically and cause issues and
it can be hard to get off the lists once on it.

That said though, I agree with your thoughts on RBL's

We have been having a rather interesting discussion on CentOS mail list
- I will take credit for starting the thread called 'Postfix tightening'
and what I thought seemed to be a rather simple question turned into a
real eye opening experience for me as I have found postfix to be an
extremely granular system - much more configurable and comprehendible
than sendmail and I'm actually starting to wonder if I am needing
greylisting at all in a setup that includes MailScanner, Clamav,
SpamAssassin and a well planned set of rules within Postfix.

The thing that opened my eyes is the amazing amount of qualifications
that you can put into smtp-accept/reject within postfix itself.

My disillusionment with greylisting came last week when I had to explain
to a fairly important end user why a particular person couldn't get an
email through...search the logs I found that this person tried 3 times
on 3 separate occasions to send her an email. Evidently the smtp server
doesn't accept the mail for delivery until the end point accepts the
mail and she got a tempfail (450) and gave up each time. Her system gave
her a different smtp server each time so each attempt was separately
greylisted for 1 minute and each time, she gave up before the 1 minute
passed. 

Though I have installed greylisting on a number of systems that I handle
for my clients, I am seriously watching the impact - and fine tuning the
rule sets in Postfix and will probably turn off greylisting at some
point to see if it ultimately makes a difference. My thinking is that
the RBL's and an expansive use of Postfix rules will pick off the same
low hanging fruit that greylisting handles.

As for bayes training - I'm not convinced that users are going to
actively participate and I'm struggling to find a way that is simple
enough for them.
----
> 
> The problem is solvable.  Of course the best solution is to hunt down
> the few people that actually buy stuff from the spam email and take
> their computers away and have all ISP's ban them for life.  Then there
> will be no reason for spam anymore.  :)
----
it's simply not possible to idiot proof things. The problem is ALWAYS
gonna be - that some people don't inherently distrust things in their
mailbox - why should they? It is probably their nature to trust things.

For example - many of the phishing schemes have an official looking
email from a bank, completely with logos and reasonable looking email
address. PT Barnum was a man ahead of his time.

Craig