[SDBUG] OpenBSD's "spamd" usable on FreeBSD? [ Now careening with Off Topic goodness ]

[Peter Leftwich]

Quoting "James, Jay" <jay.james at ti.com>:
> Hola Mike Murphy, long time no see to you. You may not even remember me.
> I learned subnetting from you on-the-fly in a 15 minute hip pocket
> session a long time ago at blahdblah-ISP.
>
> After a previous life working as a Unix Admin for a multinational
> conglomerate for 6 years, taking SMTP routing from a Data General MU04
> box to a DX4-100, to eventually 2 Netras, to offloading spam filtering
> through a third party, I have seen the rise of spam from a few a day to
> a hundred thousand a day over that time span. It was a fairly big
> corporation, since swallowed up by a bigger fish.
>
> Anyway, it took me that 6 years to develop my own blacklists, which I
> have migrated to my own home network with fantastic success.
>
> My point being here that it's a daunting task these days to point-blank
> set something up from scratch. Mike, how long did it take you to develop
> your list of 32k+ entries? And even more important, whats the uptime on
> your VAX cluster? I had always wondered if those rolling blackouts
> caught you.
>
> Jcj

20070208.Thurs

Good contributions to the discussion, everyone.

I am tentative about blocking whole "country IP blocks" and "IP  
ranges."  My brother runs an online dating website, for example, and  
he recently told me that to cut down on the Nigerian Scheme affecting  
his members ("URGENT PROPOSAL, dumdeedum, $30-some-odd Million Dollars  
etc ... to split with you, the recipient of this CONFIDENTIAL email  
etc ..." {{you all must know the 419 scam by now?}}... so back to my  
brother, he had his web developer block ENTIRE countries from using  
the (ahem) open-to-the-public website.  Quite a few countries!!  I  
asked about legitimate potential/willing-to-pay members however, and  
he said that the benefit outweighs the downside/rejection.

As far as the Internet SPAM problem goes in general, and as our  
trusted and vain email addresses (vanity domains) grow older and older  
year after year (the web 'began' in ~1993), and get more exposure to  
being added to hitlists, I am getting some cognitive dissonance lately  
regarding this issue:

My current ISP blocks no spam at the per-incoming-message level.   
Instead, we use Spamassassin which adds a header to a spam email  
"X-Spam-Status: Yes, etc" or "No" and then a utility such as procmail  
divides my mail between two folders both of which I must then scan and  
scrutinize, in case of any false positives (rare but they do happen)!

On my list of courses of action, a purchase / hardware purchase /  
subscription / fee-for-service is probably #40 out of a list of 41  
"tactics" to choose from, to combat the deluge.

What I am asking the list about mostly and am genuinely interested in  
implementing is TARPITTING the hated spammers.  Does  
milter-greylisting do that [lovely thing of a verb], and if so, does  
it work at the sendmail (daemon) level, and/or in conjunction with  
"pf," or ... am I trying to return Costco apples and oranges to Vons?

:)

^X-Spammer-Status: Dead, Outofbusiness

--
Peter Leftwich, Owner
Video2Video Services
Box 13692, La Jolla, CA, 92039, USA
http://Www.Video2Video.Com

> -----Original Message-----
> From: sdbug-bounces at sdbug.org [mailto:sdbug-bounces at sdbug.org] On Behalf
> Of Mike Murphy
> Sent: Thursday, February 08, 2007 10:20 AM
> To: San Diego's BSD Users Group
> Subject: RE: [SDBUG] OpenBSD's "spamd" usable on FreeBSD?
>
> The Barracuda is nice. It costs money for the box, the service, and the
> administrator.
>
> Milter-greylist running on FreeBSD with sendmail is nice. SpamBayes on
> the desktop is nice. They are freely available. It costs money for the
> box and the administrator.
>
> I disagree with the statment "you aren't going to get that much spam
> filtering out of it." I have 32K+ greylisted entries current on my
> incoming mail server and 11 whitelisted entries. The 32K+ are spam
> (minus the 11 which is still 32K+ :-) SpamBayes has 6K+ messages on my
> client system that have been identified as spam since 3/2006. That's 6K+
> messages (minus the 200 or so that I dealt with to teach SpamBayes) that
> I didn't have to deal with. The 32K+ messages are what's current in
> milter-greylist for the last 3 days or so. Notice that milter-greylist
> reduces the burden on SpamBayes significantly. I don't want my ISP to do
> spam control; I'd just as soon do it myself. I don't want to deal with a
> web interface to a black-box to classify spam, either. I don't mind if
> my mail is delayed for a half-hour; I have a telephone to coordinate
> lunch plans ;-)
>
> Different strokes for different folks...
>
> (Hi Dave, long time no see)
>
> --Mike
> ________________________________
> From: sdbug-bounces at sdbug.org on behalf of Miles Teg
> Sent: Wed 2/7/2007 10:14 AM
> To: San Diego's BSD Users Group
> Subject: Re: [SDBUG] OpenBSD's "spamd" usable on FreeBSD?
>
> You're trying to get your ISP to use this software?  hah!
>
> Considering spam is often sent with legitimate SMTP engines, you aren't
> going to get that much spam filtering out of it, so I fail to see how
> you
> can justify the corresponding 3-5 minute delay in email service.  If my
> ISP
> took 3-5 minutes to get emails to my inbox, I would switch services.  If
> it
> somehow blocked all spam, it might be worth it, but anyone using a
> subverted
> or open 3rd party SMTP server as their relay is going to wait the 3-5
> minutes and send you the email again.
>
> Allow me to recommend in its place, a Barracuda Spam Firewall.  This
> "black-box" solution is a Linux box running quite a combination of
> anti-spam
> technologies, including but certainly not limited to SpamAssassin.  With
> one
> of these in place at our business, which has some 10 year old email
> addresses that get spammed like there's no tomorrow, I can't recall the
> last
> time I saw a spam email get through untagged.  I used to run my own
> setup
> with RBL lists (which the barracuda has), spam assassin with updated
> rule
> sets, my own custom filters that I would maintain, everything I could
> think
> of.  And it was a huge waste of time.  The effectiveness was mostly
> limited
> to spamassassin and the rbls, and while I was able to take quite a chunk
> out
> of spam, maybe 70%, it didn't even come close to what the barracuda
> achieves.  And now, it's someone else at Barracuda spending their time
> tuning the damned thing instead of me.  It also has anti-virus filtering
> built in.  Since I have installed this unit, complaints about spam have
> gone
> to 0, email viruses infecting my office network have gone to 0, and
> complaints about false positives have gone to 0.
>
> I do not own stock in, nor am I a reseller for, nor am I affiliated in
> any
> way with Barracuda, I am just very satified with their anti-spam
> firewall
> product.  I also use their anti-spyware firewall which uses a squid
> based
> web proxy to filter phishing and spyware sites and downloads.  Both of
> these
> products are based on open source solutions, with the added value of
> having
> the Barracuda people tune and update the rules and tests for the
> products
> constantly.  The units are updated by Barracuda very often, sometimes
> hourly.  The price for the units depends on the size of the unit you
> need,
> but I got the smallest ones and they still handle the traffic easily and
> handle multiple domains.  The yearly cost for the service on the
> anti-spam
> firewall is like $1500 a think, which I spent *way* more than $1500 of
> my
> time per year working on filtering spam, searching for lost false
> positives,
> and removing viruses and spyware from my office lan.
>
> If you're a business owner or IT administrator at any mid-sized
> business, I
> have to recommend the Barracuda anti-spam product.
>
> http://www.barracudanetworks.com/ns/?L=en
>
> ----- Original Message -----
> From: "Peter Leftwich" <Hostmaster at Video2Video.Com>
> To: "SDBUG" <SDBug at SDBug.Org>
> Sent: Friday, January 26, 2007 5:37 PM
> Subject: [SDBUG] OpenBSD's "spamd" usable on FreeBSD?
>
>> Has anyone used "spamd" on FreeBSD?  I'm trying to get my ISP to use
> it.
>>
>> If I understand it correctly, it is a sendmail clone, but with one
> major
>> difference (improvement?) -- incoming messages are told, "Hollld on a
> sec,
>> let me see if I can deliver your message, please wait 3-5 minutes then
> try
>> back."  And if the incoming message is a spammer, then THEIR side of
> the
>> sending gives up and does not legitimately retry.
>>
>> The sacrifice is only that the recipient cannot receive a message
>> immediately.
>>
>> But, sounds great!