From: Sean B. Straw
At 18:16 2005-02-03 +0100, Dallman Ross did say:
Precis: Spam levels expected to rise with suddenness
soon, as blacklists become less effective.
Er, spammers have been using trojans for a while now already. Yes,
traditionally, the user's own PC is converted into a mail
server and it
delivers mail directly. With some large ISPs (earthlink
comes to mind)
blocking outgoing SMTP originating from user systems, this
However, viruses have for some time used the user's own ISP
mail server (or
at least that of the forged address snarfed from their saved
deliver messages, thereby lending some apparent legitimacy to
(for instance, you can't block them using a dial-up list type DNSBL,
because the machine passing the message to your host is an actual ISP
mailserver, not the user's own machine).
Yes, blacklists aren't particularly effective against this
Well not sure where your getting your info from but my maillog and the
feedback from many other mail server admins seems to refute your stand.
We block literally thousands of emails on a weekly basis using those
same DNSBL lists. Sendmail configured to use the 'dnsbl' FEATURE with
one or more lists is a highly effective method of spam stomping. These
lists don't care what address there is on the inbound email, only what
IP address was given by the relays (or the server it's self) as to where
it was coming from.
As for virii worms using the ISP's mail servers for relaying, not true.
The SMTP server in the virii does it's own DNS look up for the target
domains MX record and then does the connection it's self. You might be
confusing 'zombie' spam from spam sent from spam servers that have not
been identified or those dynamic IP ranges that were missed. Once
identified it's rare you see mail from that IP again once they are on
Ironically, effecive post-reception filters are
at eliminating virtually all the spam,
No more so than a good 'dnsbl' setup at the MTA level is/was. In fact
it's best to do both so your bases are covered.
The funny thing is that one of the most popular post-reception filters
(Spamassassin) uses DNSBL lists also and I'm sure a few others do as
well. So they too will be affected by this since they look for the same
info and it will no longer be as effective or useful as it was before.
but once they've brought the crap
INTO my server is when I get especially pissed about it - the
rejected during the SMTP connection have a minimal impact -
generate a lot of net traffic or CPU load (though gobs and
gobs of them can
still borderline a DoS). once you've forced your way into my
you're providing me with further identifyable information - complete
headers, URLs in the spew, etc - which can be used to identify the
spammer. Plus, for those areas which have anti-spam "laws"
(such as they
are), actually having the spam in hand is a crucial part of
being able to
prosecute them - rejecting a billion SMTP connections based on the
originating IP wouldn't prove to be concrete evidence that
messages would have actually been spam.
I'd prefer to not waste the CPU cycles in allowing these onto my server.
MTA level rejecting is the best method in dealing with spam. The amount
of load for doing a 'REJECT' is far less than letting them in and having
other filters work on each message. True that some do come through
anyway but you want to kill spam in stages and not let just one filter
deal with it all. Think of it as lines of defense where each message
must get through them all before it arrives at a mailbox.
As for prosecuting, unless you have deep pockets it's a waste of time
and money. All you need to do is look at how "effective" the courts have
been at enforcing the few monetary judgments. I think they are 1 for 2
right now. This only after a ton of money on lawyers was spent. Sorry
but no thanks, I'll just keep nuking spam at the gate.
CTO and IS Manager
Consistent Computer Bargains Inc.
I've heard it said that the proof of lunacy is when you repeat the same
steps expecting different results. I say it's proof that you're a
Microsoft user. - comment by deshi777 on experts-exchange.com
procmail mailing list Procmail homepage: http://www.procmail.org/