[CLUE-Tech] Stopping freakin' spam on the mailman lists
charlie oriez
coriez at oriez.org
Tue Jul 23 20:41:42 MDT 2002
On Sunday 23 June 2002 17:36, Jeffery C. Cann wrote:
> Arrgh.
>
> For some reason, pipermail (the program that archives our mailman lists)
> does not hide poster's email addresses.
>
> Given the sheer number of clue-tech email messages no on google, I have
> noticed an increase of in number of attempted postings to the list. None
> reach the list because the bots haven't figured out how to subscribe and
> then spam automatically. However, as one of the list adminstrators, I am
> annoyed because each attempt by a spam bot to post to the list results in a
> message for me to authorize the non-subscriber's post.
>
> So, I am crying 'uncle' and asking for some advice on what software we need
> to set up to reduce the amount of spam that is pushed to our email lists.
> We are running sendmail, btw.
>
Jeff -
I'm part of the team that runs sendmail on a linux system for the Rocky
Mountain Chapter of the Sierra Club. We run about 60 or 70 lists plus
forward mail for our activists using our alias file.
We've configured sendmail v8.9.3 to query the osirusoft suite of blacklists.
As a result, our lists get virtually no spam attempts of this nature that
come to human attention (other than my weekly look at the reject logs).
We've also gotten a very low amount of false positives on our rejected mail.
We implemented osirusoft using the FEATURES capability of the sendmail config
file.
Osirusoft queries spamcop, spews, and about a dozen other common blacklists
and returns a code which sendmail uses to either set a warning header or
bounce the mail. We bounce. I should note that most of the origination
points of spam rejected by our server are listed on an average of 13-14 of
these dnsbls.
One downside - anyone on Verio runs the risk of being unable to post to the
list. This is because Verio has a track record of refusing to cancel
spammers in a timely fashion (eg - postmastergeneral, itbuyers.net, etc), and
large areas of their net space has been declared persona non grata by SPEWS.
Personally, I dont have a problem with that - anyone choosing to do business
with verio is choosing sides, and choosing the wrong side, in the spam wars.
You need to be aware of that though.
I don't believe the exposure to be great - I monitor my own reject logs for
anything that might be called a false positive. I have not bounced any CLUE
list traffic in a long time, and the one time I did it proved to be a coding
error on my part in a procmail filter (I was blocking a /16 when I intended
to block a /24) rather than SPEWS being overly aggressive.
http://relays.osirusoft.com
Another option you have is to refuse mail from any site where rdns is not
properly configured. Most spam these days comes through open relays or open
proxies. Once the spam hits and gets reported, the open relay or open proxy
gets onto the appropriate dnsbl in the osirusoft suite and gets blocked by
users. The interesting thing is that most administrators who leave security
holes open on their system also can't figure out how to get rdns configured
correctly, so refusing traffic from systems without rdns configured seems to
stop additional spam from new sources even before it gets reported to the
blacklist maintainers. You can probably get implementation directions from
the anti-spam fanatics :-) on news.admin.net-abuse.email
third option - there are challenge/response systems out there. somedec.com
over in Aurora is using one, though I dont remember the name. Most spam
arrives with forged from/reply-to headers (big surprise, right?). When you
get mail from an unknown source, your system autoreplies asking for a live
person to respond. Once they respond, they're whitelisted in your db unless
you say otherwise. This challenge mail sent to a forged address will bounce
so you'll never see the original spam.
These different methods can be used together without problems.
--
Charles Oriez coriez at oriez.org
39 34' 34.4"N / 105 00' 06.3"W
**
Si Hoc Legere Scis Nimium Eruditionis Habes
More information about the clue-tech
mailing list