D&C Lug - Home Page
Devon & Cornwall Linux Users' Group

[ Date Index ][ Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] can we greylist the USA?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Adrian Midgley wrote:
|
| 80% or more of spam comes from the US - originates there and actually
emanates
| from unsecured Windows boxes on their cable etc networks.

At work we basically had to blacklist some of the large ISPs DSL ranges
to protect our email servers - we were seeing 40 or 50 spambots
swallowing up all the available processes connected pretty much until
disconnected, and when you swat some others appear like a swarm.

Interestingly it had minimal effect on volume of spam delivered, a lot
of these are trying random addresses, or sequential addresses in the
domain, and that is pretty ineffective except to find new addresses.

| While in other parts of the world I'm inclined to blacklist and screen
_out_
| spam, for the US I think it is time to screen _in_ IE to be seen a sender
| must convince me that they are someone I want to hear from - a list or
| someone to whom I have been introduced.

I think trying to do it by part of the world is mistaken. IP addresses
just don't map nicely, nor do domain names, and abuse comes from
China/Korea as much as the US in my experience.

You are also confusing sender with IP address, too much time on the SPF
list? ;)

| SO is there a list of all US IP ranges, and is there a tool for doing
it on
| Linux?

All major MTA will blacklist IP ranges, or as we did reverse lookup of
IP address.

They all also blacklist by relay blocking list, although many of the
relay blocking lists wouldn't, I think, be suitable for use in a
professional capacity. GXN insist on using one of the Japanese blocking
lists, and managed to block email from us (one of their clients) for
months over a flaw in one web to email form that was quickly fixed.

Similarly one of our servers is blocked at some sites because it
forwards email to someone who complained, despite them having to have
signed up for the service. It is all to arbitary and unaccountable, and
usually run by people whose email is less critical, and who are rabidly
antispam to the point of losing genuine email not being a "big issue".

These days "greylisting" has come to mean automated recognition of
systems that behave like real MTAs, and although it isn't perfect (some
MTAs behave badly), it would probably be of interest. Check out
"greylistd" initially.

TMDA (tmda.net) is the main tool for whitelisting correspondents, and
the website lists other similar products.

I use TMDA at home because I don't control the main SMTP server (Demon
do), but where you run the SMTP server I think prefiltering with a good
antispam filter is sufficient for all but the MOST spammed. TMDA might
also have a place in schools to kill all the random unpleasant spam that
occaisonally gets through other filters. But I think the main thing is
to kill before accepting, or to reply, just don't bitbucket email that
could me just misaddressed, or misclassified, down that route lies email
hell - although Spam Assassin is heavily tuned to try and avoid false
positives it still gives them.
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFBN1XNGFXfHI9FVgYRAmIcAJ0cEyXOQOZG4myzalwR3wCZhNiBPgCgjQEg
VXRaQVxSauPKnDi0whm5pj4=
=rfX9
-----END PGP SIGNATURE-----

--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.



Lynx friendly