D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Linux - viruses etc

 

Anyone using SPF 

Sent from my iPhone

On 6 Feb 2013, at 22:23, Simon Avery <digdilem@xxxxxxxxx> wrote:

>> I used to do that - then gave up.
> 
> Tut, no staying power, you youngsters. :)
> 
>> Up-front is NoListing.
> 
> Do you find this useful? When I researched it, much ratware was only
> sending to the secondary MX on the logic that it was likely to be less
> well defended.
> 
>> Next is an RBL check. Sadly I feel that total blocking based on the various
>> RBL lists out there is not a good thing to do these days, so if an incoming
>> connection fails the RBLs I check against, then it's plan B.
> 
> I score based on RBLs as part of a fairly comprehensive set of rules.
> I disagree on some RBL policies, but there are enough around to allow
> me to avoid those.
> 
>> Plan B is Greylisting.
> 
> I've done that too, then discarded it. The delay it added was
> frustrating and eventually unacceptable. Some wouldn't retry for 5-30
> minutes, by which time you've forgotten why you asked for that
> password reset was resent and moved onto something else. I like fast
> email.
> 
>> Mimedefang just flags the message as 'spammy' at that point, then it's up to
>> my MUA to filter the message into the spam folder. I don't use my MUA's own
>> filters, but I use procmail. This also filters messages from mailing lists,
>> etc. into their own folder rather than cluttering up my inbox.
> 
> Not used mimedefang. I found procmail too much effort to maintain over time.
> 
> I don't currently use bayesian or train ham/spam. I found it nearly
> always ended up being overly paranoid and flagging everything as spam.
> 
> I toyed with tarpitting for over a year too, but eventually decided
> that it made sod all difference in the grand scheme of things.
> 
>> I offer this to my customers but without the hard-coded filters. Incredibly,
>> some of my customers actually want email from some of the people who break
>> all my own rules of sense and sensibility. Their loss.
> 
> Heh. I had somebody last week tell me their contact (at a college) had
> said their email to us was being bounced. I checked and I'd added them
> several years ago because they were sending "Info newsletters" at too
> high a frequency and ignored our request to stop. That request came
> from the same person who was asking now why they weren't getting mail
> from them. :)
> 
>> Spam is manageable, but it needn't be a chore.
> 
> Don't misunderstand me, I don't spend much time on it now. Perhaps
> five minutes a month changing scores based on what slips through. At
> some perverse level I have some strange enjoyment about tweaking,
> nudging and gradually improving - then learning what the new angles of
> attack are being used and why.
> 
> It's also interesting to hear how other people tackle it - and great
> that there's diversity. If we all blocked in the same way it would
> make it very easy.
> 
> Sometimes it's laughable how badly written some of these ratware tools
> are, - for example, this little bit in exim rejects hundreds of spam
> mails a day;
> 
>      deny
>      message     = Serious MIME defect detected ($demime_reason)
>      demime      = *
>      condition   = ${if >{$demime_errorlevel}{1}{1}{0}}
> 
> So many ratware tools use broken mime encoders. The *only* time this
> fails on genuine email is when Eset, the anti-virus people, send me
> our keyfile when I renew our contract - because their mailer sucks
> too!
> 
> Then, when I'm done laughing at how poor the tools are, and how poor
> they've been for years and years, I get sad because they don't *need*
> to be clever to make money or defraud people, or trick them into
> running malicious software. They are getting better, slowly, as Rob
> says - but most people are trusting and believe what they read if it's
> not too blatant.
> 
> Email is very old technology  - it's the shining example of something
> basic that has been poked and prodded and pushed into shapes it's
> really not suited for. It's inefficient, hogs bandwidth and is misused
> by almost everyone who uses it. But despite decades of bodges,
> kludges, mistreatment and waste, it works and is so well supported
> that it'll be around for years - and so will the problems that go with
> it.  After all, what's the alternative?
> 
> -- 
> The Mailing List for the Devon & Cornwall LUG
> http://mailman.dclug.org.uk/listinfo/list
> FAQ: http://www.dcglug.org.uk/listfaq

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq