Re: [Declude.Virus] Accepting SPAM pads spammer's success stats

[Matt]

There was a discussion about this on the JunkMail list about a month ago (which is more appropriate for this topic). VamSoft has a product, ORF ($99), that plugs into MS SMTP and can be loaded with a text file that will do envelope rejection of addresses that don't match the strings you give it (i.e. your list of users).  Research ExtractUsers for a way to pull this list from the registry. You can configure MS SMTP to listen on port 25, and hand off to say port 2525 where you can configure IMail to listen on the same box.  You need to download the MetaBase editor to configure MS SMTP to hand off to a different port. There is no way to get Declude to do envelope rejection because IMail doesn't allow it.  I wouldn't rely on just VamSoft for spam blocking, though you could do rejection/weighting based on RBL's within ORF and reduce the load on IMail/Declude greatly.  Note that I don't currently use this application, though I am preparing to because of the need to not have a secondary MX accept every last piece of E-mail. Matt Rick Davidson wrote: I should have been more clear, I use gateways in from of Imail peer groups neither can use the nobody alias becuase they do not know where the mail is going to be delivered. Currently I have two gateways in front of a 7 server peering group Rick Davidson National Systems Manager North American Title Company 440-953-9346 - Office 440-953-0925 - Fax 440-487-7344 - Mobile [EMAIL PROTECTED] - ----- Original Message ----- From: "Matt" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 12, 2004 5:25 PM Subject: Re: [Declude.Virus] Accepting SPAM pads spammer's success stats Remove the "nobody" alias and IMail will reject all invalid addresses during the SMTP envelope. Matt Rick Davidson wrote: As a long time anti-spam combatant and Declude user I am seeing something I am interpreting as another way spammers are exploiting us. The problem with this scenario is that it is a catch22 because we cant bounce spam back to the senders. I used to own an ISP but sold it a few months ago due to the stiff competition and had been using Imail and Declude as spam and anti virus gateways, which I am now doing for the large company I work for now. I see guys asking about server specs and high spam loads so this prompted me to share what I have seen and am now seeing in my new workplace. It seems that the more successful we are at stopping spam the more then send to us, not just to valid addresses and dictionary type deliveries but large volumes of spam that have no chance of being sent to a valid user for example [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] and so on on and on and on and on. I have seen this in the millions of messages and I believe its because we accept the mail and delete it because its obvious spam. The spammers then can say to their customers that they delivered some huge amount of their advertisements when in fact they just sent invalid recipient email to our mail vaporizers because they know we will accept it. The company that bought my ISP is Unix based and was able to write a program that looked at a list of valid email addresses and only accepted the connection if it found a valid recipient. And then after x amount of invalid user attempts they blacklisted the IPs. We found over 30,000 spam zombies were responsible for the invalid user email flood, I felt better knowing I didn't stand a chance of manually adding IPs to the Imail access control lists but still made me very angry. So is there a way to deal with this? How can we check for valid users before we accept the SMTP connection itself when using a gateway or peering configuration? Would it be possible to use the DNS blacklist concept but have our users on there so it becomes a DNS whitelist? Bottom line is that ALOT of our spam and virus processing overhead and could be stopped at the SMTP connection level. Short of hiring hit men to thin the Rokso list what can we do? Scott, Could you at least write a run first test to check a text file for valid users and if it doesn't find one fail the message and stop all further testing? If we can do this now can you provide and explanation of how? Comments? Ideas? Thanks for listening, Rick Davidson National Systems Manager North American Title Company --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================