Etaoin Shrdlu wrote: > Okay, I'm ready to ramp up to annoyed with the attempts against my > mailservers. I recall some time ago that Labrea was popular, however, it > seems to have disappeared. In fact, the mailing list at sourceforge is > nothing but pornographic spam (I realize I just lost part of my > audience, who are now off to check it out). > > First, the ground rules. I *want* to have my machines with sendmail > running, and available externally. I'm not looking for any solution that > involves NAT, or proxies, or similar stuff. What I *am* looking for is > an approach that will slow down the crap. Greylisting software is okay > by me, and I'm happy for any suggestions on that. > > Really, no one outside should be sending email to my machines, except > for oh-so-rare occasions, and having a whitelist of allowed senders > would probably work, as would other approaches. > > My current approach is to kill -9 sendmail on the machines until the > automated scanners give up and go away, and then go back in and restart > it. This is a bit cumbersome, and very annoying. > > Ideas? > > What happened to Labrea anyway? > > things to do from easy to hard (and easiest to setup incrementally in this way for fast rejects) 1) RBLS - they work variably. different ones are good at different things. pick 3-4. They reject mail quickly and early with very low overhead. Sendmail used to have a list of dnsbls, but I haven't really kept up with the state of the art (for reasons to be explained in #4 below). Lopsa.org uses bl.spamcop.net, list.dsbl.org, and zen.spamhaus.org. There used to be a great list of dnsbls and what their 'philosophy' was. I can't find the same thing now (30 sec of searching), but this might be a good start: http://www.sdsc.edu/~jeff/spam/Blacklists_Compared.html 2) greylisting. It's relatively easy to setup. It causes some delay to people who might mail you out of the blue. It does support whitelisting though. Variable effectiveness. 3) SpamAssassin. It takes a bit of setup and periodic handholding and a learning curve. 4) Bayesian filter. This is not on your mta, though, but a filter that acts on stuff that gets through the rest of the filters and before it goes into your mailbox. (procmail is a good place to put this, or in the POP client like POPfile or the like - I use spamprobe in procmail). It takes a huge amount of initial setup taking a while to train initially and then a bunch of housekeeping over the next couple of months to cleanup the false positives and false negatives. After this time, it takes progressively less housekeeping. I estimate I now spend about 5 minutes every couple of weeks checking things out and retraining it with 'ham' and 'spam'. It is highly effective and innoculates me from the 30 spam per hour that would otherwise end up in my inbox (at last counting). I might get a couple of spam every couple of days now, which is easy to hit delete or just save it for later training. Bayesian analysis has a high overhead, so I save it for last after the easy and less effective stuff is done. Also, it tends to be highly personal in nature. One man's spam...
* SpamAsassin also contains a Bayesian filter, if you wish to do the all in one, but you don't have to have SpamAssassin to have one. _______________________________________________ Discuss mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
