Re: spamcop blacklisting me because of tmda
At 12:31 PM 1/10/2006, you wrote: Help! SpamCop is blacklisting me because of the interaction of tmda and their spam-trap email addresses. Evidently, some spammers are using these addresses as their forged sender address, and when TMDA replies, spamcop counts that as a strike against me. The only thing I can think of right now is to start using a different IP address for my outgoing SMTP. I can do this, I have most of a class C available. I just don't want to have to patch qmail to do this. In any case, this would only be a temporary solution. Sorry for the late reply - and maybe too late for your switch, but theres no need to patch qmail. http://tmda.net/config-vars.html#MAIL_TRANSPORT http://tmda.net/config-vars.html#SMTPHOST Put it on another IP, only used by tmda confirmation requests. At least that will hold you through till your server upgrade. _ tmda-users mailing list (tmda-users@tmda.net) http://tmda.net/lists/listinfo/tmda-users
Re: spamcop blacklisting me because of tmda
At 12:31 PM 1/10/2006, you wrote: Help! SpamCop is blacklisting me because of the interaction of tmda and their spam-trap email addresses. Evidently, some spammers are using these addresses as their forged sender address, and when TMDA replies, spamcop counts that as a strike against me. The only thing I can think of right now is to start using a different IP address for my outgoing SMTP. I can do this, I have most of a class C available. I just don't want to have to patch qmail to do this. In any case, this would only be a temporary solution. Sorry for the late reply - and maybe too late for your switch, but theres no need to patch qmail. http://tmda.net/config-vars.html#MAIL_TRANSPORT http://tmda.net/config-vars.html#SMTPHOST Put it on another IP, only used by tmda confirmation requests. At least that will hold you through till your server upgrade. _ tmda-users mailing list (tmda-users@tmda.net) http://tmda.net/lists/listinfo/tmda-users
Re: spamcop blacklisting me because of tmda
On 1/10/06 5:08 PM, "Bob Keyes" <[EMAIL PROTECTED]> wrote: > > > On Tue, 10 Jan 2006, Administrator wrote: > >> On 1/10/06 4:31 PM, "Bob Keyes" <[EMAIL PROTECTED]> wrote: >> >> >> First, register for SpamCop as a system administrator. Sign up for alerts >> on spam reported or trapped from your IP addresses/netblock. This will help >> queue you in as to the *when* its happening. Once you know when, then you >> can figure it out logically. Their reports are hour-by-hour, so the best >> you'll do is limit it to an hour or two. > > Considering the huge about of spam that hits here (about one per second) I > wonder if that's going to work too well. > That's a lot of spam. I'd switch to Postfix -- that way, you can execute quite a number of checks and reject messages before getting to the RBLs, which is far more efficient. >> If your server is heavily trafficked, then you'll need an intern or other >> lackey to parse through the logs. If not, then it shouldn't be too painful. >> Just tedious. > > No lackeys are available. Damn, I should start charging people time or > money for accounts. > I do! And you definitely should! >>> >>> I am starting to agree with you about the non-maintainability of qmail. >>> In the past I have dismissed postfix because of the attitude of its author >>> towards my reported security problems many years ago. Perhaps it is time >>> to see if the problem has been fixed, and if so, bury my pride and >>> reconsider postfix. >> >> Yes, Wietse can be rather blunt at times. He's also one of the "real" >> security experts out there -- he knows his shit better than anyone. > > I know he's been around forever. I used to read his posts on the Zardoz > and Core mailing lists (even though I wasn't *officially* on them) back in > the 80's. > > Yes, he lacks tact just like RMS and Theo DeRaadt. I call this the "proud > graduate of the MIT School of Charm". > Yup. Sometimes, though, Wietse is hilarious. He's Dutch. Their just like Germans -- no sense of humor -- but more friendly-like. >> I'd suggest you bury the pride. After doing some benchmarking and >> significant testing, I can say honestly that Postfix outperforms all other >> comers. The ease of use/configuration is a big plus. >> >> I'd be happy to help/advise on a changeover to Postfix. > > OK, I may take you up on this. I am building a new server and this might > be the right time to do the move away from qmail. Not a problem. I enjoy helping my fellow sysadmins. Switching to a new box is the ideal time to change over. Its also an opportunity to get rid of some of the "deadwood" accounts -- you know which ones I mean: the accounts that nobody's logged into for 6 months, but have full mailboxes. I recommend "The Book of Postfix" by Ralf Hildebrant and Patrick Ben Koetter. They are fellow Postfix committers. -- Mark J. Nernberg System Administrator Running Leopard For technical support issues, please email [EMAIL PROTECTED] _ tmda-users mailing list (tmda-users@tmda.net) http://tmda.net/lists/listinfo/tmda-users
Re: spamcop blacklisting me because of tmda
On Tue, 10 Jan 2006, Administrator wrote: > On 1/10/06 4:31 PM, "Bob Keyes" <[EMAIL PROTECTED]> wrote: > > > First, register for SpamCop as a system administrator. Sign up for alerts > on spam reported or trapped from your IP addresses/netblock. This will help > queue you in as to the *when* its happening. Once you know when, then you > can figure it out logically. Their reports are hour-by-hour, so the best > you'll do is limit it to an hour or two. Considering the huge about of spam that hits here (about one per second) I wonder if that's going to work too well. > If your server is heavily trafficked, then you'll need an intern or other > lackey to parse through the logs. If not, then it shouldn't be too painful. > Just tedious. No lackeys are available. Damn, I should start charging people time or money for accounts. > > > > I am starting to agree with you about the non-maintainability of qmail. > > In the past I have dismissed postfix because of the attitude of its author > > towards my reported security problems many years ago. Perhaps it is time > > to see if the problem has been fixed, and if so, bury my pride and > > reconsider postfix. > > Yes, Wietse can be rather blunt at times. He's also one of the "real" > security experts out there -- he knows his shit better than anyone. I know he's been around forever. I used to read his posts on the Zardoz and Core mailing lists (even though I wasn't *officially* on them) back in the 80's. Yes, he lacks tact just like RMS and Theo DeRaadt. I call this the "proud graduate of the MIT School of Charm". > I'd suggest you bury the pride. After doing some benchmarking and > significant testing, I can say honestly that Postfix outperforms all other > comers. The ease of use/configuration is a big plus. > > I'd be happy to help/advise on a changeover to Postfix. OK, I may take you up on this. I am building a new server and this might be the right time to do the move away from qmail. _ tmda-users mailing list (tmda-users@tmda.net) http://tmda.net/lists/listinfo/tmda-users
Re: spamcop blacklisting me because of tmda
On 1/10/06 4:50 PM, "Dave Steinberg" <[EMAIL PROTECTED]> wrote: >>> But, back to the filtering: how do I determine which email addresses are >>> the spam traps? They keep them secret for a good reason. >> >> >> That's not easy. >> >> First, register for SpamCop as a system administrator. Sign up for alerts >> on spam reported or trapped from your IP addresses/netblock. This will help >> queue you in as to the *when* its happening. Once you know when, then you >> can figure it out logically. Their reports are hour-by-hour, so the best >> you'll do is limit it to an hour or two. > > This seems to me like good general practice, so I went and tried to find > how to sign up as you mention. I couldn't find it on their site - would > you mind pointing me to the right spot? http://www.spamcop.net/w3m?action=ispsignupform -- Mark J. Nernberg System Administrator Running Leopard For technical support issues, please email [EMAIL PROTECTED] _ tmda-users mailing list (tmda-users@tmda.net) http://tmda.net/lists/listinfo/tmda-users
Re: spamcop blacklisting me because of tmda
On 1/10/06 4:31 PM, "Bob Keyes" <[EMAIL PROTECTED]> wrote: > > Depends on the filling. For pie, I like blueberry, but for cake I like > chocolate, especially with creme and the espresso. Yum. Thanks a lot, now > I am hungry. > Oops, sorry! > But, back to the filtering: how do I determine which email addresses are > the spam traps? They keep them secret for a good reason. That's not easy. First, register for SpamCop as a system administrator. Sign up for alerts on spam reported or trapped from your IP addresses/netblock. This will help queue you in as to the *when* its happening. Once you know when, then you can figure it out logically. Their reports are hour-by-hour, so the best you'll do is limit it to an hour or two. If your server is heavily trafficked, then you'll need an intern or other lackey to parse through the logs. If not, then it shouldn't be too painful. Just tedious. > >>> The only thing I can think of right now is to start using a different IP >>> address for my outgoing SMTP. I can do this, I have most of a class C >>> available. I just don't want to have to patch qmail to do this. In any >>> case, this would only be a temporary solution. >> >> Along with my previous advice: get rid of qmail. It is not really >> maintained, and patches aren't the right way to do it anyway. > > I am starting to agree with you about the non-maintainability of qmail. > In the past I have dismissed postfix because of the attitude of its author > towards my reported security problems many years ago. Perhaps it is time > to see if the problem has been fixed, and if so, bury my pride and > reconsider postfix. Yes, Wietse can be rather blunt at times. He's also one of the "real" security experts out there -- he knows his shit better than anyone. I'd suggest you bury the pride. After doing some benchmarking and significant testing, I can say honestly that Postfix outperforms all other comers. The ease of use/configuration is a big plus. I'd be happy to help/advise on a changeover to Postfix. -- Mark J. Nernberg System Administrator Running Leopard For technical support issues, please email [EMAIL PROTECTED] _ tmda-users mailing list (tmda-users@tmda.net) http://tmda.net/lists/listinfo/tmda-users
Re: spamcop blacklisting me because of tmda
On Tue, 10 Jan 2006, Administrator wrote: > > > > On 1/10/06 3:31 PM, "Bob Keyes" <[EMAIL PROTECTED]> wrote: > > > Help! SpamCop is blacklisting me because of the interaction of tmda and > > their spam-trap email addresses. Evidently, some spammers are using these > > addresses as their forged sender address, and when TMDA replies, spamcop > > counts that as a strike against me. > > Why not filter through your mail server logs for the spamtrap addresses? > Then block email to them from your SMTP server -- in addition to blocking > those addresses as sender addresses. > > With Postfix, that is a piece of cake. (Or easy as pie ... whichever you > prefer. Me, I like cake.) Depends on the filling. For pie, I like blueberry, but for cake I like chocolate, especially with creme and the espresso. Yum. Thanks a lot, now I am hungry. But, back to the filtering: how do I determine which email addresses are the spam traps? They keep them secret for a good reason. > >The only thing I can think of right now is to start using a different IP > > address for my outgoing SMTP. I can do this, I have most of a class C > > available. I just don't want to have to patch qmail to do this. In any > > case, this would only be a temporary solution. > > Along with my previous advice: get rid of qmail. It is not really > maintained, and patches aren't the right way to do it anyway. I am starting to agree with you about the non-maintainability of qmail. In the past I have dismissed postfix because of the attitude of its author towards my reported security problems many years ago. Perhaps it is time to see if the problem has been fixed, and if so, bury my pride and reconsider postfix. Regards, Bob Keyes _ tmda-users mailing list (tmda-users@tmda.net) http://tmda.net/lists/listinfo/tmda-users
Re: spamcop blacklisting me because of tmda
On 1/10/06 3:31 PM, "Bob Keyes" <[EMAIL PROTECTED]> wrote: > Help! SpamCop is blacklisting me because of the interaction of tmda and > their spam-trap email addresses. Evidently, some spammers are using these > addresses as their forged sender address, and when TMDA replies, spamcop > counts that as a strike against me. Why not filter through your mail server logs for the spamtrap addresses? Then block email to them from your SMTP server -- in addition to blocking those addresses as sender addresses. With Postfix, that is a piece of cake. (Or easy as pie ... whichever you prefer. Me, I like cake.) >The only thing I can think of right now is to start using a different IP > address for my outgoing SMTP. I can do this, I have most of a class C > available. I just don't want to have to patch qmail to do this. In any > case, this would only be a temporary solution. Along with my previous advice: get rid of qmail. It is not really maintained, and patches aren't the right way to do it anyway. -- Mark J. Nernberg System Administrator Running Leopard For technical support issues, please email [EMAIL PROTECTED] _ tmda-users mailing list (tmda-users@tmda.net) http://tmda.net/lists/listinfo/tmda-users
