Spam Blocking Engine for OpenBSD 274
mkeke writes "In a post over at OpenBSD Journal, Theo states that he has written a spam blocker that works with pf and Spews.
It looks darn cool :)"
"It takes all sorts of in & out-door schooling to get adapted to my kind of fooling" - R. Frost
550? 450? (Score:5, Informative)
Re:550? 450? (Score:2, Informative)
char *reply = "450";
i'm guessing the 550 is a typo in the message body.
Re:550? 450? (Score:5, Informative)
Incidentally, the code actually has a command line option to choose between 450 and 550.
Re:550? 450? (Score:2)
Spews = /m\ (Score:5, Insightful)
Re:Spews = /m\ (Score:2, Interesting)
Perhaps because SpamCop is overzealous to the point of stupidity?
See, for instance:
Quite frankly, Julian Haight comports himself like a True Asshole. Admittedly, Theo can be rather terse himself, but he generally doesn't cause innocent third parties distress while attempting to achieve his goals.
Re:Spews = /m\ (Score:4, Interesting)
Using spews is going to cause third-party distress.
Re:Spews = /m\ (Score:3, Insightful)
And spews doesn't? Spews randomly blocked a consulting company's netblock I worked for part-time simply because that our block was next to a "known spammer's" block.
I just went to SPEWS' website. It appears that this falls within their listing criteria. I'll take it you don't agree with their listing criteria.
When they politely asked to be removed and pointed out that according to their own evidence file that their netblock had nothing to with spam, they were met with very hostile responses and told to essentially ditch their teleco provider because they'd never unlist anyone.
They talked to SPEWS? It says here SPEWS doesn't talk to anyone. Are you sure? That statement appears highly misleading. Are you certain they didn't talk to news.admin.net-abuse.email?
They admitted that they simply block IPs in a form of "collateral damage" because they feel like it to hurt legitimate businesses so they flee their network provider.
Boy, this is so misleading as to be approaching a lie. They really, really talked to SPEWS, huh? And "spews said"...?
Look at antispews.org [antispews.org] for more info on their flagrant abuses and why you shouldn't use spews.
The fact that you disagree with their listing criteria is all fine and good; that is your right. But there seem to be lots of outright wrong information on that webpage.
My server, SPEWS recommends, my decision whether to trust them, and my decision as to their effectiveness.
Re:Spews = /m\ (Score:3, Insightful)
SPEWS is used because it works. It is NOT the job of my ISP to tell your ISP to kick off their spammers. If your upstream is providing an open haven for criminals, don't be surprised when no one wants traffic from your upstream.
Remember, your consulting company wasn't being blocked. Your consulting company didn't own the ISPs. SPEWS wasn't blocking anything (anyone who claims that SPEWS blocks is either ignorant or lying), SPEWS was merely listing IP addresses owned by the upstream provider. It isn't SPEWS's probem that your upstream is rogue and that no one wants their traffic.
Re:Spews = /m\ (Score:5, Insightful)
I understand the principle involved, and admit a fair bit of sympathy for that point of view. However, for some of us, switching ISPs isn't a luxury we have. I live in a small Midwest town. My options are:
Say that I discover that the local ISP (which has probably a 98% market share here) has some customers with open relays. What do I do? Buy a T1 and contract with Qwest, or get out of online business altogether?
In practicality, I don't have the option to switch, regardless of my ISPs policies.
Fortunately, the provider is run by a great set of people, and employees several real system administrators, so I don't really have to worry about this hypothetical problem. That's a Good Thing, because I'm pretty well stuck where I am.
Re:Spews = /m\ (Score:2)
Call Qwest and keep bitching up a storm. They'll get sick of you eventually and they'll HAVE to act just to shut you up.
Of course, given that Qwest openly tolerates criminal activity, including DDoS attacks, from their customers, I suspect that their action might just be telling you that they don't want you as a customer since you aren't actually breaking the law.
Re:Spews = /m\ (Score:2)
as it says, "you should have hit the preview button". posts are in stone
as for emailing for responses...check your message preferences.
It thougt it was spam though (Score:5, Funny)
I thought half the email on the planet was spam though!
Re:Spews = /m\ (Score:2)
SpamCop's blacklist announces hosts with a bad no-spam/spam ratio. As a result, non-US freemail providers tend to end up in SpamCop's blacklist.
SpamCop is honest and they warn [spamcop.net] that the blacklist should only be used for tagging, but many people ignore this advice.
Platform [In]dependence (Score:3, Interesting)
Re:Platform [In]dependence (Score:4, Informative)
Re:Platform [In]dependence (Score:2)
Good concept - quality of execution pending (Score:2, Insightful)
To me, this seems exactly the right strategy, although how well it works in practice will be interesting to watch.
Re:Good concept - quality of execution pending (Score:3, Interesting)
To me, this seems exactly the right strategy, although how well it works in practice will be interesting to watch.
To me, this is about as hypocritical a strategy I can imagine. If something is wrong, it's wrong.
Re:Good concept - quality of execution pending (Score:4, Insightful)
If someone wishes to run an open relay and be a conduit for spam, why should he be granted immunity from consequences?
Re:Good concept - quality of execution pending (Score:2)
So will the demand for Jerry Springer and reality shows. In other words, it ain't gonna happen.
Spews is NOT the right way to filter e-mail. (Score:5, Informative)
Please take a look at http://www.antispews.org for more information before using SPEWS.
SPEWS is necessary & effective at hurting spam (Score:5, Insightful)
If you can suggest something that is half as effective at raising the cost for spammers as SPEWS, please suggest it. SPEWS forces providers to decide whether they want to host exclusively spammers or host exclusively non-spammers.
But if your goal is merely to filter spam (making life easier for the spammers) then you are right. SPEWS is not the way to do that.
Re:SPEWS is necessary & effective at hurting s (Score:5, Insightful)
First of all, I don't think most network administrators -- or their bosses -- know what they're getting into when they use Spews to police their network. If you are an admin who signs your company up for it, be prepared to have this conversation:
And -- you think Spews is effective? After being put on their list I had a grand total of one person unable to receive my mail. I have a dozen other people using my server to send and receive mail to hundreds of people, and according to my logs, among all of us, the sum total of people who couldn't get our email was two. That's the most pitiful boycott I've ever seen.
Re:SPEWS is necessary & effective at hurting s (Score:5, Interesting)
After that, I turned on my own bayesian filtering and said F the rest of the network/users.
-Ben
Re:SPEWS is necessary & effective at hurting s (Score:2)
You are absolutely right. Although I advocate using things like SPEWS, you must make it clear that it will block mail from legitimate users. You either have to persuade people that this is right (as I believe) or not do it that way.
See this policy statement [cranfield.ac.uk] as an example of using such a policy, while making it clear that it will block mail from legitimate users.
Re:SPEWS is necessary & effective at hurting s (Score:2)
That seems pretty effective to me.
Oh, and the boss loves it. As soon as we implemented the filters his spam load saw a *huge* decrease. He has even used the filters as a way to persuade a few of our more foolish clients to fix their open relays.
SPEWS shoots itself in the foot (Score:2)
1. I am customer of a small ISP. I don't send spam, and my ISP actively fights spam. Nevertheless, my ISP is on SPEWS - bad luck, wrong netblock.
2. I have zero incentive to change my ISP, and thus my ISP has zero incentive to put pressure on their upstream network operator.
3. Why ? Because I am blocked by bad luck, nothing else. I could change the ISP, but any new ISP might have the same bad luck. Changing providers will cost money, and will not secure me from future problems of that sort.
In short: the overzealous blocking by SPEWS removes any incentive to change ISP or exert any pressure on upstream providers. If it's just bad luck to be blocked, it may happen anywhere and anytime, and changing providers does not make any sense.
Re:Spews is NOT the right way to filter e-mail. (Score:5, Interesting)
Thanks for the link. I'll confirm that Spews is not the way to go. Well, it depends on whether your goal is to block spam for your users, or just to piss people off.
If you're a network admin and you want to block spam for your users, try something else.
If you just want to piss people off, Spews is great. My personal mail server (very kindly hosted for me for free on a friend's network) was put on Spews' blacklist. My server has never in its lifetime sent a single spam, of course. But Spews had found four (count 'em) examples of spammer websites (not spam-sending machines) on the IP blocks owned by the people who my friend bought access from, twice removed. Because of these four claimed spam websites, Spews put FOUR CLASS A's on their list.
That's right -- a quarter-million IP numbers were blocked because they didn't like the policies at four IP numbers.
Wait, did I say four? When I checked up on them, two had already moved to other providers, one I couldn't find, and only one was still there. So my server, and a quarter-million others, were being blocked because the Spews people disagreed with one solitary website. Hosted by a company that I have no relationship with.
It goes without saying that attempts to get my server whitelisted failed.
And I do question the value of their blocking my mail server. Like I said, I was being hosted for free just because I have helpful friends... my moving to another network actually saved them money!
Somehow, I think most net administrators, if they knew that Spews' purpose was political and not technological, would be less likely to use it. There are plenty of other blacklists out there. What are the good ones that don't hijack your networks to apply political pressure?
Re:Spews is NOT the right way to filter e-mail. (Score:2)
Re:Spews is NOT the right way to filter e-mail. (Score:3, Insightful)
Perhaps you meant class B's? Four class A's would have been 67 million. I doubt even SPEWS is that stupid. Wait, this is SPEWS we're talking about.
Re:Spews is NOT the right way to filter e-mail. (Score:2, Insightful)
I think too many hosting companies are far too lenient when it comes to booting spammers -- if they do anything at all. Honestly, I think going overboard on blocking will be a great asset in getting these clowns off their behinds.
It is impossible to get off their list
That is lame, if they have cleaned up their act. I'd say make it easy to be taken off once. After that, forget about it. Having little anti-spam programs running on every PC is just silly. Unless serious action is going to be taken, it's just wasted effort.
P.S. Ever notice spew is oops backwards :)
Re:Spews is NOT the right way to filter e-mail. (Score:3, Redundant)
Don't use SPEWS! [antispews.org]
See the newsgroup news.admin.net-abuse.email [google.com] to see just how the spews people treat those who politely ask for erroneous entried to be removed and PROVE they have nothing to do with spammers.
Re:Spews is NOT the right way to filter e-mail. (Score:2)
We use SPEWS. It reduces spam to 5% of before. It rocks.
Re:Spews is NOT the right way to filter e-mail. (Score:2)
SPEWS didn't tell you that. Probably it was someone on news.admin.net-abuse.email, which is as about as authoritative as a random reply on Slashdot.
And further more, it isn't true. SPEWS has frequently reacted to spammer-removal within hours (or less).
Re:Spews is NOT the right way to filter e-mail. (Score:3, Interesting)
As a sysadmin for an ISP I can assure you that this is absolutely the case. There is no human contact at Spews, the entire system is automated. Which means that when their system is alerted to a "spammer" within a particular class C, that entire class C is quickly blocked by thousands of misinformed SAs who don't understand that they are in the process going to block legitimate emails that the people within their network have every right to receive.
A hosting provider should be responsible for the domains they host. But there is rarely anything a provider can do to pre-emptively stop a spammer. Just recently, my company signed up a new company for Co-Location. Within a week, this company sent out a huge spam mailing. The moment we saw spam complaints come in we called the company and demanded proof that their mailing list consisted solely of opt-in addresses. They had no proof and their contract was immediately terminated for violating our Acceptable Use Policy. However, at this point our entire class C (housing our main mail server for hundreds of websites and ten times that many individual email clients) was listed in SPEWS database. Apparently this company had, in the past, under a different name, been blacklisted as a spammer. We were now added to the list of their hosting providers and could not, despite our best effort, contact a single human at SPEWS to explain our situation. As a result, for over 3 weeks, thousands of mail servers were rejecting our clients' mail as coming from a spam-server.
I ask you, how does that make the internet a better place?
Spam is a waste of bandwidth, of time, and it's insanely annoying, as a sysadmin I realize that as much as anybody (except maybe Alan Ralsky [slashdot.org]). But SPEWS is a horrible "solution" to the problem. Too many misinformed sysadmins use SPEWS at the expense of those who use their network.
Re:Spews is NOT the right way to filter e-mail. (Score:2)
Re:Spews is NOT the right way to filter e-mail. (Score:2, Funny)
Often it boils down to "The All ighty ollar" [snpp.com]. An irresponsible ISP is willing to let a spammer continue to pay for their outrageous use of bandwidth as long as they can. SPEWS does nothing more than allow the spammer to spread the wealth to other ISPs once their current one is blacklisted. And yes, this ISP should be punished, its sysadmins and CEO should be dragged out into the street and beaten. However, until SPEWS starts carrying out vigilante justice, SPEWS is doing more harm than it does good, and is not a viable spam solution.
Welcome to Spewsville...Where the world is a better place..for some people.
Re:Spews is NOT the right way to filter e-mail. (Score:2)
And if every customer who has a clue about spam and spam support moves to a white hat ISP (yes, the're plenty of them around), the ISP has to close the sooner the better.
Remember: SPEWS lists pro spam ISPs only. And only whole blocks in order that the PREVENTION comes into effect. Sorry for my poor english - it's not my native language as one can guess.
BTW your comparison to the police is really lame. The police is acting on public ground. The servers where my email passing trough is just not public and I (well in my case my sysadmin) can decide who to put in "jail" or not. And yes, I know that SPEWS blocks legit emails but I do not care about it - I do not want to receive emails from spam supporting folks.
Re:Spews is NOT the right way to filter e-mail. (Score:2)
The company I work for was affected by the infinite wisdom of Spews. Apparently a spammer once sent email from an address that happens to share the same leading 16-bits of address space with us. Because of their escalation procedures, a full 8192 sites have been placed on their "spam" list because of a single incident.
I don't think Spews provides any useful service. They don't resolve problems, they encourage you to bury your head in the sand and pretend problems don't exist. Blocking (and thus ignoring) a whole set of unrelated domains because once upon a time, a single spam event happened in a vaguely similar namespace is like banning everyone in the state of California from visiting Las Vegas, because one guy from LA was caught cheating in a casino 10 years ago.
They are a lawsuit waiting to happen. What if a company sends out stock information, or other time-dependant data by email, and they happen to get added to the Spews blacklist? Now clients who are paying $XXX for these notices don't get them, and thus lose a great deal of money. The sender isn't at fault, as they sent the mail in good faith, and they didn't engage in spamming themselves, but had the misfortune of belonging the same class A or B subnet of a spammer. Who's gonna compensate the victims here? IANAL, but I'd be looking at Spews with $$'s in my eyes.
Re:Spews is NOT the right way to filter e-mail. (Score:2)
The conviction of innocence is completely unacceptable in America.
Antispews is spam; SPEWS is good; others are too. (Score:4, Informative)
Actually, antispews.org is likely being operated by spammers, as the Osirusoft FAQ [osirusoft.com] suggests. (If nothing else, they are spammers of USENET newsgroups, since they kiboze [tuxedo.org] for references to "SPEWS" and troll in response, much as Serdar Argic [kkc.net] once did with "Turkey".) Naturally, spammers are pissed off at SPEWS, because it is simply put the most effective tool presently in the field for denying spammers access to (1) victims, and (2) willing ISPs to host them. Innumerable spammers have been terminated as a result of SPEWS listings.
There is no conceivable informed controversy as to whether or not SPEWS is effective at getting spammers off the Net. Whether or not SPEWS is a good tool for your site to use as a tool for reducing your spam count is quite another question. In my personal experience (as a security and email administrator for my site, which is a research institution) SPEWS is extremely valuable. I read my mail logs and ascertain that SPEWS usage blocks spam, with a remarkably low incidence of false positives.
In the past week, our incoming mail server has blocked 969 messages on account of SPEWS, with zero reports of false positives from our users. (To be honest, we get about one such report a month, and we whitelist the offending IP address. It's usually in China; we have several Chinese researchers.) Our locally maintained blacklist blocks about twice as much spam, and our use of sbl.spamhaus.org blocks about five times as much -- but that is biased by the fact that we consult those lists before SPEWS, and there is a good deal of overlap between them.
I would not recommend that ISPs who offer email service to their users use SPEWS by default, though it would be a valuable optional service. The DNSBLs I would recommend everyone use are:
These are all low-to-no-false-positives lists which I feel comfortable recommending to every ISP regardless of its stance on SPEWS.
Re:Spews is NOT the right way to filter e-mail. (Score:2)
If your ISP is listed in SPEWS you need to talk to them about it. They need be informed that either the spammers go or you go. Obviously some ISPs value spammers' business more than that of their legitimate customers. Why would you want to do business with a company with ethics like that anyway?
However I guess I can count on Slashdot to throw their fists in the air when reading about Alan Ralsky then turn around and pay their bandwidth bills to ISPs with the same attitudes as his just because it's "convenient".
Re:Spews is NOT the right way to filter e-mail. (Score:2)
Besides, you're only hiding the problem -- not solving it. See the link in my (one and only) journal entry.
Re:Spews is NOT the right way to filter e-mail. (Score:2)
Let's see...
SPEWSWhom do you trust to be more impartial?
Come on folks, it's no contest.
Re:Spews is NOT the right way to filter e-mail. (Score:2)
If everyone starts using SPEWS and you get blocked because no one wants C&W's traffic, that is NOT their problem and it is not the problem of SPEWS. Call C&W, tell them to stop openly tolerating criminal activity (such as theft of service, trespass to chattel and distributing pornographic material to minors), and then if they clean up their act, SPEWS will delist them.
The alternative is to have hundreds, if not thousands, of individual ISPs run their own private lists. That way, when C&W does finally clean up their act, they have to convince hundreds or thousands of individual people to remove them from the filters -- of course, by this time many of the admins who put the IP there might have moved on or forgotten the reason for the block in the first place. As such, C&W would stay in those hundreds or thousands of those individual blocklists and their netspace would be effectively worthless. Such was the fate of AGIS, who died the death of a thousand cuts, walled off from much of the Internet even when they did finally clean up their act.
And SPEWS does not just block blindly. You're either lying or stupid when you claim that it's just based on who they 'believe' to be spammers. SPEWS keeps documentation for their list entries, and it takes multiple spams and multiple ignored reports to the ISP before the list becomes expanded to include collateral damage.
The only people who complain about SPEWS are spammers and people who are too pig-headed to be bothered to learn how and why it is used.
Re:Spews is NOT the right way to filter e-mail. (Score:2, Interesting)
MailScanner (Score:5, Informative)
I'm Disappointed (Score:4, Insightful)
Also, this new spam program retaliates and the law is very nasty about vigilantism and retaliation, perhaps because it threatens their monopoly. I don't want to see a spammer WIN in court, do you?
Also, program like popfile doe a great job of removing spam.
My advice is to forget kicking the spammers ass and just make their work vanish down a black hole like it will WHEN BAYESIAN TECHNIQUES ARE USED AT THE ISP END hint hint...
Re:I'm Disappointed (Score:2)
Eventually, someone's going to notice all the 550s in the SMTP log and start worrying. Then maybe they'll try to find a better way to run a business.
Re:I'm Disappointed (Score:3, Interesting)
The law has nothing to say over this. I'm at total liberty to block access to my site for whoever i want to block. If i block others in the process then that is their problem solely and not that of the lawmakers. Basicly you're stating that just because i have an email address i am not allowed to decide who may and who may not send me email.
The retaliation you're mentioning is just a message that is being sent back to the spammer who as a result has alot of errormessages in his mailbox, if they used a valid email address that is.
WHEN BAYESIAN TECHNIQUES ARE USED AT THE ISP END hint hint...
Now there's a statement i can live with..
Re:I'm Disappointed (Score:2)
Yes, you are free to block anyone you want at your own site. However, if you operate a service that maintains a list of "known spammers", and people incorrectly listed show you that they are incorrectly listed, and you still won't remove them, you're setting yourself up for libel/slander charges: making statements that are false, with reckless disregard for the truth, that cause financial damage to others.
Now, I'm sure that services with very precise descriptions are safe: for example, a list of open relays with a procedure to get off the list after you show that you no longer have an open relay.
Re:I'm Disappointed (Score:2)
Yes, you are free to block anyone you want at your own site. However, if you operate a service that maintains a list of "known spammers", and people incorrectly listed show you that they are incorrectly listed, and you still won't remove them, you're setting yourself up for libel/slander charges:
However, if you claim that your list contains IP ranges of ISPs that have harbored spammers and that unlisting might not be immediate then that's definitely not libel.
Oh... Wait... that's what SPEWS does! See their webpage.
Let's all click our heels three times and wish that SPEWS' published criteria magically matches whatever we want. Then we can accuse them of libel/slander for not following our fantasy criteria.
Re:I'm Disappointed (Score:2)
Why?
Let's say there are two people: person A and person B. Both have example.com -addresses. A uses his accont only for personal stuff, emailing friends and relatives etc. B uses his account for the same stuff, but additionally subscribes to mailing lists where people send erotic stories.
Now, A starts getting spam "Free herbal viagra", "horny sluts", "get a diploma", and reports these to example.com as being spam. Their bayesian filter learns that words like "horny" and "slut" are very 'spammy', so B's emails from the mailing lists start getting deleted as spam.
If you were B, and your non-spam emails that might look spammy to some, start to disappear, wouldn't you be pissed?
Bayesian filtering is (apparently) very effective in catching spam, but it only works on personal level.
Re:I'm Disappointed (Score:2)
So let's try it THIS way - suppose you're an ISP admin and all - or a large number - of your users all get the sort of same message at sort of the same time.
That's a lot of uncertainty, BUT if Bayesian software can flag that sort of thing, and I think it can, we can build a great tool here.
Re:I'm Disappointed (Score:2)
Use a Teergrube (Score:4, Informative)
rblsmtpd + spamassassin (Score:4, Interesting)
64.70.22.99-outbound1.lamailer.com
209.236.32.
216.19.164.127-127.opti9.com
65.126.119.178
64.201.128.3-netblock-64-201-
66.216.111.187-mail213.rm23.com
63.96.237.154
216.109.73.35-om40.yourmailsoure.com
211.90.19
204.73.107.103-
209.189.49.102-
209.123.1
216.19.163.204-204.sbase30.co
63.70.105.139-ntls1.digitalriver.com
66.197.16
209.47.251.15-smtp5.rapid-e.net
209.236.57
202.103.64.43-
66.216.116.78-mail153.myfunsleuth.com
65.107.19
209.213.210.18-mailer18.labeldaily.com
20
66.216
64.119.213.95-
66.216.107.233-mail233.dealdelivery
Re:rblsmtpd + spamassassin (Score:2)
you should be sending 553 (Score:2, Informative)
on a side note, i would advise against using the spews.org list. it is almost impossible to get off of that list. they recently decided to put a few
in my eyes, using something like sbl.spamhaus.org or/and relays.ordb.org is a much better solution. If you are going to go the DNSBL route, and you should, i would advise you figure out how to run your own DNSBL so you can quickly add and remove hosts that are mailbombing your server.
Re:you should be sending 553 (Score:2)
Also if you want to tie up resource on the sending server use 4xx errors. The email wil sit on the sending server taking up space, and processing time. Which may or may not give you some pleasure. This will cost you in some tiny amount of bandwidth.....
sounds like a smtp proxy (Score:2, Informative)
Interesting, but here's an extra twist (Score:5, Interesting)
But here's a twist to the basic idea:
Given the the email sender is in $BLOCKLIST, have the filter daemon give the 450 response
v... e... r... y...
Combine a teergrube with the 450 response to fill up both their mail spool AND their socket connection table.
(For those who don't know, a teergrube (tarbaby) is a mail server that response slowly to a spammer, the better to tie up his connections).
Now, not only will the open relay's mail queue fill, but it will run out of (file descriptors|sockets) and choke on that too!
Qmail + rblsmtpd has this (Score:2)
Get rid of half your spam (Score:2)
SPEWS Is Not An Open Relays List (Score:3, Interesting)
SPEWS is not a list of open mail relays. SPEWS (Spam Prevention Early Warning System) is a list of "spam sources." Some of those spam sources may be open relays. Some of 'em may be open proxies. Some of 'em may be spammers themselves (e.g.: Topica).
Regarding those that have found yourselves SPEWSed, yet are not, themselves, spammers: I'm sorry you've found yourselves in that situation. But, you see, kinder, gentler methods have been tried for years and have not solved the problem. It only continued to grow worse. And whether you like it or not: SPEWS works. I've never, in all the years I've been battling spam, ever seen ISPs boot spammers off their networks like I have since their netblocks started getting SPEWSed. You blame SPEWS for your problems but the truth of the matter is this: you've chosen to use an irresponsible ISP for your connectivity. If your ISP had been responsive to spam complaints, their netspace wouldn't have gotten SPEWSed.
Note: my personal net space was SPEWSed once. For a short while. But my ISP is a good one. They addressed the problem promptly and got their space delisted.
Re:SPEWS Is Not An Open Relays List (Score:3, Informative)
Re:SPEWS Is Not An Open Relays List (Score:2)
See http://relays.osirusoft.com/faq.html#_Toc53355816
Re:SPEWS Is Not An Open Relays List (Score:2)
That's not quite true. SPEWS publishes a text-based list [spews.org] (warning: 800+ kB) which you can transform with a Perl script into whatever format your mail software needs. What Joe Jared at Osirusoft does is transform this into a DNSBL and make it available at spews.relays.osirusoft.com. This is why technical illiterates often accuse Joe of "being SPEWS" -- he republishes SPEWS' data in its most easily used form, though he doesn't have any editorial control over it.
Re:SPEWS Is Not An Open Relays List (Score:2)
I think that any attempt at legal action against SPEWS would founder on the rocks of the first amendment. The first amendment right of free speech is possibly the one most consistently defended by the courts, particularly the supreme court. It's also a cornerstone of the spammers' defense of their own activities. It would be amusing to see the spammers trying to convince the Supremes that the first amendment protects them, but not SPEWS.
Re:SPEWS Is Not An Open Relays List (Score:2)
SPEWS does not block mail.
ISPs choose to block mail individually, on their own. Some ISPs choose to use one of SPEWS's lists (they keep two, one more 'aggressive' than the other) as a reference for blocking, but SPEWS itself does NOT prevent your mail from reaching its destination.
Anyone who claims otherwise is either ignorant or lying.
Whitelist blocking is the only thing that works (Score:2)
This blocked 100% of the spam period
Speaking of spam (Score:2)
Setup a pop3 server / smtp server so that email can be sent and received.
Filter spam / easily add filters to this pop3 / smtp server on the same box.
Also be able to check OTHER accounts on OTHER pop3 servers, download them, and filter out the same spam / things marked as spam.
Noobie proof is a good thing too.
PS - If BSD does it better then linux, post those tools as well. Maybe make it a chalange to see which OS can do said request better. Could win32 win (heh) ?
it looks like nobody understands the concept here (Score:3, Interesting)
if a signifigant number of people were to employ this, open relays would become crushed and filled with their own load.
Website is hosted by a a spamer Hurricane Electric (Score:3, Insightful)
However, I find it funny (hypercritical) that the weblog is hosted by a ISP that tolerates spam, Hurricane Electric. Specifically:
ultimate solution; bayesian client/server filter (Score:2)
Re:ultimate solution; bayesian client/server filte (Score:2)
Spews is worse than the spammers (Score:2, Flamebait)
Spews is exactly the same.
Spews is worse than the spammers, because at least I can ignore the spammers.
Re:Spews is worse than the spammers (Score:3, Insightful)
>
> Spews is worse than the spammers, because at least I can ignore the spammers.
If you want an effective spam advisory system that actually lists spamhausen, use SPEWS.
SPEWS is better than MAPS, because the spammers discovered they could ignore MAPS.
Re:difference (Score:2, Insightful)
Why drive a Ford when you've already got a Chevy available? It's a matter of choice, preference, features, etc.
Re:SpamAssassin vs Theo's Package (Score:2)
Partial listing:
1, 65.165.237.126, HUFFNAL / underage-girls.net
1, 65.165.238.144, HUFFNAL / home-lolita.net
1, 65.165.235.230, HUFFNAL / mail.webspace4all.net
0, 65.165.239.144, HUFFNAL / dealsonpc.com (listed)
1, 65.165.235.205, HUFFNAL / trust-bill.com
1, 65.165.234.1, HUFFNAL / Spammers Perez/Walls / mortgageleads.tv
1, 65.165.232.0 - 65.165.239.255, HUFFNAL / Todd Spears/Perez/Walls (Sprint)
Looks like a pretty scummy net-neighborhood. If their ISP doesn't want to clean it up, I don't think I'd want any email from them either.
Re:SpamAssassin vs Theo's Package (Score:3, Informative)
Re:difference (Score:4, Interesting)
This is just a lightweight SMTP server which takes over anyone who is SPEWS listed and rejects them. A decent server like Postfix + amavisd & SpamAssassin will already do this with little overhead.
More reinvention of the wheel, I fear.
Re:difference (Score:4, Informative)
Err, SpamAssassin isn't exactly what I'd call "low overhead". While it's pretty good at what it does, it still has potential to slow my 32MB mail server to a crawl unless I tell spamd to process only one message at a time.
And that's only filtering my mail.
Re:difference (Score:2, Informative)
SpamAssassin has to parse the whole message body, so you've already accepted it. I didn't mean to make it look like it was super low overhead with SpamAssassin, I meant that it's low overhead without it, and that with SpamAssassin you can do a lot more.
I oughtta Preview before Send more often. I type too fast and it gets confused
big difference: not just rejecting mail (Score:5, Informative)
This tool is a weapon against open relays. The goal is to fill up the open relay's hard drives by deferring the incoming mail, rather than just rejecting the messages.
Yes, you can do this with other blacklists as well, but nobody seems to be actually doing that.
Re:big difference: not just rejecting mail (Score:3, Interesting)
Our stats, however, show that most spam does not come from open relays any more. With the advent of cheap broadband, I'd say a lot of spam comes directly from DSL or cable-modem machines. Some comes from Web servers with broken formail scripts, and some from legitimate non-open relays that are abused by subscribers. Only the minority comes from open relays nowadays.
Re:difference (Score:5, Informative)
Re:Offending Mail servers ? (Score:2, Informative)
jeez, learn the basics of how email works. If all I had to do to DoS your mail server was send it tons of messages and 450 errors don't you think this would be a HUGE problem?
Re:Back Off (Score:4, Interesting)
No stooping involved (Score:3, Interesting)
I think your sympathy is misplaced due to a lack of understanding of what allows the spammers to keep sending us all of those wonderful offers. If they don't have access to open relays, then they either have to keep moving their spamming servers when accounts are terminated or buy bandwidth off the backbones directly from qwest, AT&T, worldcom, etc... Either way, the spammers costs go up.
Do you feel bad for the people you hear about in the news that get charged with maintaining a dwelling for criminal purposes when they leave an empty house to be over run with drug users? Same principle is involved here.
Re:Just burn down the house.. (Score:2)
They are the ones that are allowing their resources to be misused, I just wouldn't them to pass along the misuse. Are you just dense or are you a spammer trying to defend the undefendable position?
Re:Just Justification of Criminal activities.. (Score:2)
Re:Offending Mail servers ? (Score:2)
Re:difference (Score:5, Interesting)
Can anyone explain why you wouldn't just use SpamAssassin?
Once the spam is in your system then your bandwidth, disk space and other resources have already been consumed by the spammer. This prevents the spam from ever coming into your network and put the burden of the load back on the spammer's shoulders.
Damn fine work.
Re:difference (Score:2, Informative)
Re:SPAM? (Score:3, Insightful)
Spam is annoying, but it isn't that big of a problem that we need Slashdot posts every day about it..
Annoying to the end-user, yes. To an ISP or firm with a large mail server it is more than that. Spam fills disks, uses bandwidth, wastes employees' time, etc etc. This is a super idea.
Re:Let's face it... (Score:2)
Re:Let's face it... (Score:2)
Re:Let's face it... (Score:2)