| View previous topic :: View next topic |
| Author |
Message |
mark_lagace
Tux's lil' helper
Joined: 19 Nov 2002
Posts: 77
Location: Ottawa, Canada
|
 Posted: Wed Aug 11, 2004 7:26 pm Post subject: Spam blocking software |
 |
|
I was wondering if a package existed for Linux / Gentoo Linux that functioned in a manner similar to Choicemail (www.digiportal.com). I have Spamassassin installed and I realize I can set up whitelists and automatically block anything not in the whitelist, but I don't know if I can set it up to auto-reply to blocked messages so that legitimate e-mail not present in my whitelist can make it through.
Mark. |
|
| Back to top |
|
 |
Hrk
Tux's lil' helper
Joined: 24 May 2003
Posts: 90
Location: Rome, Italy
|
| Posted: Wed Aug 11, 2004 8:57 pm Post subject: |
|
|
Hi,
allow me to ask you if you are sure of what ou are doing. You want a kind of spam filter which is plain stupid, which allows emails from known email addresses and blocks emails from everyone else.
Then you want to add an auto-reply to the blocked emails, so that they know thay have been blocked.
Know that this will let spammers know your address is valid, nd they won't stop sending spam.
A better solution would be to use Bayesian filters, like the ones implemented in Mozilla (email client) or Bogofilter (standalone executable to be used together with procmail).
Bayesians filtrs have a true accuracy of 99.99% and are intelligent.
That ChoiceMail has a accuracy of 0% as far as I can tell, since it blocks everything.
If you are interested in what I did, I set up fetchmail (to download mail from the many POP accounts I have) then procmail (to sort the emails into different folders) then bogofilter (which really filters spam before procmail) and then I use dovecot as an IMAP server.
This allows me to have a filtered email which I can check from everywhere in the world. If you don't have this need, you can always run dovecot internally on your computer, blocking external access with IPTABLES. |
|
| Back to top |
|
|
mark_lagace
Tux's lil' helper
Joined: 19 Nov 2002
Posts: 77
Location: Ottawa, Canada
|
| Posted: Thu Aug 12, 2004 1:58 am Post subject: |
|
|
| Hrk wrote: | allow me to ask you if you are sure of what ou are doing. You want a kind of spam filter which is plain stupid, which allows emails from known email addresses and blocks emails from everyone else.
Then you want to add an auto-reply to the blocked emails, so that they know thay have been blocked |
Correct! 
With the caveat that the message informing them that the message has been blocked provides a means of 'unblocking' them.
I understand your arguments, and I do use spamassassin which is very effective at tagging most of the junk mail (which I then filter off into a separate inboxes using procmail). The problem is, it's not, and will never be perfect at eliminating ALL junk mail. Spam e-mail messages still trickle through by various means including strings of random words, mispelled words, or simply by writing the e-mail to appear like a professional letter.
I have a young son that will eventually get an e-mail address of his own, and I would prefer to NEVER have him receive potentially offensive spam e-mail. To set the cut-off levels high enough to catch ALL spam with spamassassin would result in many legitimate e-mails being tagged as spam.
By blocking ALL incoming messages obviously nothing unsolicited can be received. This is not a completely viable option though, since nobody is perfect at keeping their whitelists 100% up to date. Thus, there has to be a means for a legitimate e-mail'er to let you know that he/she has been blocked. There are 4 situations that can come up:
- You receive a spam e-mail without a valid (monitored) return address. In this case, the spam e-mail is simply dropped and you never have to worry about it. I would argue that nearly ALL spam has an invalid return address - spammers aren't looking for a reply to their e-mail, they are hoping you'll read the message and click on the appropriate links to buy their products.
- You receive a spam e-mail WITH a valid return address. In this case, you've just confirmed to the spammer that your address is real. Unfortunately, so has he. It's pretty simple to toss his/her e-mail address into a blacklist and you'll only have to deal with it once. It is conceivable that the spammer would then use a new e-mail address to bypass the blacklist, but in every case he/she would have to go through the whole process of responding to the mail filter's confirmation message. Spam works because it hits 1000s of e-mail addresses with little to no effort on the part of the spammer. Requiring a lot of effort to get the message through just isn't worth it for a spammer.
- You receive a legitimate e-mail with a valid return address. In this case, the sender is required to send a second message (or click on an appropriate link etc. etc.). Once you receive the confirmation, you can then add them to the whitelist and not have any further problems for that person to send you e-mail.
- You receive a legitimate e-mail WITHOUT a valid (monitored) return address. Examples of this might be password reminders from web pages, mailing lists, etc. In this case, you would need to ensure the senders are in the whitelist. Since all legitimate e-mail of this type is, by definition, 'solicited' it shouldn't be a problem to make sure the whitelist is updated before you sign up for that mailing list etc.
Ideally what I would like is a system that implements the following:
- A dumb filter, that blocks all incoming mail that doesn't match a whitelist.
- It would store the blocked mail for a fixed period of time (1 week? 1 month?) and would send an auto reply to the sender.
- The autoreply would provide a means for the sender to reply to let me know that their message is NOT spam. This could be in the form of a reply to a separate e-mail address or a web page link.
- If a reply goes to the 'confirmation' e-mail address or web link, then the original message would get delivered, and possibly the sender's e-mail address added automatically to the whitelist.
- To reduce the amount of 'auto-reply' messages that get send out, it would be nice to autogenerate a blacklist so that repeat spammers don't cause you to send out auto-replies repeatedly.
|
|
| Back to top |
|
|
Nossie
Apprentice
Joined: 19 Apr 2002
Posts: 181
|
| Posted: Thu Aug 12, 2004 6:47 am Post subject: |
|
|
I have been running spamassassin for a long time now, and as far as i know (i make automatic backups of all accepted and blocked mails) i have never tagged a regular message as spam.
I have had no spam messages get through as 'clean' mail.
I did have a couple of messages tagged as spam, but accepted anyway, this is something that you can configure in spamassassin (low spam scores get accepted).
Especially since spamassassin has a Bayesian filter the false negatives and 'accepted spam' have dropped to almost null.
I have spamassassin running on a mail server with ~20 users, so it is not a very heavy traffic server.
Part of the secret to fighting spam is a good setup of your mail server. You have to verify the sender and recipient address before accepting a mail and scanning and delivering it, this will terminate 80% of the spam because most spam have fake return addresses and false sending servers.
Nossie |
|
| Back to top |
|
|
DaveArb
Guru
Joined: 29 Apr 2004
Posts: 510
Location: Texas, USA
|
| Posted: Thu Aug 12, 2004 1:31 pm Post subject: |
|
|
I believe you are describing "Challenge/Response". It is very controversial, because it -generates- spam itself.
Scenario:
Spammer sends you a message. He doesn't use his own address for a return, he forges my domain, maybe even using a valid address.
Your C/R system generates a challenge for it, and it comes to me. I didn't send the original message, but now I have to look at it too.
One or two things happen.
1) If I'm in a particular mood, I reply to the challenge so you can also enjoy the spam that you inflicted upon me.
2) Regardless of mood, I block your mail server's IP from sending to my MTA.
Dave |
|
| Back to top |
|
|
Nossie
Apprentice
Joined: 19 Apr 2002
Posts: 181
|
| Posted: Thu Aug 12, 2004 4:29 pm Post subject: |
|
|
No, what I mean is the (for instance) the 'verify = sender' option you can put in your exim 'acl_check_rcpt' acl (in the main exim config file).
Exim checks if the sending domain exists, if it does, it accepts the message for futher processing, if not, the message is refused. This will not cause any extra traffic (a bounce message would not reach anyone, because the domain doesn't exist).
'verify = recipient' is an other story, if a local recipient does not exist, a bounce message is sent to the sending address, but this is normal behaviour for a mailserver as far as I know. |
|
| Back to top |
|
|
DaveArb
Guru
Joined: 29 Apr 2004
Posts: 510
Location: Texas, USA
|
| Posted: Thu Aug 12, 2004 5:14 pm Post subject: |
|
|
| Nossie wrote: | | No, what I mean is |
...
Nossie, if you are replying to me, you should know that I was replying to the original poster. This forum software lacks a "replying to" function...
Dave |
|
| Back to top |
|
|
Nossie
Apprentice
Joined: 19 Apr 2002
Posts: 181
|
| Posted: Fri Aug 13, 2004 9:17 am Post subject: |
|
|
| DaveArb wrote: | | Nossie wrote: | | No, what I mean is |
...
Nossie, if you are replying to me, you should know that I was replying to the original poster. This forum software lacks a "replying to" function...
Dave |
Uhhmm, so that's what that button is for...  |
|
| Back to top |
|
|
mark_lagace
Tux's lil' helper
Joined: 19 Nov 2002
Posts: 77
Location: Ottawa, Canada
|
| Posted: Fri Aug 13, 2004 1:08 pm Post subject: |
|
|
| DaveArb wrote: | I believe you are describing "Challenge/Response". It is very controversial, because it -generates- spam itself.
Scenario:
Spammer sends you a message. He doesn't use his own address for a return, he forges my domain, maybe even using a valid address.
Your C/R system generates a challenge for it, and it comes to me. |
I guess I overlooked the ease with which a malicious user could abuse the system to send 'challenges' off to people they want to annoy. While I doubt many spammers would be bothered (since the challenge that gets sent out would NOT include the original 'spam' and thus would be of no use to the spammer), someone with a grudge could hunt for enough computers with C/R systems running and send them all email with forged return addresses to piss someone off.
That being said, I'm still looking for a system that will ensure that my son never receives unsolicited e-mail. Is it possible to have something like spamassassin or procmail allow known good e-mails through (e.g. whitelist), but then redirect anything not in the whitelist to a separate e-mail account (e.g. mine) to allow me to prescreen unknown e-mails coming in? |
|
| Back to top |
|
|
DaveArb
Guru
Joined: 29 Apr 2004
Posts: 510
Location: Texas, USA
|
| Posted: Fri Aug 13, 2004 2:29 pm Post subject: |
|
|
I'm a corporate mail admin (and lucky that my daughter was old enough when email became popular for this to not be a huge problem), so I've never really looked into a system like you ask for. Some thoughts...
1) Your original question asked for a method to send a custom response for a reject. This is completely easy, at least in Sendmail. The argument about confirming an address to a spammer I disagree with, because I don't believe spammers spend even a microsecond looking at the thousands of reject messages their systems receive.
2) I'm not much at Procmail, but would be surprised if it would not be able to handle the rewriting you ask for, for addresses not in a whitelist. I suspect Sendmail or Sendmail-milter would do it also, but it isn't so popular for home users where this would be desirable.
If no one else jumps up with a Procmail answer, perhaps I'll look into it. It is a neat idea for the situation you describe.
Dave
Steadfastly refusing to use "quote" to respond to the OP, until I actually wish to quote him...  |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
