The only way to catch and stop spammers is with horsepower and proactive mail policies. Sendmail is capable of being configured in a rigid manner and filters put in place, the problem is that most system hacks are not capable enough to manage the overhead of enforcing a filtration rule on each piece of mail because of the complexity. What's needed is a turn-key solution really. Non of us want to have to play with email gateways and reception agents if we don't have to (well ok, so its only most of us...). For instance, we got a boatload of bad email last week locally at one of the local SF Bay Area University's I do work with, and our entire email gateway was shutdown dealing with actively filtering 3000 emails that had a contaminated attachment. The problem with email filters is that they are not smart. The cant tell you when they see 5 pieces of email that all have a bad return or source address/name and that have a contaminated attachment, that all came from the same place that they should create and manage their own little blacklist file... I also suggest that running sendmail on a single host is a mistake or any mail system for that matter. I have ours setup on a reception agent system which timestamps and logs all the email into a queue. The queue has a stand-alone engine that qualifies each piece of email and checks any attachments for evilness. Each stage also sends a response to the sender acknowledging receipt if "Receipts are requested" and the whole system works pretty well. The whole system cost less than 15K to put in place and is essentially 5 different computers all of which happen to be implemented on a SBC we have so the entire system fits into a single PCI based computer's footprint. If anyone is interested in the exact setup - email me offlist and we can continue this conversation. Todd Glassey, CTO ServerWerks Inc. http://www.serverwerks.cc ----- Original Message ----- From: <measl@mfn.org> To: "Forrest W. Christian" <forrestc@imach.com> Cc: "Eric A. Hall" <ehall@ehsco.com>; <nanog@nanog.org> Sent: Saturday, May 04, 2002 4:33 PM Subject: Re: anybody else been spammed by "no-ip.com" yet?
On Sat, 4 May 2002, Forrest W. Christian wrote:
We're trying to discourage bulk emailers, not individuals.
Then the way to do this is to make the cost of sending mass mail more expensive than sending only a few here and there. In short, we need a way
prevent the use of the $19.95 throw-away account that is used to send the vast majority of spam. Let's face it, only the biggest of the hardcore spammers are willing to pay out for dedicated lines.
How about something along the lines of dial accounts having their outgoing SMTP connections rate limited to, oh, let's say 100 per day, and limiting
to the
maximum number of recipients on any given email to some low number, say 5?
A customer reaches the limit, the account auto-rejects all email for 24 hours.
Someone bitches? Let them buy full rate dedicated services, with the first month, last month, and a security deposit up front before service is established.
-- Yours, J.A. Terranson sysadmin@mfn.org
If Governments really want us to behave like civilized human beings, they should give serious consideration towards setting a better example: Ruling by force, rather than consensus; the unrestrained application of unjust laws (which the victim-populations were never allowed input on in the first place); the State policy of justice only for the rich and elected; the intentional abuse and occassionally destruction of entire populations merely to distract an already apathetic and numb electorate... This type of demogoguery must surely wipe out the fascist United States as surely as it wiped out the fascist Union of Soviet Socialist Republics.
The views expressed here are mine, and NOT those of my employers, associates, or others. Besides, if it *were* the opinion of all of those people, I doubt there would be a problem to bitch about in the first place... --------------------------------------------------------------------