Re: [Asrg] [ASRG] SMTP pull anyone?
Rich Kulawiec <rsk@gsp.org> Tue, 18 August 2009 02:09 UTC
Return-Path: <rsk@gsp.org>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6605B3A697E for <asrg@core3.amsl.com>; Mon, 17 Aug 2009 19:09:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D19-vrIcwqmh for <asrg@core3.amsl.com>; Mon, 17 Aug 2009 19:09:56 -0700 (PDT)
Received: from taos.firemountain.net (taos.firemountain.net [207.114.3.54]) by core3.amsl.com (Postfix) with ESMTP id 5202D28C1A0 for <asrg@irtf.org>; Mon, 17 Aug 2009 19:09:55 -0700 (PDT)
Received: from squonk.gsp.org (bltmd-207.114.25.206.dsl.charm.net [207.114.25.206]) by taos.firemountain.net (8.14.1/8.14.1) with ESMTP id n7I29vqr020318 for <asrg@irtf.org>; Mon, 17 Aug 2009 22:09:59 -0400 (EDT)
Received: from avatar.gsp.org (avatar.gsp.org [192.168.0.11]) by squonk.gsp.org (8.14.1/8.14.1) with ESMTP id n7I22N1l023007 for <asrg@irtf.org>; Mon, 17 Aug 2009 22:02:23 -0400 (EDT)
Received: from avatar.gsp.org (localhost [127.0.0.1]) by avatar.gsp.org (8.14.3/8.14.3/Debian-4) with ESMTP id n7I29qrq031118 for <asrg@irtf.org>; Mon, 17 Aug 2009 22:09:52 -0400
Received: (from rsk@localhost) by avatar.gsp.org (8.14.3/8.14.3/Submit) id n7I29qQK031117 for asrg@irtf.org; Mon, 17 Aug 2009 22:09:52 -0400
Date: Mon, 17 Aug 2009 22:09:52 -0400
From: Rich Kulawiec <rsk@gsp.org>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Message-ID: <20090818020952.GA30677@gsp.org>
References: <922a897b0908170253k60c0d57dh5e593c78f9137fab@mail.gmail.com> <20090817144450.GA22048@gsp.org> <4A898440.6080006@mail-abuse.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <4A898440.6080006@mail-abuse.org>
User-Agent: Mutt/1.5.18 (2008-05-17)
Subject: Re: [Asrg] [ASRG] SMTP pull anyone?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Aug 2009 02:09:57 -0000
On Mon, Aug 17, 2009 at 09:24:32AM -0700, Douglas Otis wrote: > Could you provide a brief outline regarding what constitutes an > efficient anti-spam solution? Sure. In brief (really brief!) and in (rough) order of application and increasing resource cost: Spamhaus DROP list on perimeter routers/firewalls Consider IDP list on perimeter routers/firewalls Use firewall rulesets per-country, see ipdeny.com *or* if possible, use default-deny and grant access per-country Use multiline SMTP greeting (defeats some zombies) Use "greetpause" or equivalent (defeats some zombies) Enforce DNS/rDNS existence/consistency checks on hostname, MX records and HELO parameter; defer/reject as appropriate Blacklist known virus/ratware senders, e.g. "big@boss.com". Faster than running through an AV check Permanently blacklist known phisher domains. Even if acquired by legit companies will never be used. Consider blacklisting spammer-infested/useless TLDs (e.g., .info, .mobi) with whitelisting as needed, if needed Permanently blacklist known spammer domains (e.g. Joe Wein's list) Permanently blacklist any "snowshoe" domain/domain group on sight Blacklist any "snowshoe" network range on sight Use enemieslist or other similar rDNS-based blocks on end-user/dynamic names Use Spamhaus Zen DNSBL Use other DNSBLs/RHSBLs as appropriate Throttle connections with excessive attempts/deliveries to nonexistent users/etc. Obviously, the choice of which ones, in which order, with which configuration, depends on mail system administrator knowledge of local mail patterns. Everyone should analyze their own logs to gain that knowledge. And some of these are no-brainers no matter what those patterns are, e.g., DROP list, DNS/rDNS checks, Spamhaus Zen, etc. And I've probably omitted some by doing this off the top of my head. On a Monday. ;-) ---Rsk
- Re: [Asrg] SMTP pull anyone? John Levine
- Re: [Asrg] [ASRG] SMTP pull anyone? John Levine
- Re: [Asrg] [ASRG] SMTP pull anyone? Steve Atkins
- [Asrg] SMTP pull anyone? Ravi shankar
- Re: [Asrg] SMTP pull anyone? Bill Cole
- Re: [Asrg] SMTP pull anyone? mathew
- Re: [Asrg] SMTP pull anyone? Dave CROCKER
- Re: [Asrg] SMTP pull anyone? John Levine
- [Asrg] [ASRG] SMTP pull anyone? Ravi shankar
- Re: [Asrg] SMTP pull anyone? Ian Eiloart
- Re: [Asrg] [ASRG] SMTP pull anyone? John Levine
- Re: [Asrg] [ASRG] SMTP pull anyone? Rich Kulawiec
- Re: [Asrg] [ASRG] SMTP pull anyone? Douglas Otis
- Re: [Asrg] SMTP pull anyone? Michael Thomas
- Re: [Asrg] SMTP pull anyone? Douglas Otis
- Re: [Asrg] [ASRG] SMTP pull anyone? Ravi shankar
- Re: [Asrg] [ASRG] SMTP pull anyone? Rich Kulawiec
- Re: [Asrg] [ASRG] SMTP pull anyone? Alessandro Vesely
- Re: [Asrg] SMTP pull anyone? Alessandro Vesely
- Re: [Asrg] SMTP pull anyone? Dave CROCKER
- Re: [Asrg] [ASRG] SMTP pull anyone? Bill Cole
- Re: [Asrg] SMTP pull anyone? Bart Schaefer
- Re: [Asrg] [ASRG] SMTP pull anyone? Douglas Otis
- Re: [Asrg] [ASRG] SMTP pull anyone? Chris Lewis
- Re: [Asrg] [ASRG] SMTP pull anyone? Dave CROCKER
- Re: [Asrg] [ASRG] SMTP pull anyone? Douglas Otis
- Re: [Asrg] [ASRG] SMTP pull anyone? Chris Lewis
- Re: [Asrg] [ASRG] SMTP pull anyone? Jeff Macdonald
- Re: [Asrg] [ASRG] SMTP pull anyone? John Levine
- Re: [Asrg] [ASRG] SMTP pull anyone? Douglas Otis
- Re: [Asrg] [ASRG] SMTP pull anyone? Daniel Feenberg
- Re: [Asrg] [ASRG] SMTP pull anyone? Graeme Fowler
- Re: [Asrg] [ASRG] SMTP pull anyone? Rich Kulawiec
- Re: [Asrg] [ASRG] SMTP pull anyone? Jeff Macdonald
- Re: [Asrg] [ASRG] SMTP pull anyone? Steve Atkins
- Re: [Asrg] [ASRG] SMTP pull anyone? Chris Lewis
- Re: [Asrg] [ASRG] SMTP pull anyone? Alessandro Vesely
- Re: [Asrg] [ASRG] SMTP pull anyone? Tim Chown
- Re: [Asrg] [ASRG] SMTP pull anyone? Rich Kulawiec
- Re: [Asrg] [ASRG] SMTP pull anyone? Douglas Otis
- Re: [Asrg] [ASRG] SMTP pull anyone? Daniel Feenberg
- Re: [Asrg] [ASRG] SMTP pull anyone? Douglas Otis