[kwlug disc.] Greylisting for spam purposes

Cedric Puddy cedric at thinkers.org
Fri Dec 29 17:00:00 EST 2006 

Various comments on Postini/mail filtering below.
-C

On 1-Dec-06, at 10:04 AM, Rashkae wrote:

> On Thu, Nov 30, 2006 at 06:40:49PM -0500, Unsolicited at gto.net wrote:
>> Seems like at some point more resources are going to be spent  
>> fighting spam
>> than there is value in e-mail.
>>
>> OK, that's ridiculous, even to me - we're already well beyond that  
>> point.
>>
>> So what are some sanity solutions (particularly for a 'private  
>> person')?
>> - don't accept non-North American / non-English e-mail, based on IP?
>> - Only accept mail from known senders? (I guess this is already  
>> being done
>> via blacklisting mail senders.)
>> - Why is the Canadian / U.S. / North American legal world not  
>> cracking down?
>> ISPs won't accept responsibility for cutting off clients? (I get,  
>> and agree,
>> that ISPs are not responsible for the content that flows through  
>> their
>> wires.)
>> - Disagreement as to what constitutes 'spam'?
>
> I find the easiest way to deal with spam is to just let the filters  
> on Thunderbird take care of it.. However, that's not a good  
> solution for people connected over a slow link (dial-up or  
> satelite), or who receive e-mail to a remote device, (like a  
> Blackberry)
>
> One of the best spam filtering solutions out there that I've come  
> across (that doesn't involve configuring your own spam filtering  
> server.) is Postini.  They offer a managed spam filtering service,  
> that doesn't employ ip blacklist filtering, but scans all messages  
> to identify spam.  It's very accurate and has low false positives.   
> All spams are held quarantined on the postini server, which allows  
> the user to log in and find a trapped message if it was filtered in  
> error, and also allows the user to define their own personal  
> whitelist.

>  Unfortunately, Postini themselves won't talk to you if you have  
> less than 100 e-mail accounts, so you need to find an ISP that will  
> host your e-mail accounts for you.  The only one in my local area I  
> know of is BMTS (bmts.com).  One idea that I was toying with for  
> some of our users that need spam filtering is to create a little  
> mail loop, so all incoming email to user at tigershaunt.com would be  
> forwarded to some-account at bmts.com, which itself is set to forward  
> back to a secret user-filtered at tigershaunt.com e-mail address.

Just wanted to comment on this myself -- Postini is what we use at  
CCj (we're definately large enough to get Postini to talk to us).  We  
went to the externally-managed solution because it took the load on  
our severs back down into the realm of sanity, without us having to  
make any big changes.  The service works nicely, and it's been a boon  
to our users, and has required little-to-none of my time to maintain.

We offer it in general, and have various loop-through set-ups that  
we've done in order to get mail filtered for users (there are some  
that just have one or two mailboxes with us for that exact kind of  
purpose).  Postini has some rules about circumstances in which I  
can't put your mail server behind the system, so there are some cases  
where I can't sell it, or where it would need to be combined with ISP/ 
consulting services to make it appropriate.  (Postini, as you'd  
imagine, wants to block against being undercut by their own resellers).

I've got some users that I have fetchmail grabbing their mail from  
Rogers/whatever, and bouncing it into their mailbox with us, for  
example.  Works fine -- Postini keeps pointing out that my aux  
mailserver (the one running fetchmail) is a big spam lord boxen, but  
doesn't blacklist it completely (eg: it still evaluates each message  
on it merits :)

The downside is that the with Postini, the filter really is a big  
black box.  Yes, it has an API of sorts, and lots of configuration  
items that allow you to smoothly integrate it into just about  
anything, and a pretty good support team, but it's not really the  
right solution for someone who **has** to know every nut and bolt of  
the operation.

The upside is that, for us, it takes ~3,000,000 message delivery  
attempts per Month (~50 Gb of data in those messages), and turns it  
into just 200,000 message deliveries (about 15Gb of data delivered).   
That's more than a full order of magnitude of traffic that my  
mailservers *never* even see, bandwidth that's available for serving  
up web pages, etc (granted 35 Gb of transfer is a drop in the bucket,  
given that we move about 4 Tb/mo, but hey, the computer game is all  
about details!).

Our mail servers, at this instant, are perfectly cool with 200k  
messages/mo, but they'd be crushed by 3,000k mostly bogus messages --  
the real win with Postini/outsourced spam solutions is that mail  
volume goes up proportional with the size/activity of the customer  
base -- not proportional to whatever craziness the spammers decide to  
inflict on the internet this month.

Anyway, if anyone is interested in the details of running with it, or  
wants to compare what I'm doing to how filter X does something, wants  
to play with it, whatever, I'd be happy to facilitate/help.

-Cedric

|  CCj/ClearLine - Unix/NT Administration and TCP/IP Network Services
|  118 Louisa Street, Kitchener, Ontario, N2H 5M3, 519-489-0478
\________________________________________________________
    Cedric Puddy, IS Director            cedric at thinkers.org
      PGP Key Available at:              http://www.thinkers.org/cedric

More information about the KWLUG-Disc mailing list