[ILUG] Spam and more spam
rick at linuxmafia.com
Wed Mar 3 18:49:39 GMT 2004
Quoting Philip Reynolds (philip.reynolds at rfc-networks.ie):
> I'm sorry, this is one particular area where I've done quite a bit
> of research.
I'm glad to hear that. But I'm not sure you're reading attentiveness
is at the same level as your research skills, as we shall see below.
> Content scanning at the SMTP level on large production
> machines will (for want of a better phrase) bite you in the ass with
Although interesting, this appears to be a mild change of subject, since
(as I've already mentioned) almost all junkmail has already been
discarded before "content scanning" (SA during SMTP, in my case) is
applied at all. Thus, I would already be massively ahead of the game --
compared to traditional SMTPd configurations -- if I were to disable
spamicity testing entirely.
Since that was my main point, since I have stressed that repeatedly, and
since you've chosen to ignore it, I can only assume that your listening
skills are somewhat on holiday. Not a huge problem: We all have that
happen from time to time.
> Is your mailserver serving 100,000+ mails a day? No? Then
> you probably won't have a problem, until a spammer gets hold of you
> and you get joe-jobbed, relay bombed or dictionary attacked.
Young man, my SMTP hosts have been joe-jobbed, dictionary attacked, and
just about everything else by spammers: Having been one of the NANAE
activists targeted in the Joe's Cyberpost / Joe Doll / Yuri Rutman
incident, I even know where the term "joe-jobbed" _came_ from, having
been in the thick of that case at the time.
Respect your elders, please. ;->
> How Exim works, I'm unaware, I don't know it's internal
> architecture. I'm aware how to configure it to work, and not much
> more. What I do know is this, Postfix scales better under load,
> that's from my own personal experience with Postfix and Exim and the
> testimonies of numerous people.
Surprisingly given its monolithic architecture, I've been hearing (from
people I actually respect, as opposed to them being merely numerous)
that Postfix's scaling is noticably better at very high load levels, but
not dramatically so. (Vide: "MTAs" on http://linuxmafia.com/kb/Mail ).
As I've said, I respect Postfix highly. I have no special loyalty to
Exim, but just find some aspects of it to be a happy accident. Other
things being equal, Postfix's modular nature has obvious security
advantages (in theory, at least).
> Postfix can reject mail based on practically any circumstance, now
> the policy daemon has been introduced, but it has native support for
> access maps, RBL's, header_checks and plenty of other sanity checks
> that allows it to reject at SMTP level. Scanning of content (i.e.
> spam filtering, virus scanning) should be done AFTER the e-mail is
Regardless of one's view on the latter issue, I'm delighted to hear that
the rest is now within reach for Postfix admins. Now, if only someone
would construct a prepackaged configuration of checks that is as useful
and effective as sa-exim.
> Accept mail, scan it then bounce it. I won't bother repeating myself
Bouncing mail you know is 99.9% certain to have a forged sender is
unethical as well as stupid. I won't bother to repeat myself, any more.
Cheers, Founding member of the Hyphenation Society, a grassroots-based,
Rick Moen not-for-profit, locally-owned-and-operated, cooperatively-managed,
rick at linuxmafia.com modern-American-English-usage-improvement association.
More information about the ILUG