[ILUG] Spam and more spam

Rick Moen rick at linuxmafia.com
Wed Mar 3 18:49:39 GMT 2004 

Quoting Philip Reynolds (philip.reynolds at rfc-networks.ie):

> I'm sorry, this is one particular area where I've done quite a bit
> of research.

I'm glad to hear that.  But I'm not sure you're reading attentiveness
is at the same level as your research skills, as we shall see below.

> Content scanning at the SMTP level on large production
> machines will (for want of a better phrase) bite you in the ass with
> Postfix.

Although interesting, this appears to be a mild change of subject, since
(as I've already mentioned) almost all junkmail has already been
discarded before "content scanning" (SA during SMTP, in my case) is
applied at all.  Thus, I would already be massively ahead of the game --
compared to traditional SMTPd configurations -- if I were to disable
spamicity testing entirely.

Since that was my main point, since I have stressed that repeatedly, and
since you've chosen to ignore it, I can only assume that your listening
skills are somewhat on holiday.  Not a huge problem:  We all have that
happen from time to time.

> Is your mailserver serving 100,000+ mails a day? No? Then
> you probably won't have a problem, until a spammer gets hold of you
> and you get joe-jobbed, relay bombed or dictionary attacked.

Young man, my SMTP hosts have been joe-jobbed, dictionary attacked, and 
just about everything else by spammers:  Having been one of the NANAE 
activists targeted in the Joe's Cyberpost / Joe Doll / Yuri Rutman
incident, I even know where the term "joe-jobbed" _came_ from, having
been in the thick of that case at the time.

Respect your elders, please.  ;->

> How Exim works, I'm unaware, I don't know it's internal
> architecture. I'm aware how to configure it to work, and not much
> more. What I do know is this, Postfix scales better under load,
> that's from my own personal experience with Postfix and Exim and the
> testimonies of numerous people.

Surprisingly given its monolithic architecture, I've been hearing (from
people I actually respect, as opposed to them being merely numerous)
that Postfix's scaling is noticably better at very high load levels, but
not dramatically so.  (Vide:  "MTAs" on http://linuxmafia.com/kb/Mail ).

As I've said, I respect Postfix highly.  I have no special loyalty to
Exim, but just find some aspects of it to be a happy accident.  Other
things being equal, Postfix's modular nature has obvious security
advantages (in theory, at least).

> Postfix can reject mail based on practically any circumstance, now
> the policy daemon has been introduced, but it has native support for
> access maps, RBL's, header_checks and plenty of other sanity checks
> that allows it to reject at SMTP level. Scanning of content (i.e.
> spam filtering, virus scanning) should be done AFTER the e-mail is
> accepted. 

Regardless of one's view on the latter issue, I'm delighted to hear that
the rest is now within reach for Postfix admins.  Now, if only someone
would construct a prepackaged configuration of checks that is as useful
and effective as sa-exim.  

> Accept mail, scan it then bounce it. I won't bother repeating myself
> anymore. 

Bouncing mail you know is 99.9% certain to have a forged sender is
unethical as well as stupid.  I won't bother to repeat myself, any more.

-- 
Cheers,     Founding member of the Hyphenation Society, a grassroots-based, 
Rick Moen   not-for-profit, locally-owned-and-operated, cooperatively-managed,
rick at linuxmafia.com     modern-American-English-usage-improvement association.

More information about the ILUG mailing list