On Tuesday 20 October 2009, Ted Mittelstaedt wrote: >Gene Heskett wrote: >> On Tuesday 20 October 2009, Ted Mittelstaedt wrote: >>> Gene Heskett wrote: >> >> [...] >> >>> Since your not the recipient mailserver, (your upstream server is) and >>> I presume that your upstream is NOT running SA or doing any filtering >>> (otherwise you are effectively wearing 2 condoms, on on top of the >>> other, and wasting a lot of CPU on your system scanning mail that has >>> been scanned already) you are effectively telling the spammers that they >>> have a valid e-mail box and encouraging more spam. >> >> They are running a spam filter, some sort of am M$ thing that still lets >> about 1 to 2 thousand a week through. Gmails is far better than >> verizons, but I have NDI what they are running for a filter. The tv >> stations server used to produce 10,000 a week, but is getting better, now >> maybe 50/wk. >> >>> If you have control of the destination IP address the spammers are >>> sending spam to, (the upstream) you can configure your MTA to issue an >>> error 550 then disconnect when a source IP address on an Internet >>> blacklist attempts to pass you mail. >> >> I can't do that, I'm just pulling whats they miss with fetchmail. > >Sure you can, register your own domain name, get a static IP address, >setup your own mailserver. Lots of people do.
At how much annual cost for that, remembering that I am 75 with little outside income over and above SS for the two of us, and PEIA from the wife's 34 years of teaching elementary music in the local school system. >>> Not only does that save your >>> bandwidth but if the spammer is relaying spams through an open >>> mailserver, that will cause the compromised sending mailserver to bounce >>> the relayed spam to it's administrator's mailbox (assuming that it's >>> properly configured) which might ring the clue phone of the >>> administrator managing the compromised mailserver, or if that doesn't >>> work possibly consume all free disk space on the compromised server, >>> thus causing it to crash and cease being a nuisance to the rest of >>> us on the Internet. >> >> Verizon has such a compromised server right now, and I have sent several >> samples of the bogus messages it is sending me 20x a day of, for over a >> week now, no response and no change. As long as it makes vz money, they >> don't care. If there was another provider in my area, I'd be gone in a >> heartbeat. Cable might work, but they want 2x more a month and always >> have. > >Verizon what? fios? DSL? DSL. > >dydns.org lets you put your dynamic IP on a domain if you are too cheap >to get a static IP address. I already do that for my web page: <http://gene.homelinux.net:85/gene> >You can also contract with any other ISP on the Internet that -is- >running SA to relay inbound mail for you. Again, raising the nominally $34/mo its costing me for the dsl circuit. >>> SA is useful dealing with the spams that make it past the blacklist, >>> or spams coming from the few servers out there which are legitimate >>> mail senders but are also blacklisted since they send spams as >>> well - and so you have to put them in an exception list and allow them >>> to send their mixed ham and spam to you. >> >> And its useful to me, causing about 1.5K of these mails to be sent to >> /dev/null a week. AFAIK I have no bandwidth cap, so if vz wants to waste >> their bandwidth handling such crap, it no longer bothers me to /dev/null >> 750 or more bigger penis adds a week along with another 500 phishing >> scams, and of course maybe 250 419's. > >Fine - although nobody behind a mailserver that uses blacklists will get >that many spams, not even a tenth of that many. Teach verizon, but it will take a far bigger cluebat than I can swing. >>> But whenever practical you want to not even receive those spams in >>> the first place. Why devote CPU time to scanning them when you already >>> know the sending IP is a spam source? >> >> As a pop3 puller only, I have no control over what is placed in my >> mailbox at vz. > >Your choosing to be a pop3 puller. True, using the existing facilities. Without additional cost. >>>> I would submit that the innate fear of a text editor to be used to >>>> configure this stuff is a much larger reason a lot of people use a >>>> webmailer at their ISP. >>> >>> I would submit that your goofy structuring of your mailstream is >>> causing you to receive thousands of spams which your SA install is >>> then deleting, generating reports of how effective it is, and making >>> you feel like your winning the war against the spammers. ;-) >> >> Nope, its already, except for the address alias the compromised vz server >> is sending to, already been through the filtration of the ISP, this is >> what gets by them. >> >>>> The question then is how do we convince them its ok to set options in a >>>> text file instead of a web page controlled by the ISP, where you have >>>> to click past 3 web spams per message before you can actually see the >>>> message? >>> >>> The question is how do we educate all would-be SA users in best >>> anti-spam practices, and how to get the most mileage out of SA? >> >> I think we do, as its a target that can visibly move in 1 hours time >> based on what we say right here on this list. Remember that whoever >> invents the better mousetrap is in the long run, responsible for making a >> better mouse. >> >>> Ted >> >> Thanks Ted, hopefully my explanations will clarify my reasons. > >They do, basically for whatever reason your bound and determined to hold >on to your gene.hesk...@verizon.net e-mail address instead of >registering a domain and creating an e-mail address like g...@heskett.us >or some such. See cost comments above. I am not poor, but it I bought every $5 month or $50 a year gizmo, I could see the balance beginning to go down, where now it goes up slowly and we can occasionally afford a better toy. >I think more than ever your response shows exactly why SA is viewed as >a server thing, and the fetchmail/pop3 thing is so seldom used today. >Your spam numbers are insane. 20k a day for a single mailbox? Insanity! Where did I say 20k except possibly in jest? I feed about 10 to sa-learn a day here, all that handled by a script I wrote, fired by cron. All I have to do is drag & drop it into the spam older and eventually I can forget it. Considering I'm on 40 mailing lists, one of which is lkml, and the traffic is around 600/day of good mail, 10 bad ones isn't doing too bad IMO. The procmail.log was rotated Sunday morning I think: [r...@coyote bin]# grep "Folder: /dev/null" /var/log/procmail.log |wc -l 439 So that is about what a Tuesday tally would look like. >My posting address is t...@toybox.placo.com, google that address you >will get around 88 thousand hits, the reason why is that I have used >that address as my posting address for the last 10 years or so for >mailing lists and usenet. That address is so ridiculously easy to find >that an amateur spammer first setting up a list would have to work HARD >to NOT have it. I figure I might have a similar hit level. 219 thousand and change TBE. :-) On verizon. Gmail is 21k, but only 69 at the tv station address. I don't post through that server very often, and qmail wouldn't let me post from an outside address until about 2 years ago so that bucket hasn't had time to even get its bottom wet. >Yet, I only get about 15-30 spams A DAY in that mailbox. That box is >on my own server that is on the public Internet and there is no >filtering in front of it. > >And, I don't even use SA on that server at all - that server's primary >use is as a baseline to compare against servers I run that use SA - I >use greylist-milter (with SPF exemption), and reject based on >spamcop.net, spamhaus.org and njabl.org on that server. > > Here's my stats for yesterday: > >spams made it through: 16 > >delayed by greylisting (ie: valid SPF) : 457 >blocked by spamcop: 703 >made it past spamcop and blocked by spamhaus: 498 >made it past both spamcop and spamhaus and blocked by njabl: 5 > >Raw mail total is around 1300/day for the server, and I get somewhat >less than that since there's 1 other mailbox on that server that is >regularly used. Those figures look pretty decent. >It's around 6% of the FILTERED spam your getting. Assuming Verizon >is successfully blocking 50% of spam sent to you, that's 3%. They _claim_ they are stopping 99%. Hell could be used for a runway for those flying pigs. >Spammers aren't stupid, and they know that if they get a 550 on >an address that if they keep that address on their spam roles that >they will burn their own bandwidth up. The spams I get from blacklisted >servers are almost all drive-bys, the established spammers with their >own ISP's purge my name from their lists because they know when they >are proofing their lists that anyone giving them a 550 will just burn >up their bandwidth. > >Verizon isn't giving the established spammers 550 unless an established >spammer mails to an unknown usern...@verizon.net address. But, your >address is -known- so both the drive-by's and the established spammers >will never get a 550 - and both operate on the assumption that anything >that's not a 550 means a human has opened their spam and read it - >that's why Verizon is getting 40K of spam a day for you from the >Internet, and I'm getting 1.3K of spam a day from the Internet. > >Now do you see why people don't use fetchmail, and why it's so >important to 550 stuff that is sent from blacklisted servers, >and to use blacklists? What can I use to replace fetchmail with then? If I bounce it back to vz, then it _might_ get their attention. Note underscores though. I don't honestly think anyone at corporate vz has 50 cents to call somebody who cares, and it wouldn't surprise to to find they are /dev/nulling such 550 responses on their servers via the equ of an iptables rule. Fetchmail has such an option according to the comments in .fetchmailrc, but the man page barely mentions it. I just looked this morning. Its not like RMS would actually want to tell somebody how to use that facility. ;) Thanks Ted. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. <https://www.nrahq.org/nrabonus/accept-membership.asp> "New Technology" or "Not Trusted"? -- Laurent Szyster
