[Sussex] SPAM Filtering Revisited

Andy Smith andy at lug.org.uk
Mon Aug 21 17:05:02 UTC 2006


On Mon, Aug 21, 2006 at 04:48:05PM +0100, Steven Dobson wrote:
> On Mon, 2006-08-21 at 13:39 +0000, Andy Smith wrote:
> > On Mon, Aug 21, 2006 at 01:32:32PM +0100, Steven Dobson wrote:
> > > Because if you're not part of the solution you're part of the problem. A
> > > prime example would be an open relay.  It may not generate spam but it
> > > surely does distrobute it!
> > 
> > Since I am not the one running the open relay and I am not the one
> > sending you the forged emails I'm not sure where the parallel lies.
> > I can justify a lot of actions under the banner of "well if you
> > don't want to be part of the solution..!"  Whose solution?
> 
> But you are sending me the forged e-mails, at least you are forwarding
> them on to me.

No I am not!

If 192.168.0.5 connects to your mail server and gives you a mail
that it says is from fuhwerfhu at strugglers.net then at what point
have I been involved in this until you decide to connect to my
servers to see if fuhwerfhu at strugglers.net is a real deliverable
address?

I don't have a problem with people's systems doing various checks on
my systems when my systems send mail to them.  I have a problem with
machines all over the world connecting to me to verify emails that
my systems never sent, especially when there is little practical way
to ensure I am not overwhelmed by this!

> Here is a real world example from today.

It should be noted that the example you give is not really related
to sender CBV and is just about the perils of multiple mail servers
passing on mail leaving the one at the end unable to take many
useful antispam measures.

> Checking SORBS's web interface show that the record for 82.226.234.199
> was created Sat Jul 22 14:04:08 2006 GMT.  Had Blackcat also checked
> SORBS it could have found this out too.
> 
> Therefore I will define Blackcat Networks as being part of the problem
> because they where the point which accepted a email from an IP address
> known to be a spam relay.  Any system that forward email outside it's
> own domain may be propergating the SPAMing problem if they are not
> checking.

Unfortunately if BCN were to drop every email based on your criteria
they would have few customers left.  SORBS is not perfect and many
people disagree with its policies.

At lug.org.uk we don't use SORBS either, but if you would like us to
use it for addresses that forward to you, and this list, then that
should be no problem.

> I will also define you as part of the problem as the MX records for
> mailman.lug.org.uk include mail.blackcatnetworks.co.uk as an secondary
> e-mail address.

[...]

> So you trust Blackcat to do all the approprate checking that you do.

No, actually.  This is a very suboptimal solution and BCN's backup
MX was only added because of the severe problems that we've been
having with our main server for lug.org.uk.  I know they don't have
very strict antispam measures but that's because they are an ISP and
can't afford to be rejecting possibly legitimate mail.  Once those
problems are fixed we'll be removing it again.

As I say, if there are any extra antispam measures you would like
enabled just for yuor and/or your list's lug.org.uk addresses then
we can do that.  The only one I would be opposed to without careful
thought is the sender CBV. :)

Cheers,
Andy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.lug.org.uk/pipermail/sussex/attachments/20060821/cb26af3c/attachment.pgp 


More information about the Sussex mailing list