Date: Tue, 10 Jan 2006 23:48:51 -0800 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "jdow" <jdow@earthlink.net>, <freebsd-questions@freebsd.org> Subject: RE: Spamcop listed - need help to diagnose why Message-ID: <LOBBIFDAGNMAMLGJJCKNKEEGFDAA.tedm@toybox.placo.com> In-Reply-To: <04d001c615e8$a4b18090$1225a8c0@kittycat>
next in thread | previous in thread | raw e-mail | index | archive | help
>-----Original Message----- >From: owner-freebsd-questions@freebsd.org >[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of jdow >Sent: Tuesday, January 10, 2006 5:21 AM >To: freebsd-questions@freebsd.org >Subject: Re: Spamcop listed - need help to diagnose why > >> >> Unfortunately in the spam game, it only matters if the spammer >> thinks they didn't successfully deliver it to you. And that only >> happens if the machine delivering the spam gets an error when >> trying to deliver it, since the spammer isn't using legitimate >> senders addresses and cannot get feedback any other way. > >Sonny, you define it your way and I'll define it mine. jdow, I define it by the RFC's. If the mailserver you are fetchmailing from has mail in it's mailbox for you to fetch, then according to the SMTP RFC, delivery has occurred from the spammer. I understand that these days people seem to like to redefine words to suit their beliefs of how something should work, but just because you want to "define it your way" doesen't make it technically correct. I'm going to continue answering your message here mainly for the other readers who might be interested in the discussion. You can just quit reading now since if your going to start redefining terms for e-mail to something other than what the standard defines them as, discussion with you is completely pointless. I wonder what would happen if you went to your wife and told her that your going to redefine marriage to mean that you can sleep with some other woman. Hell, let's all let everyone redefine words however they like. After all if it's good enough for the President of the USA, then it's good enough for Joe Blow, right?!?! I do feel sorry for you since this attitude is the same attitude of the person with a broken down car who doggedly replaces part after part until he stumbles over the broken part by accident, rather than actually learning how the thing works so he can troubleshoot it properly. I am stating the facts of how your setup works and it's inherent flaws, and you obviously don't want to hear them, so you can just go away. All systems have flaws, and if the truth of the flaws in the system your running is too much for you to bear, then you are going to be happier ignorant. >The object >is to not bug the user with spam. Correct. >The secondary object is to keep >the machine load for spam as low as possible. Also correct. >You have a priority >inversion there. > No, not at all, you do. The typical M.O. for today's spammer is to find a system that has been compromised that they can use for relaying. Either a end-users system that's got a trojan in it, or a mailserver. These are used as a transmission device. When these transmitters get cranked up, they go from mailserver to mailserver, dumping hundreds to thousands of spams and spam attempts to the server. Once they exhaust their dictionaries and lists, they move on to the next server. When you do ALL spamfiltering in post-delivery mode as you do, then nothing prevents the transmitter from delivering hundreds of spams to your server and users. This takes a lot of machine load to deal with. The more pre-delivery filtering that you can do the less the load. If you blacklist by IP address then when the transmitter hits your server, if it's on a blacklist then not a single one of it's spams gets delivered, and your system spends 0 CPU time in post-processing (ie: stuff like virus scanning, content scanning, etc.) >From the users point of view, whether you pre-filter or post-filter, the amount of mail tagged as spam or blocked as spam doesen't change. But the load on the server for pre-filtering is far less than for post-filtering. That is obvious to anyone who takes the time to understand how mail works. >> I've never been a fan of post-filters for this reason. For some >> kinds of filtering - like content filtering for example - that >> is the only way you can do it. But I think it the height of >> strangeness when SA checks blacklists and such to assign scores. >> If they really cared about spamfiltering, they would use the >> IP blacklists in the way they are intended - to block access >> completely to the spammer, not even let them connect to the >> server at all. The mail that SA is assigning scores on based on >> an IP blacklist shouldn't even be in the SA filter to begin with. > >People do that and discover they have blocked paying customers and >the like. If you are going to raw block on black lists at least >setup a scoring system that has some wide testing behind it. > You are utterly full of bullcrap. In the last 3 years that the ISP I work at has used blacklists, we have had a grand total of ONE customer complain. This is on a server with tens of thousands of mailboxes and hundreds of domains. And our blacklists are set so that if they reject mail, a complete error message is included as to why they are being blacklisted. In fact, not only have we only had 1 customer complain, we have had DOZENS of adminstrators of OTHER domains thank us profusely for helping them to find mass-mailer robots that have been operating without their knowledge behind their mailservers. I've had guys tell me that they have been having many complaints from their own users for weeks about mail not being delivered, and we were the first ones that told them that not only were they on all the major blacklists, but what those lists were and why they were on them. I never expected to train corporate admins how to run their own mailservers when we instituted IP blacklists, but that is what has happened. I even got a call from a competitive ISP once that was on a number of blacklists and didn't know it, if you can believe it. Modern blacklist servers that are run right are very sophisticated as to how they detect spammers and are very good at doing it. The incidence of false positives on a well-run blacklist server is in the hundred thousands of 1 percent. That is why so many of them have been regularly DDoSed by spammers - because they are effective. You just got to know which ones are run right. >>>> Denying the spam before it's even accepted into the server is a >>>> much better way. Unfortunately, a content filter means you have to >>> >>>If you can make fetchmail do that you're pretty clever, kemo sabe. >>> >> >> No, but I can replace the Rube Goldberg fetchmail arraingement your >> using with a real mailserver that is on the Internet all the time >> and can make use of blacklist servers and such. >> >> And yes, I'm just as good at making smart-alecky comments as you >> are. Probably better at it, actually. Do you want to knock it >> off and go back to the technical merits discussion now? ;-) > >I happen to put a priority on other things. "Good enough is >good enough." Translation: you got a cheap hack working, and your fat, dumb and happy about it. Funny how people like you that claim to be proud of being mediocre, are the loudest screamers when they go to the hospital and the doctor says to them "Well, here's some aspirin, that's good enough for your broken foot" Ted
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LOBBIFDAGNMAMLGJJCKNKEEGFDAA.tedm>