Security Basics mailing list archives
Re: Help with SPAM blocking
From: bernie () e-mich com
Date: Fri, 21 Jan 2005 10:22:34 -0500
Dan, What platform are you trying to implement this on? If you on wondows I will not be allot of help as I am a *nix admin. I own a large web hosting company, so naturally we get allot of spam. I use a combination of SpamAssassin and several RBL's, the ones that seem to work best for me ar bl.spamcop.net, xbl-sbl.spamhaus.org, and several from blackholes.us. SpamAssasin uses rules that filter for keywords or configs in the headers, check out their site, this will get you started understanding how spammers right their headers and bypass some of the filter systems out there. Depending on your platform there are many ways to block up to 95% of the spam with out too many false positives. If you could explain in more detail the OS and the platfrom, I amy be able to help. I run Linux and FreeBSD, I also use APF whcih is advanced Protection firewall w/BFD brute force detection, and AD anit dos, this give me the capability to run deny rules and I have built up quie a list of subnets that I block from within IP tables. Tell me what you you are specifically having an issue with and maybe I can point you in the right direction if what I have said aboe does not make sense. B.Johnson Quoting Dan Lynch <dan.lynch () placer ca gov>:
Greetings list, I'm new to SPAM blocking and am trying to ramp up my knowledge of its mechanisms. I've done several days of research all over the net and there are still some points of confusion I can't seem to find explanations for. Anything you can help clarify for me is most appreciated. I also welcome reference to more focused mail lists I can query. First, I'm still looking for a good technical explanation of how Realtime Blackhole Lists (RBLs) work. Many references have specific implementation details (the syntax of the sendmail config lines, etc), but not the overview of RBL technology. The overviews I have found are too generic and mail-recipient/end-user oriented to be of much use. Do RBL's have a standard file format? What's it look like? What I can glean from FAQs and documentation implies there are two types: SMTP based and DNS based. Is this correct? Or is DNSRBL synonymous with RBL? Some lists (like njabl.org) imply they can be used by a DNS server, but I'm not clear how that functions. Why do so many references mention loopback addresses (see www.njabl.org/use.html, or the declude.com database). What's the connection? Is it best practice to use one list integrated with your DNS server, or saved as a hosts file on your mail server, and another configured at your SMTP gateway? Also, is an RBL downloaded to your SMTP host, or is it used as a remote query? If it's remote, how can one create exceptions when needed? Is that where your SMTP gateway's white-list feature comes in? Again, thanks for any info you can provide. Dan Lynch, CISSP County of Placer Auburn, CA dlynch at placer dot ca dot gov
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
Current thread:
- Help with SPAM blocking Dan Lynch (Jan 20)
- RE: Help with SPAM blocking David Gillett (Jan 24)
- Re: Help with SPAM blocking Michael Gale (Jan 24)
- Re: Help with SPAM blocking Ned Fleming (Jan 24)
- RE: Help with SPAM blocking Kurt (Jan 24)
- Re: Help with SPAM blocking bernie (Jan 24)
- Re: Help with SPAM blocking Sebastian Reitenbach (Jan 24)