Re: Help with SPAM blocking

[bernie () e-mich com]

Dan,

What platform are you trying to implement this on?  If you on wondows I will not
be allot of help as I am a *nix admin.

I own a large web hosting company, so naturally we get allot of spam.  I use a
combination of SpamAssassin and several RBL's, the ones that seem to work best
for me ar bl.spamcop.net, xbl-sbl.spamhaus.org, and several from blackholes.us.

SpamAssasin uses rules that filter for keywords or configs in the headers, check
out their site, this will get you started understanding how spammers right
their headers and bypass some of the filter systems out there.

Depending on your platform there are many ways to block up to 95% of the spam
with out too many false positives.  If you could explain in more detail the OS
and the platfrom, I amy be able to help.

I run Linux and FreeBSD, I also use APF whcih is advanced Protection firewall
w/BFD brute force detection, and AD anit dos, this give me the capability to
run deny rules and I have built up quie a list of subnets that I block from
within IP tables.

Tell me what you you are specifically having an issue with and maybe I can point
you in the right direction if what I have said aboe does not make sense.

B.Johnson



Quoting Dan Lynch <dan.lynch () placer ca gov>:

> Greetings list,
>
> I'm new to SPAM blocking and am trying to ramp up my knowledge of its
> mechanisms. I've done several days of research all over the net and
> there are still some points of confusion I can't seem to find
> explanations for. Anything you can help clarify for me is most
> appreciated. I also welcome reference to more focused mail lists I can
> query.
>
> First, I'm still looking for a good technical explanation of how
> Realtime Blackhole Lists (RBLs) work. Many references have specific
> implementation details (the syntax of the sendmail config lines, etc),
> but not the overview of RBL technology. The overviews I have found are
> too generic and mail-recipient/end-user oriented to be of much use.
>
> Do RBL's have a standard file format? What's it look like?
>
> What I can glean from FAQs and documentation implies there are two
> types: SMTP based and DNS based. Is this correct? Or is DNSRBL
> synonymous with RBL? Some lists (like njabl.org) imply they can be used
> by a DNS server, but I'm not clear how that functions. Why do so many
> references mention loopback addresses (see www.njabl.org/use.html, or
> the declude.com database). What's the connection?
>
> Is it best practice to use one list integrated with your DNS server, or
> saved as a hosts file on your mail server, and another configured at
> your SMTP gateway?
>
> Also, is an RBL downloaded to your SMTP host, or is it used as a remote
> query? If it's remote, how can one create exceptions when needed? Is
> that where your SMTP gateway's white-list feature comes in?
>
> Again, thanks for any info you can provide.
>
> Dan Lynch, CISSP
> County of Placer
> Auburn, CA
>
> dlynch at placer dot ca dot gov




----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.