Educause Security Discussion mailing list archives
Re: Spamhaus Experiences?
From: Doug Sandford <dsandfor () SEEBECK UA EDU>
Date: Wed, 26 May 2004 14:47:39 -0500
Joe, Thank you for this excellent information! Turned the URL of your presentation over to the person who installed Spamhaus...great results with the fine tuning, etc. Thanks again for your rapid response. Hope you don't mind a reply off line. Doug Forwarded by: dsandfor () seebeck ua edu Forwarded to: doug () bama ua edu Date forwarded: Tue, 25 May 2004 10:16:58 -0500 Date sent: Tue, 25 May 2004 08:16:32 -0700 Send reply to: The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> From: Joe St Sauver <JOE () OREGON UOREGON EDU> Subject: Re: [SECURITY] Spamhaus Experiences? To: SECURITY () LISTSERV EDUCAUSE EDU Doug Sandford <dsandfor () SEEBECK UA EDU> wrote... #We have recently (last week) installed an open source spam blocker #from the Spamhaus (http://www.spamhaus.org) project with pleasing #results. The product has been catching seven to eight thousand pieces #of mail a day...as I said we are pleased thus far. #Do any of you have any experience with this product or their Exploit #Blocker for viruses, etc? Seems almost too good to be true, #particularly when compared to the pricey commercial solutions out #there. The SBL+XBL is one of the DNSBLs I recommended in my talk "Email Effective Security Practices: 5 Concrete Areas to Scrutinize" from the last Internet2 Member Meeting; detailed slides are available at http://darkwing.uoregon.edu/~joe/emailsecurity/ in PDF or PPT formats. Spamhaus does a great job (be sure you're using the combination SBL+XBL list rather than only the SBL or only the XBL). You should see excellent results and nil false positives. Besides the SBL+XBL, you may want to consider running an open proxy DNSBL (such as NJABL, as mentioned in my talk), as well as a list that specializes in open relays, dialup and other dynamic traffic sources such as the mail-abuse.org RBL+ (not free, but cheap for .edu's in zone transfer mode). See also the discussion of DNS "hinting" and the pointer to SPF if you want to block additional spam and virus related traffic. Regards, Joe St Sauver (joe () oregon uoregon edu) University of Oregon Computing Center ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Spamhaus Experiences? Doug Sandford (May 25)
- <Possible follow-ups>
- Re: Spamhaus Experiences? Joe St Sauver (May 25)
- Re: Spamhaus Experiences? Doug Sandford (May 26)
- Re: Spamhaus Experiences? Doug Sandford (May 26)