Firewall Wizards mailing list archives
Re: regarding spam... (fwd)
From: Paul Holman <pablos () metasecura com>
Date: Sat, 30 Mar 2002 00:44:54 -0800
Marcus,Tina Bird forwarded this message to me, I'm not on the Firewall-Wizards list, but have to deal with the same spam issues. For what it is worth, here is my approach:
Inbound mail is handed off to SpamAssassin <http://www.spamassassin.org/> via Procmail. This tool integrates some local header & text filters as well as the usual blacklist services. It also uses Razor, a collaborative spam tracking database to identify known spam messages.
SpamAssassin will tag each message with a spam score header, and you can use that for whatever kind of handling you like with Procmail. On my systems, spam gets filed into a separate IMAP folder called "Spam" on a per-user basis. So every user gets their own spam, prefiltered. If they like, they can skim through this and adjust their own threshold, and manage their own white/blacklists in a ~/.spamassassin.rc file
I also create a shared, writable IMAP folder called "Spam to Report" which every user can move spam into if it makes it to their inbox. A cron job submits all this spam to Razor.
This approach has been fantastic for me. I never use any of the RBLs either. I liberally accept all spam, and make it very flexible for users to do whatever they want with it. No human intervention is required, but users can contribute if they like.
As far as creating using a web-of-trust paradigm, I wish you well, but I think it is more work than is necessary. My approach has no address based blacklist and I'm getting great results. I'm a human spam magnet that personally receives a couple hundred spam messages a day. About 5% make it to my inbox, and I manually move those off to the "Spam to Report" folder.
Good luck, and be sure to CC me off list if this conversation continues. Thanks, pablos.
---------- Forwarded message ---------- Date: Fri, 29 Mar 2002 09:45:01 -0500 From: Marcus J. Ranum <mjr () nfr com> To: firewall-wizards () nfr com Subject: [fw-wiz] regarding spam... Out of 30 messages in the input queue yesterday 30 were spam. 27 of those were korean or chinese. I'm trying to think of ways to deal with spam E-mails and have been kicking around a few ideas with some friends of mine. Most of the truly effective ways we can imagine to deal with spam rely on spam-knowledge propagation: in other words a human being someplace in the mix says "this is spam" and based on that determination causes the offending message to disappear from all mailboxes. So, a side effect of this approach is a 'web of trust' with respect to noise email. :) Suppose I tell the mail system "I trust Dodge Mumford's judgement regarding what is spam" then my mail system will automatically move into my spam folder all emails that Dodge moves into his spam folder. We might choose to look out for eachother in a reflexive relationship, or we might choose to additionally trust an outside source, etc, etc. It occurs to me that this would be pretty easy to implement, with a bit of small extra kludgery. You could build it right into an imap server by having it apply the extra processing when someone moves a message into a folder called "spam" - in fact this way _one_ person in an organization could keep an up-to-date set of Eudora filters that would be leveraged by everyone in that spam trust ring. Does anyone know if this is already being done? Does anyone see any really compelling reason it wouldn't work? mjr. --- Marcus J. Ranum Chief Technology Officer, NFR Security, Inc. Work: http://www.nfr.com Personal: http://www.ranum.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
-- Paul Holman Metasecura 415.420.3806 pablos () metasecura com http://www.metasecura.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: regarding spam... (fwd) Paul Holman (Mar 30)