Security Incidents mailing list archives
Re: Massive SPAM Increase {-2.6} {-2.6}
From: Vini Engel <vini () fugspbr org>
Date: Mon, 09 Oct 2006 15:06:22 +1000
Kurt Seifried said the following on 09/10/06 14:06:
You got joe-jobbed. http://en.wikipedia.org/wiki/Joe_jobWhat MTA do you run?seifried.org Mail looks like this:
Sorry when I asked what MTA, I wanted to know what MTA Alex runs. Alex, please tell us what MTA you run! Your mail structure looks nice!
Internet |Firewall - OpenBSD with spamd (defaults) and very agressive greytrapping.This catches about 90% of my spam (the main idea is to reduce load on spamassassin and make sure I'm talking to a real mail server). For example if you try to email kurs () seifried org or kuru () seifried org you get black listed (so often spammers go in alphabetical order hit those before kurt () seifried org) I also have a script that checks the maillogs for undeliverable addresses and adds those (about 3000 in all added, very few new ones being added now).|Incoming MX servers - two servers running Postfix with various anti-spam things enabled.|Mail server - Postfix server with spamassassin and some procmail filtering for attachments/etc to my personal accounts. IMAPS server for mail retrieval.
So tell me once your OpenBSD accepts the mail, it goes to the postfix machines. Does the OpenBSD server know what users are valid and what aren't? Do you postfix MXs know what users exist or don't?
So currently I have two main lines of defense against spam: OpenBSD spamd and spamassassin. I have not yet enabled Bayes filtering, which would provide an additional level of spam filtering (I get 2-3 spams a day to my accounts so it's not enough to bother me enough to setup Bayes filtering).
I am running SA on my server, it work well but I am studying a move onto dspam. I think it will give me much more granularity than SA, people say that it is also much more accurate. I am yet to see!
Vini ------------------------------------------------------------------------------ This List Sponsored by: Black HatAttend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas. World renowned security experts reveal tomorrow's threats today. Free of vendor pitches, the Briefings are designed to be pragmatic regardless of your security environment. Featuring 36 hands-on training courses and 10 conference tracks, networking opportunities with over 2,500 delegates from 40+ nations.
http://www.blackhat.com ------------------------------------------------------------------------------
Current thread:
- Massive SPAM Increase Alex (Oct 08)
- Re: Massive SPAM Increase Kurt Seifried (Oct 08)
- Re: Massive SPAM Increase {-2.6} Vini Engel (Oct 09)
- Re: Massive SPAM Increase {-2.6} Kurt Seifried (Oct 09)
- Re: Massive SPAM Increase {-2.6} {-2.6} Vini Engel (Oct 09)
- Re: Massive SPAM Increase {-2.6} {-2.6} Paul Schmehl (Oct 09)
- Re: Massive SPAM Increase {-2.6} {-2.6} Tim (Oct 09)
- Re: Massive SPAM Increase {-2.6} {-2.6} Paul Schmehl (Oct 09)
- Re: Massive SPAM Increase {-2.6} {-2.6} Nathaniel Hall (Oct 09)
- Re: Massive SPAM Increase {-2.6} {-2.6} Tim (Oct 09)
- Re: Massive SPAM Increase {-2.6} {-2.6} Brent Kearney (Oct 09)
- Re: Massive SPAM Increase {-2.6} {-2.6} Paul Schmehl (Oct 09)
- Re: Massive SPAM Increase {-2.6} Vini Engel (Oct 09)
- Re: Massive SPAM Increase Kurt Seifried (Oct 08)
- Re: Massive SPAM Increase {-2.6} {-2.6} Graeme Fowler (Oct 09)
- Re: Re: Massive SPAM Increase {-2.6} {-2.6} Luke Burton (Oct 09)
- Re: Massive SPAM Increase Tillmann Werner (Oct 10)