Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Spamhaus Experiences?

From: Doug Sandford <dsandfor () SEEBECK UA EDU>
Date: Wed, 26 May 2004 14:47:39 -0500
Joe,

Thank you for this excellent information! Turned the URL of your
presentation over to the person who installed Spamhaus...great
results with the fine tuning, etc.

Thanks again for your rapid response. Hope you don't mind a reply off
line.

Doug

Forwarded by:           dsandfor () seebeck ua edu
Forwarded to:           doug () bama ua edu
Date forwarded:         Tue, 25 May 2004 10:16:58 -0500
Date sent:              Tue, 25 May 2004 08:16:32 -0700
Send reply to:          The EDUCAUSE Security Discussion Group Listserv              <SECURITY () LISTSERV EDUCAUSE EDU>
From:                   Joe St Sauver <JOE () OREGON UOREGON EDU>
Subject:                Re: [SECURITY] Spamhaus Experiences?
To:                     SECURITY () LISTSERV EDUCAUSE EDU

Doug Sandford <dsandfor () SEEBECK UA EDU> wrote...

#We have recently (last week) installed an open source spam blocker
#from the Spamhaus (http://www.spamhaus.org) project with pleasing
#results. The product has been catching seven to eight thousand pieces
#of mail a day...as I said we are pleased thus far.
#Do any of you have any experience with this product or their Exploit
#Blocker for viruses, etc? Seems almost too good to be true,
#particularly when compared to the pricey commercial solutions out
#there.

The SBL+XBL is one of the DNSBLs I recommended in my talk "Email Effective
Security Practices: 5 Concrete Areas to Scrutinize" from the last Internet2
Member Meeting; detailed slides are available at
http://darkwing.uoregon.edu/~joe/emailsecurity/ in PDF or PPT formats.

Spamhaus does a great job (be sure you're using the combination SBL+XBL
list rather than only the SBL or only the XBL). You should see excellent
results and nil false positives.

Besides the SBL+XBL, you may want to consider running an open proxy DNSBL
(such as NJABL, as mentioned in my talk), as well as a list that specializes
in open relays, dialup and other dynamic traffic sources such as the
mail-abuse.org RBL+ (not free, but cheap for .edu's in zone transfer mode).

See also the discussion of DNS "hinting" and the pointer to SPF if you want
to block additional spam and virus related traffic.

Regards,

Joe St Sauver (joe () oregon uoregon edu)
University of Oregon Computing Center

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: