anybody else been spammed by "no-ip.com" yet?

Sun May 5 12:30:33 UTC 2002

The only way to catch and stop spammers is with horsepower and proactive
mail policies. Sendmail is capable of being configured in a rigid manner and
filters put in place, the problem is that most system hacks are not capable
enough to manage the overhead of enforcing a filtration rule on each piece
of mail because of the complexity. What's needed is a turn-key solution
really. Non of us want to have to play with email gateways and reception
agents if we don't have to (well ok, so its only most of us...).

For instance, we got a boatload of bad email last week locally at one of the
local SF Bay Area University's I do work with, and our entire email gateway
was shutdown dealing with actively filtering 3000 emails that had a
contaminated attachment.

The problem with email filters is that they are not smart. The cant tell you
when they see 5 pieces of email that all have a bad return or source
address/name and that have a contaminated attachment, that all came from the
same place that they should create and manage their own little blacklist
file...

I also suggest that running sendmail on a single host is a mistake or any
mail system for that matter. I have ours setup on a reception agent system
which timestamps and logs all the email into a queue. The queue has a
stand-alone engine that qualifies each piece of email and checks any
attachments for evilness. Each stage also sends a response to the sender
acknowledging receipt if "Receipts are requested" and the whole system works
pretty well.

The whole system cost less than 15K to put in place and is essentially 5
different computers all of which happen to be implemented on a SBC we have
so the entire system fits into a single PCI based computer's footprint.

If anyone is interested in the exact setup - email me offlist and we can
continue this conversation.

Todd Glassey, CTO
ServerWerks Inc.
http://www.serverwerks.cc
----- Original Message -----
From: <measl at mfn.org>
To: "Forrest W. Christian" <forrestc at imach.com>
Cc: "Eric A. Hall" <ehall at ehsco.com>; <nanog at nanog.org>
Sent: Saturday, May 04, 2002 4:33 PM
Subject: Re: anybody else been spammed by "no-ip.com" yet?

>
>
> On Sat, 4 May 2002, Forrest W. Christian wrote:
>
> > We're trying to discourage bulk emailers, not individuals.
>
> Then the way to do this is to make the cost of sending mass mail more
> expensive than sending only a few here and there.  In short, we need a way
to
> prevent the use of the $19.95 throw-away account that is used to send the
> vast majority of spam.  Let's face it, only the biggest of the hardcore
> spammers are willing to pay out for dedicated lines.
>
> How about something along the lines of dial accounts having their outgoing
> SMTP connections rate limited to, oh, let's say 100 per day, and limiting
the
> maximum number of recipients on any given email to some low number, say 5?
>
> A customer reaches the limit, the account auto-rejects all email for 24
> hours.
>
> Someone bitches?  Let them buy full rate dedicated services, with the
first
> month, last month, and a security deposit up front before service is
> established.
>
> --
> Yours,
> J.A. Terranson
> sysadmin at mfn.org
>
> If Governments really want us to behave like civilized human beings, they
> should give serious consideration towards setting a better example:
> Ruling by force, rather than consensus; the unrestrained application of
> unjust laws (which the victim-populations were never allowed input on in
> the first place); the State policy of justice only for the rich and
> elected; the intentional abuse and occassionally destruction of entire
> populations merely to distract an already apathetic and numb electorate...
> This type of demogoguery must surely wipe out the fascist United States
> as surely as it wiped out the fascist Union of Soviet Socialist Republics.
>
> The views expressed here are mine, and NOT those of my employers,
> associates, or others.  Besides, if it *were* the opinion of all of
> those people, I doubt there would be a problem to bitch about in the
> first place...
> --------------------------------------------------------------------
>
>
>