[colug-432] smtp filters

Rick Troth rmt at casita.net
Mon Apr 22 11:21:30 EDT 2013 

When I ran my own SMTP, I used white listing.  It's imperfect for a
lot of reasons.  Something I learned early is that (with WL to avoid
spam) the recipient cannot have their own address in the white list.
Spammers do that a lot.  (Sent from you to you, per the headers.)
[sigh]

White listing did not scale.  For laziness or excess idealism, I never
implemented the fancier filters.  I do believe that slamming the door
on SMTP is the right way to kill spam.  (Better than receiving it and
scanning after the fact.)  Not always possible because the clues may
be too deep in the content.

BEFORE I was "outsourcing" to Googoo, I leveraged their filtering by
forwarding traffic through GMail.  (Small enough number of recipients
here that it worked reasonably well.)  Since actually outsourcing the
domain, the spam count (things flagged and remaining in the "spam"
folder) has gotten significantly lower.  Methinks they're doing a lot
at the SMTP level (which they could not when I was forwarding).

Looks like current SMTP implementations support more robust connection
based rules: SPF, perhaps combined with DNSSEC, so you can more
reliably "know" that the sender is legit.

Letting SMTP have its own server ... not just for the big boys.  Any
of us who have nominally static IP and a spare machine (or virtual)
can isolate SMTP.  I did it for security reasons.  (If the machine
hosting SMTP was hacked, I did not care; the mail had already been
yanked with 'fetchmail'.)  You can punch port 25 to another box if you
don't want that box hogging the address.

Dunno if this helps.  Hope so.




On Mon, Apr 22, 2013 at 9:36 AM, Scott Merrill <skippy at skippy.net> wrote:
> I've been kicking around the idea of migrating my email off of Google
> Apps. I'd lose a fair bit of integrated functionality on which I've
> come to rely, I realize, but I think there may be some long-term
> benefits to being responsible for my own communications.
>
> As I think through how I might make the transition, it occurs to me
> that most of the anti-spam measures with which I am familiar go about
> weighting messages the wrong way. Rather than identify spam, why not
> explicitly identify ham, based on my specific corpus of email? I'm not
> talking Bayesian statistics, but an actual accounting of mail
> exchanged between myself and others.
>
> Specifically, I'm wondering how my MTA might query my mail spool (or
> some summary thereof) to see how many messages have been received by a
> given sender (both MAIL FROM and envelope from:), and whether or not
> I've ever sent mail to that person?  Surely if mail comes from a
> specific host, from a specific address, AND I've sent mail to that
> same address, that message is worth accepting (content filtering may
> still be employed at a later stage).
>
> For a large mail provider, I understand that the SMTP daemon may live
> alone, isolated from the final mail store. That's unlikely to be the
> case for me, given resource constraints.
>
> It's been a while since I've last deployed Postfix, so the state of
> the art may have advanced quite a bit.  Is anyone familiar with a
> milter or plugin or other solution that implements anything like the
> above? Presumably it would work in conjunction with other more
> traditional anti-spam measures.
>
> Any pointers would be greatly appreciated.  Thanks!
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432



-- 
-- R;   <><

More information about the colug-432 mailing list