Death to all spammers and open relays

[Raceit]

It's funny that the IP/domain list on the first page has a lot of address that I see come up in my BlackICE all the time.

I think when I have some time I'll try the two different server boxes for mail idea.


Plus I tried that Telnet and I'm an open relay! How embarrassing. But when I do that it does bring up the InterScan greeting and not my mail software itself. I guess that software's inhairently open. So I guess that two server idea is the only way around that.... I think.

Here's the route incoming email takes.
It comes in on port 25 to the Interscan software and goes through virus protection and filters. Then it goes over to my mail software on port 26 where it's delivered from there.
Outgoing is just reversed so it gets the virus and filter scans as well.

Is that a poor set up?

 

[taxx]

Mine comes in on port 25 to get scanned and relay block then forwarded to my mail server on port 28. Works good for me.

 

[Raceit]

That's good to hear. I just picked 26 out of the air.

 

[Howard]

I keep the port and just NAT the address. Just to keep it simple. I use one box for incoming both scan (content and virus) and mail, and one for out going scan and mail. It just means that I can't be DOS'ed too easily.

 

[Raceit]

Howard-
All my boxes are behind a firewall. They all have internal IP's. Is that what you mean by 'NAT the address'?

 

[Howard]

Yes but my scanner runs on a separate ip address to my mail server even on the same box. And I have mine set so that they are inside my firewall as well but I use a second firewall between them and the private network. So I use an isolator type setup, only clean and checked stuff enters the private net. I also have a fifth box for query stuff. In other-words anything that does not comply with the rules either in or out.

 

[sunbum]

Originally posted by matey
do you have zone alert its quite effective inblocking people who are hacking your connection

Zone alarm actually...
I ran BlackIce for a bit, and have tried a few others (Agnitum, ...) zone alarm actually is better than those.

I liked the flexibility of Norton's Security program personally, but depends on your level of expertise as to how much configuring you want to do versus being asked a yes or no to block/allow.

Good luck with your safe hex.

 

[taxx]

Got a question for youz guyz.....

On this never ending spam war.... Its easy to block domains but how do you guys block smap from phony accounts at say Yahoo or Hotmail? I am constantly setting up new words and phrases in my banned subject list, but there has to be a better way. I can't block the domain cause I actually get mail from yahoo and such.

 

[huskyfan23]

Taxxman, I use McAfee Spam Killer, got it off Kazaa. I haven't gotten ANY spam since. It blockes addresses that start with numbers, have certain words in the subject lines, and then replys with an automatic complaint to the domain host. It works really well and you can choose for an option to notify you before it marks an e-mail as spam. It runs in the background so you don't need your mail program running at all, and at anytime you can just open your normal mail program and you'll have no spam, and the messages that aren't spam are left on the server, so you'll receive all that just as you normally would.

 

[taxx]

great idea, but this is on a server not just a client. I run CMS Praetor and it does great, but many things still get through. I am battling many things in the subject lines but my list of banned subjects keeps growing as does the incoming spam. I am already running RBL and investigating how to use more RBLs.

 

[Hank]

You can run multiple RBL's, at least in sendmail and I sure in other MTA's, without any problem.

There are many agressive RBL's out there that include network ranges for dialup clients and dsl/cable accounts.

The only drawback with this type of agressive RBL is it will block a high number of valid e-mails. Like if a a valid person runs a mail server on thier static address. Or if a valid person sends mail through their ISP's mail server..

See sendmail.org as they have several links to rbl's MAPS is one of the best but they are now charging...

 

[Hank]

I'm also looking at a couple of open source server side scanners. What MTA are you running??

 

[taxx]

I am running CMS Praetor. This is on a 2k server with lotus domino.... Ya Ya I know winders. But I have no choice for this server. I sent them a request to see if I can get into any of the config files and all large lists of domains and IPs to block rather than one at a time in their GUI so we will see what they say. It isn't as nice as open source, but it is what I have to deal with here.

 

[Hank]

Hey, I just stumbled onto this

www.mailblocks.com Out of desparation I may resort to this... Tacky but effective...

Another thought for you would be to put a Linux box in front of your mail server, for store and forward, and put all the spam blocking there...

 

[taxx]

Originally posted by Hank
Hey, I just stumbled onto this

www.mailblocks.com Out of desparation I may resort to this... Tacky but effective...

Another thought for you would be to put a Linux box in front of your mail server, for store and forward, and put all the spam blocking there...

Ya I actually thought about doing that at home. Probably won't mess with it here. Not enough time unfortunately. Maybe later this summer. Would just involve setting up sendmail and a filter to filter the incoming and forward on surviving messages to the mail server. Wouldn't be too hard. But I need another box first. Have plans to build a new linux box for a workstation this month and I might try it out on that for fun at home since it won't bog it down with only a few mail users there.... besides most of the incoming mail there is from here

 

[taxx]

well this sucks. Figured out my problem sending mail from my personal domains to AOL. Has nothing to do with being blocked due to prior relaying or anything:

550 - The IP address you're using to connect to AOL is either open to the free relaying of e-mail, is serving as an open proxy, or is a dynamic (residential) IP address. AOL cannot accept further e-mail transactions from your server until either your server is closed to free relaying/proxy, or your ISP removes your IP address from their list of dynamic IP addresses. For additional information, please visit http://postmaster.info.aol.com.


tell me that doesn't suck. Guess my only option is to get a static IP at home or relay through my server here at work....... anyone know of any major problems to worry about with relaying like that? it is simple enough to set up. Sucks that I have to do it but it will work..... ( I know how in notes, my other server is a different story )

 

[Hank]

You're going to find that become more and more common.

For example I use Sprint/Earthlink Business Class DSL but run my own server also. There are a number or RBL's out there that the ISP's have willing subscribed to ie:MAPS where they advise the range of end user networks to the RBL. This will force you and I to start forwarding mail through the mail server of our ISP. Which you could argue is annoying but anti-spam correct.


You should be ok routing through your office, if configured correctly, or your ISP. Some problems may occur sending to folks on hotmail, msn or others, who have turned on their spam blockers to high. On of the tricks they look for is a multiple relays in the header.

 

[taxx]

how would I route it to my ISP? I would think my isp would deny relaying like that. i could set inside my mail client tell it to send outbound through the ISP.

Easiest will be to relay it through my server here at work. that way I have full controll of both servers

 

[taxx]

Got it set and it seems to be working great! That was easier than I thought it would be. Now to get my web servers mail to relay through here (my work not explorer forum)......

 

[taxx]

Hank,

You seem to know your email very well. would you happen to know how or know of a good source to tell me how to make my postfix server on my mandrake web server box relay mail though the same place my domino server is relaying through. I seach and just find junk. Am going to continue to search but didn't know if you knew the answer.

Thanks,
Dave