Keith C. Perry on 21 Oct 2016 09:43:14 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] spamassassin help: create a rule to score by sender TLD


"Speaking of which, I've actually been wanting to run my own e-mail
server for a while but haven't found any good resources on how to
properly set it up. Does anyone have resources on that which they can share?"

That's a good question and I don't think I have a good answer.  I would not torture and have you read a book on sendmail (which is where started way back in the 1990's) so unfortunately, it might be best to start with what solution are looking to run and then as you are configuring you're googling.

I run Zimbra for my company (and clients who want to run their own server) but there are other solutions out there.  I think most people here do run their own servers are running Dovecot or Postfix. Also for you Thomas, since I think you were an MS guy, I would look at Zentyal too since it is a drop replacement for the hell that is Exchange / Outlook.  Other folks might like how Zenytal as well but for me, Zimbra's web client is much better and I would not want to see MS looking objects for just a mail solution.

(apologies if you are not that Tom)

"I agree with the first bit: don't publish your e-mail address in a form
that is understandable by machines (see caveat below).
BUT I disagree with the second bit, you are breaking my Lynx... All
joking aside, you ARE breaking my internet by doing this though. What's
wrong with a 'contact us/me' form again? (But then again, anytime I hear
a solution containing "use Javascript/CSS", I just think to myself:
"instead of one problem, you now got two, mate")"

I should have been clearer too.  I don't agree the second part either.  I very much believe in the KISS principal and Javascript/CSS is most certainly not that but to each their own  :D

Also, some people are masochists... they need love- err pain, too  :D

"If anything *THIS* is the thing to do. When you get spammed on the role
account, just drop the account and stop using the site where you used
that site (they either got compromised or they sold your data).
In this day and age of address books and password managers (What a time
to be alive!), do you really want to use first.lastname@domain.tld
instead of a random_characters@domain.tld when signing up for whatever
the latest shiny bauble-site is which, for whatever dumb reason,
requires your e-mail address (...and your phone number 'for
verification', and access to your FB account, and your G+ account, and
the name of your first-born pet, and when and where you graduated, etc,
etc...)
If anything, just generate random string e-mail address aliases; *never*
use your real one (only give that to folks you really want to talk to)
and then put filters on your mailbox which look for the X-Orig-To header
to direct the flow."

Need? no... you know how humans are though so, want, yes.

The problem is spam doesn't necessarily come from the place you subscribed to.  You could set up asdfasdf@thomas.xyz for use with site A and get spam on that email from site B through Z.  The only thing you can do in that case is do additional scrubbing on inbound mail to asdfadsf BEFORE you forward to the real account or drop asdfadsf and start using lkjhlkjh@thomas.xyz.

Yes, you can block B through Z...

...then you'll get spam on AA - AZ...

you understand.

Essentially, you spend time chasing the issue and it takes awhile for it to get resolved if at all so dropping is the best thing to do but not everyone can do that.

BTW, this is why throttling SMTP traffic and / or tarpitting the most extreme abusers works.  If you can't be spammed at a high frequency or talking to your server is slow / problematic then you'll get dropped from the spammers lists... Blacklisted from the blacklisted :D

"BTW, if you use GMail, use the '+suffix'-trick to create distinct
addresses for each website you sign up for (or list your e-mail address on).
So if you have: something@gmail.com then you use
something+blah@gmail.com which will still be delivered to
first.last@gmail.com but be tagged (or something) so you know it was
sent to the +blah 'sub-alias'."

That's brilliant.  I didn't know about that one.

"
Couldn't agree more.
For some reason, people just don't learn, continue to click on links
like "H0tt13 in your area l00k1ng for good sh4g, click here!!!!!!!" and
then complain that they got infected (that's a top-quality pun, right
there!).
After all, there must be some morons clicking on these links or we
wouldn't have spam, amirite?"

You are... many problems between keyboard and chair ;)  If I had a $1 for every time someone clicked without looking first...

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ 
Keith C. Perry, MS E.E. 
Owner, DAO Technologies LLC 
(O) +1.215.525.4165 x2033 
(M) +1.215.432.5167 
www.daotechnologies.com

----- Original Message -----
From: "Thomas Delrue" <delrue.thomas@gmail.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Sent: Friday, October 21, 2016 11:36:07 AM
Subject: Re: [PLUG] spamassassin help: create a rule to score by sender TLD

On 10/21/2016 10:36 AM, Keith C. Perry wrote:
> This whole thread is why I tell new people coming into the IT field
> that managing mail servers is around the most miserable thing we have
> to do...

Speaking of which, I've actually been wanting to run my own e-mail
server for a while but haven't found any good resources on how to
properly set it up. Does anyone have resources on that which they can share?

> ...other than fight with the wonderful world of the MS drones  :D

That's not a big deal, 90% of the time they are applying updates anyway.
So they just hang there in mid-air doing nothing (and that's if the
update process is going as expected)

> That said, Charlie said,
> 
> "Furthermore, probably the easiest and most fruitful way to avoid
> getting spam at all (before it hits any filters or daemons you set
> up) is to just not post the raw email address anywhere on the web.
> Have obfuscated JavaScript generate the string instead, or use
> HTML/CSS's built-in right-to-left functionality to display it if you
> absolutely positively need to display the raw address."
> 
> THAT...

I agree with the first bit: don't publish your e-mail address in a form
that is understandable by machines (see caveat below).
BUT I disagree with the second bit, you are breaking my Lynx... All
joking aside, you ARE breaking my internet by doing this though. What's
wrong with a 'contact us/me' form again? (But then again, anytime I hear
a solution containing "use Javascript/CSS", I just think to myself:
"instead of one problem, you now got two, mate")

> To go a step further.  Use role accounts, "throw-away" or "burnable"
> accounts for services when ever you can.

If anything *THIS* is the thing to do. When you get spammed on the role
account, just drop the account and stop using the site where you used
that site (they either got compromised or they sold your data).
In this day and age of address books and password managers (What a time
to be alive!), do you really want to use first.lastname@domain.tld
instead of a random_characters@domain.tld when signing up for whatever
the latest shiny bauble-site is which, for whatever dumb reason,
requires your e-mail address (...and your phone number 'for
verification', and access to your FB account, and your G+ account, and
the name of your first-born pet, and when and where you graduated, etc,
etc...)
If anything, just generate random string e-mail address aliases; *never*
use your real one (only give that to folks you really want to talk to)
and then put filters on your mailbox which look for the X-Orig-To header
to direct the flow.

BTW, if you use GMail, use the '+suffix'-trick to create distinct
addresses for each website you sign up for (or list your e-mail address on).
So if you have: something@gmail.com then you use
something+blah@gmail.com which will still be delivered to
first.last@gmail.com but be tagged (or something) so you know it was
sent to the +blah 'sub-alias'.

> You have to treat spam as a security issue. 

Couldn't agree more.
For some reason, people just don't learn, continue to click on links
like "H0tt13 in your area l00k1ng for good sh4g, click here!!!!!!!" and
then complain that they got infected (that's a top-quality pun, right
there!).
After all, there must be some morons clicking on these links or we
wouldn't have spam, amirite?

...now where's my LART so I can go 'educate' some of my [l]users to not
click these bloody things?

> ----- Original Message ----- From: "Charlie Li"
> <ml+PLUG@vishwin.info> To: "Philadelphia Linux User's Group
> Discussion List" <plug@lists.phillylinux.org> Sent: Wednesday,
> October 19, 2016 12:20:40 AM Subject: Re: [PLUG] spamassassin help:
> create a rule to score by sender TLD
> 
> On 18/10/16 13:42, ac wrote:
>>> If you've done something similar, are there other problematic
>>> domains that seem to generate a lot of spam and are unlikely to
>>> house legitimate mail senders?  I will stay away from the
>>> country-based ones because we do get mail from foreign contacts.
>>> It's more the new TLDs I'm worried about... .xyz is another one I
>>> noticed and would probably score.
>>> 
>> I would not do this in that way as there may be legit domains @
>> .xyz or .top and your users (if you are a hosting co) may/will
>> complain about dropping legit email...
>> 
> Indeed. I recently registered a .xyz myself and will be used for my 
> upcoming business. I know a few people who also use .xyz as their 
> personal domain for their website and of course email.
>> best way to stop spam is still the dnsbl, like SpamCop.net & 
>> superblock.ascams.com & spamhaus/org etc etc
>> 
> Exactly.
> 
> Furthermore, probably the easiest and most fruitful way to avoid
> getting spam at all (before it hits any filters or daemons you set
> up) is to just not post the raw email address anywhere on the web.
> Have obfuscated JavaScript generate the string instead, or use
> HTML/CSS's built-in right-to-left functionality to display it if you
> absolutely positively need to display the raw address.
> 


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug