Spamcop listed - need help to diagnose why
tedm at toybox.placo.com
Tue Jan 10 23:48:55 PST 2006
>From: owner-freebsd-questions at freebsd.org
>[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of jdow
>Sent: Tuesday, January 10, 2006 5:21 AM
>To: freebsd-questions at freebsd.org
>Subject: Re: Spamcop listed - need help to diagnose why
>> Unfortunately in the spam game, it only matters if the spammer
>> thinks they didn't successfully deliver it to you. And that only
>> happens if the machine delivering the spam gets an error when
>> trying to deliver it, since the spammer isn't using legitimate
>> senders addresses and cannot get feedback any other way.
>Sonny, you define it your way and I'll define it mine.
jdow, I define it by the RFC's. If the mailserver you are fetchmailing
from has mail in it's mailbox for you to fetch, then according to the
SMTP RFC, delivery has occurred from the spammer.
I understand that these days people seem to like to redefine words
to suit their beliefs of how something should work, but just because
you want to "define it your way" doesen't make it technically correct.
I'm going to continue answering your message here mainly for the
other readers who might be interested in the discussion. You can just
quit reading now since if your going to start redefining terms for
e-mail to something other than what the standard defines them as,
discussion with you is completely pointless. I wonder what would
happen if you went to your wife and told her that your going to
redefine marriage to mean that you can sleep with some other woman.
Hell, let's all let everyone redefine words however they like.
After all if it's good enough for the President of the USA, then
it's good enough for Joe Blow, right?!?!
I do feel sorry for you since this attitude is the same attitude of the
person with a broken down car who doggedly replaces part after part
until he stumbles over the broken part by accident, rather than
actually learning how the thing works so he can troubleshoot it
I am stating the facts of how your setup works and it's inherent flaws,
and you obviously don't want to hear them, so you can just go away.
All systems have flaws, and if the truth of the flaws in
the system your running is too much for you to bear, then you are
going to be happier ignorant.
>is to not bug the user with spam.
>The secondary object is to keep
>the machine load for spam as low as possible.
>You have a priority
No, not at all, you do.
The typical M.O. for today's spammer is to find a system that has
been compromised that they can use for relaying. Either a end-users
system that's got a trojan in it, or a mailserver. These are used as
a transmission device.
When these transmitters get cranked up, they go from mailserver to
mailserver, dumping hundreds to thousands of spams and spam attempts
to the server. Once they exhaust their dictionaries and lists, they
move on to the next server.
When you do ALL spamfiltering in post-delivery mode as you do, then
nothing prevents the transmitter from delivering hundreds of spams
to your server and users. This takes a lot of machine load to
The more pre-delivery filtering that you can do the less the load.
If you blacklist by IP address then when the transmitter hits your
server, if it's on a blacklist then not a single one of it's spams
gets delivered, and your system spends 0 CPU time in post-processing
(ie: stuff like virus scanning, content scanning, etc.)
>From the users point of view, whether you pre-filter or post-filter,
the amount of mail tagged as spam or blocked as spam doesen't change.
But the load on the server for pre-filtering is far less than for
post-filtering. That is obvious to anyone who takes the time to
understand how mail works.
>> I've never been a fan of post-filters for this reason. For some
>> kinds of filtering - like content filtering for example - that
>> is the only way you can do it. But I think it the height of
>> strangeness when SA checks blacklists and such to assign scores.
>> If they really cared about spamfiltering, they would use the
>> IP blacklists in the way they are intended - to block access
>> completely to the spammer, not even let them connect to the
>> server at all. The mail that SA is assigning scores on based on
>> an IP blacklist shouldn't even be in the SA filter to begin with.
>People do that and discover they have blocked paying customers and
>the like. If you are going to raw block on black lists at least
>setup a scoring system that has some wide testing behind it.
You are utterly full of bullcrap. In the last 3 years that the ISP
I work at has used blacklists, we have had a grand total of ONE
customer complain. This is on a server with tens of thousands of
mailboxes and hundreds of domains. And our blacklists are set so that
if they reject mail, a complete error message is included as to why
they are being blacklisted.
In fact, not only have we only had 1 customer complain, we have had
DOZENS of adminstrators of OTHER domains thank us profusely for
helping them to find mass-mailer robots that have been operating
without their knowledge behind their mailservers. I've had guys
tell me that they have been having many complaints from their own
users for weeks about mail not being delivered, and we were the
first ones that told them that not only were they on all the major
blacklists, but what those lists were and why they were on them.
I never expected to train corporate admins how to run their own
mailservers when we instituted IP blacklists, but that is what
has happened. I even got a call from a competitive ISP once that
was on a number of blacklists and didn't know it, if you can
Modern blacklist servers that are run right are very sophisticated
as to how they detect spammers and are very good at doing it. The
incidence of false positives on a well-run blacklist server is in
the hundred thousands of 1 percent. That is why so many of them have
been regularly DDoSed by spammers - because they are effective. You just
got to know which ones are run right.
>>>> Denying the spam before it's even accepted into the server is a
>>>> much better way. Unfortunately, a content filter means you have to
>>>If you can make fetchmail do that you're pretty clever, kemo sabe.
>> No, but I can replace the Rube Goldberg fetchmail arraingement your
>> using with a real mailserver that is on the Internet all the time
>> and can make use of blacklist servers and such.
>> And yes, I'm just as good at making smart-alecky comments as you
>> are. Probably better at it, actually. Do you want to knock it
>> off and go back to the technical merits discussion now? ;-)
>I happen to put a priority on other things. "Good enough is
Translation: you got a cheap hack working, and your fat, dumb and
happy about it.
Funny how people like you that claim to be proud of being mediocre,
are the loudest screamers when they go to the hospital and the
doctor says to them "Well, here's some aspirin, that's good enough
for your broken foot"
More information about the freebsd-questions