1 policyd-weight and some unorthodox approaches to eliminating spam LinuxForum 2007 Copenhagen, 03. March 2007
2 policyd-weight by Robert Felber 1 policyd-weight by Robert Felber What does it do?... and why should I use that? Using it 2 The market leader approach The SSL/TLS approach The theoretician approach The appliance The global solution It s hell...
3 ... and why should I use that? Perl policy daemon for the Postfix MTA (2.1 and later) intended to eliminate forged envelope senders and HELOs (e.g. in bogus mails) runs before any queueing is done score based on RBLs, RHSBLs, HELO, MAIL FROM and client IP address it allows you to REJECT messages which have a score higher than allowed it caches the most frequent client/sender combinations to reduce the number of DNS queries
4 ... and why should I use that? Why, Chandler, why? Postfix built-in checks can be too tough for poorly configured clients: one hit, and the mail gets rejected.
5 ... and why should I use that? Fairness policyd-weight is designed to be fair: DynDNS MX users get through if their MTA is setup properly, even if their ISP net is listed in a DUL because its decisions whether to reject or accept a mail is based on multiple factors.
6 Using it Running it Check the defaults: /path/to/policyd-weight defaults Review config: $EDITOR /path/to/policyd-weight.conf Start it: /path/to/policyd-weight start
7 Using it Make Postfix use it smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination,... whitelists... check_policy_service inet: :12525
8 Using it Checking the logs Mar 2 22:32:01 outpost postfix/smtpd: NOQUEUE: reject: RCPT from unknown[ ]: Recipient address rejected: Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: , MTA hostname: unknown[ ] (helo/hostname mismatch); proto=esmtp helo=< >
9 Using it Trust no-one $ host Host in-addr.arpa not found: 3(NXDOMAIN) That IP is listed in: BLARS NJABL PSBL dnsbl-2.uceprotect.net
11 The market leader approach The mail server is not working. Keep Outlook closed.
12 The market leader approach Try to see the bright side:
13 The market leader approach No spam! No false positives either!!
14 The SSL/TLS approach activate opportunistic STARTTLS encryption (smtpd_use_tls = yes) watch the amount of legitimate mail decrease But why is that?
15 The SSL/TLS approach Some servers want to use STARTTLS...
16 The SSL/TLS approach... but can t, since...
17 The SSL/TLS approach... the admin forgot to install a x.509 certificate!
18 The SSL/TLS approach STUPID!
19 The SSL/TLS approach It works the other way round as well!
20 The SSL/TLS approach You can t send mail there since your server wants to use STARTTLS but can t, since...
21 The SSL/TLS approach... the other admin forgot to install a x.509 certificate
22 The SSL/TLS approach STUPID!
23 The SSL/TLS approach Which braindead software allows the use of STARTTLS without a x.509 certificate?
24 The SSL/TLS approach It was a patched qmail installation.
25 The theoretician approach I ve got the perfect system. I never need to do maintenance on it, or software upgrades, patches, or anything. It s great. It never wakes me up, spammed, or gets hacked into. It s completely perfect. That was the first step in my plan to build the perfect Postfix system.
26 The theoretician approach The second step is to plug it in.
27 The appliance The appliance
28 The global solution Satellite Orbital Laser Use GeoIP to find the origin of the spam, then nuke the site from orbit. The Japanese military will help if asked nicely!
CIPHERMAIL EMAIL ENCRYPTION Ciphermail Gateway Administration Guide September 23, 2014, Rev: 9112 Copyright 2008-2014, ciphermail.com. Acknowledgements: Thanks goes out to Andreas Hödle for feedback. CONTENTS
39 Anti Spam Best Practices Anti Spam Engine: Time-Tested Scanning An IceWarp White Paper October 2008 www.icewarp.com 40 Background The proliferation of spam will increase. That is a fact. Secure Computing
JangoMail Tutorial Mastering the JangoMail Messages Tool With JangoMail, you can compose and send your messages from the section labeled, Messages. Start by clicking Messages in the navigation bar. Click
The Beginner s Guide to G-Lock WPNewsman Plugin for WordPress: Installation and Configuration Summary G-Lock WPNewsman is a nice WordPress plugin for collecting subscribers using the confirmed opt-in method
Net Integration Technologies, Inc. http://www.net itech.com Net Integrator Firewall Technical Overview Version 1.00 TABLE OF CONTENTS 1 Introduction...1 2 Firewall Architecture...2 2.1 The Life of a Packet...2
MODEL ATC-2004 TCP/IP TO RS-232/422/485 CONVERTER User s Manual 1.1 Introduction The ATC-2004 is a 4 Port RS232/RS485 to TCP/IP converter integrated with a robust system and network management features
Manual POLICY PATROL EMAIL MAIL SECURITY MANUAL Policy Patrol Email Mail Security This manual, and the software described in this manual, are copyrighted. No part of this manual or the described software
Cisco Secure PIX Firewall with Two Routers Configuration Example Document ID: 15244 Interactive: This document offers customized analysis of your Cisco device. Contents Introduction Prerequisites Requirements
Version 1.0 Date: Author: PCI Security Standards Council Executive Summary The time to migrate is now. For over 20 years Secure Sockets Layer (SSL) has been in the market as one of the most widely-used
E-Mail Campaign Manager 2.0 Marketer's Guide Rev: 2014-06-11 E-Mail Campaign Manager 2.0 for Sitecore CMS 6.6 Marketer's Guide User guide for marketing analysts and business users Table of Contents Chapter
June 17, 2013 Web Mail Guide Version 5.0.1 Client Services Table of Contents 1 Introduction to Web Mail... 4 1.1 Requirements... 4 1.2 Recommendations for using Web Mail... 4 1.3 Accessing your Web Mail...
GFI White Paper How to keep spam off your network What features to look for in anti-spam technology A buyer s guide to anti-spam software, this white paper highlights the key features to look for in anti-spam
Powered by Table of Contents Web Mail Guide... Error! Bookmark not defined. 1 Introduction to Web Mail... 4 1.1 Requirements... 4 1.2 Recommendations for using Web Mail... 4 1.3 Accessing your Web Mail...
Office NAS 3.5 IDE/SATA Network Attached Storage Model # ANAS350 User s Manual Ver. 2.3 Table of Contents 1. Introduction... 3 1.1 Package Contents... 3 1.2 Features... 3 1.3 NAS Diagram... 4 2. Hard Drive
Email-Encryption with business partners Date: 02. November 2006 Document type: User description Version: 1.2 Author: Volker Gebhard, Redaktionsteam WG PKI cio.siemens.com Table of contents: 1. Intention
GE Measurement & Control Remote Comms System Installation and User Reference Guide Contents BENEFITS OF REMOTE COMMS SYSTEM... 1 HOW THE REMOTE COMMS SYSTEM WORKS... 3 COMPONENTS OF REMOTE COMMS SYSTEM...
Iomega EZ Media and Backup Center User Guide Table of Contents Setting up Your Device... 1 Setup Overview... 1 Set up My Iomega StorCenter If It's Not Discovered... 2 Discovering with Iomega Storage Manager...
Use of Amount Only Flags in ARC Guidance In an effort to provide assistance in the use of the Amount Only option when processing requisitions in ARC, the below guidance is provided. The use of this option
CHAPTER 6 Setting up Support for CiscoWorks ANI Server The CiscoWorks Server includes tools required to properly set up the server to support other CiscoWorks applications. These features include: Configuring
FREQUENTLY ASKED QUESTIONS ABOUT: RETIREE PRESCRIPTION DRUG COVERAGE & THE NEW MEDICARE PRESCRIPTION DRUG COVERAGE SIntroduction Starting January 1, 2006, Medicare prescription drug coverage will be available
Version 1.0 01/15/2013 User Manual Wireless N H.264 Day/Night Network Camera DCS-933L Manual Overview D-Link reserves the right to revise this publication and to make changes in the content hereof without