FairUCE - the Smart Email Proxy 333
Jestrzcap writes "This just posted on Freshmeat: FairUCE (which stands for 'Fair use of Unsolicited Commercial Email') is an SMTP proxy, running between multiple instances of Postfix, that verifies email by attempting to verify the sender through lookups (a user customized challenge/response). It claims to be able to 'stop a vast majority of spam' without the need for content filters, and 'virtually eliminates spoofed addresses, phishing, and even many viruses with a few cached DNS look-ups and a couple of if/then statements'."
Will it be better than milter-sender? (Score:5, Informative)
Re:Will it be better than milter-sender? (Score:3, Informative)
relays.ordb.org - http://www.ordb.org/ [ordb.org]
I also added ClamAV [clamav.net] with the clamav-milter. That's eliminated all of the viruses that I used to get, although it does nothing for the virus warning messages I get from poorly administrated mail servers out there. Before I added ClamAV I was using the Virus Snaggers [spamless.us] procmail package which was great at catching a lot of that stuff.combined.njabl.org - http://www.njabl.org/ [njabl.org]
list.dsbl.org - http://dsbl.org [dsbl.org]
BTW, I use this procmail rule to catch all of the DSNs I get and stuff them in a mbox rather than having them clutter my inbox. I didn't write this and I forget who did. I think I got it from a post here on Slashdot sometime in the last year. To whoever wrote this, thanks.
Re:Naive at best (Score:2, Informative)
Re:forward and reverse (Score:5, Informative)
The reverse DNS for email is NOT for determining a match between the sender email address domain, and the server itself. All that needs to match is the hostname of the mail server itself, thus identifying who administers it (not necessarily who gets to use it). If the ISP administers the mail server, then the hostname in the PTR record of the appropriate in-addr.arpa zone will be a unique name in an ISP domain. The forward lookup then prevents forged PTR records by making sure the domain owner acknowledges that name belongs to that IP address.
While most ISPs do have reverse DNS on their mail servers, when you focus on just the servers that spam houses run from, this changes over to most do not. But what would really happen if everyone blocked on lack of matching rDNS is that the spammers would adapt and use it. Then we'd know what domain they are using. But many of them are now registering bulk volumes of domain names (if you're making a million dollars a month abusing other people's networks, registering 100 randomly generated domains a month is just a tiny cost of business).
It gets better! (Score:3, Informative)
Re:Naive at best (Score:5, Informative)
There is no reason to have port 25 open outbound on anything but the ISP's authorized SMTP servers. None whatsoever iin this day and age, except the convenience of people who like to run their own mail servers. Unfortunately, with the massive number of zombied and badly run home SMTP servers, most outbound SMTP from ISP users that does not go directly to their ISP's SMTP server for delivery as mail from that ISP is in fact spam or email worms.
So yes, it needs to be blocked outbound. You simply need to use SMTPAUTH on the road to get your email to your own ISP's SMTP server over port 587. Problem solved.
Re:So... (Score:3, Informative)
No, that's "Sender". From RFC 2822 [faqs.org]:
The "From:" field specifies the author(s) of the message, that is, the mailbox(es) of the person(s) or system(s) responsible for the writing of the message. The "Sender:" field specifies the mailbox of the agent responsible for the actual transmission of the message.
Re:Yet another challenge/response system: *yawn* (Score:5, Informative)
I've been using Challenge/Response for nearly 3 years. And I disagree with your critiques. Let's take this point by point:
- Users hate them: There is a kernel of truth to this. Some users do hate them. Those users hate challenge/response so much that they instigate fights. They submit their IP addresses to RBLs for blacklisting. These are a very annoying, and vocal MINORITY. By far most users are agnostic. They deal with the challenge once and then they're done.
- automated systems can't get past them: Again, there's a kernel of truth here. If you have badly configured your C/R you're going to be in trouble. But a properly configured C/R has absolutely no problems.
- they're almost always subverted: Really? In the last month I've had over 4000 pieces of email delivered to me from unknown addresses. Only 10 of those have been confirmed. Of the ones that were confirmed 2 of them were spam. This was easily remidied by removing those 2 addresses from my whitelist and adding them to my blacklist.
- never will gain the acceptance of the user community enough to become effective: While C/R may never gain the acceptance of the user community, I don't think it's for the reasons that you cited. I think the reason is that it's too hard to set up correctly. But that being said, it doesn't need the acceptance of the user community to be effective. It works for me today whether or not you use it.
IMHO, what you don't know about C/R is quite large.I use TMDA [tmda.net]. I've got it configured so that any email I send to unknown addresses will be allowed to respond for 7 days. After that, they go into C/R. For my bill pay services, I give them a special address that allows them in forever, but that's tied to them so that I'll know if they ever hand it out to someone else.
Personally, I think it'd be better if the entire world started using C/R. It'd be better because then everyone would understand that sending email to an unknown party involves a formal introduction process. This would cut down on the number of people who get confused when they receive a challenge. But if this doesn't happen it's not that big a deal. The number of confused people is already small.
Re:"With over 150 public blocklists out there" (Score:3, Informative)
Similarly, responsible blacklists will demand credible evidence before listing a domain as a spam source.
Could you name names, i.e. the blacklists that you have encountered that are not being responsible?
This increases mail/work to administrators though (Score:3, Informative)
If you implement these, remember you get e-mail from more then just friends you know. Lets see, last week alone, I got 5 messages from companies like Dell from working on issues with them, and none of them are in my address book.
The proper solution is to ensure the outside world sees no difference unless it is spam. I never give my full address to a company, instead I use the postfix feature where anything after _ is ignored. Then I create a one letter alias for me to keep them short. If I get a lot of e-mail, it makes server side filtering into my IMap folders easy. And if one address gets hit by spam, I then block it on the server. It works well, and doesn't inconvenience the people e-mailing me.
"Thank you or ringing my doorbell. I am currently home, but did not hear the doorbell. To properly ring it, please run around my house, braving the dogs in back, and use the doorbell located next to the cat door on the deck. Then I might care enough to see who you are and let you in."
Re:Yet another challenge/response system: *yawn* (Score:3, Informative)
Yeah, but sometimes agressive spam filters accidentally filter legit mail. You may still be missing out on freelance opportunites thanks to your agressive spam filter.
Re:Problem though (Score:3, Informative)
By properly configuring the C/R system. [tmda.net]
Re:Challenge Response Spam (Score:3, Informative)
Here [securitysage.com] you go.