Postfix's Creator Outlines Spam Solution 253
SATAN writes "Wietse Venema started out as a physicist, but became interested in the security of the programs he wrote to control his physics experiments. He went on to create several well-known network and security tools, including the Security Administrator's Tool for Analyzing Networks (SATAN) and The Coroner's Toolkit with Dan Farmer. He is also the creator of the popular MTA Postfix and TCP Wrapper.
SecurityFocus chatted up Venema to talk about software security, how to improve the code quality, what solutions we might have to fight spam successfully, the principle of least privilege, and the philosophy behind the design of Postfix. Venema is currently a researcher at IBM's T.J. Watson Research Center."
It's easy (Score:5, Insightful)
Just get everyone to sign their mail including companies that send you receipts and opted in spam.
I would be happy if I could reject any mail that is not digitally signed and then manage the signed mail by signature.
Re:It's easy (Score:5, Insightful)
Not only does that action give spammers income, it is the #1 vector for the spread of botnets.....
Re:It's easy (Score:5, Insightful)
Dude, if we could get everyone to do something then there would be a super easy way to stop SPAM: namely get everyone to stop clicking on stupid shit. Not only does that action give spammers income, it is the #1 vector for the spread of botnets.....
Actually, it doesn't give spammers income. Spammers don't care if you click the links. By the time you're deciding whether or not to click, the spammer has already done his job and made his money.
If you think not clicking links is gonna convince all the get-rich-quick scheming fools to stop paying spammers to send their crap then you sadly underestimate the supply of fools.
Re: (Score:2)
It wouldn't have to stop all of them. A 70% reduction in spam would be a wonderful thing.
Re:It's easy (Score:5, Interesting)
As a big fan of signed e-mail, I see something like this:
Anything signed by someone I trust, arrives in my inbox. Anything signed but not by someone I trust, goes into a holding box from which I can fish e-mails I want. Anything not signed, or with a corrupted signature is rejected as unacceptable at the MTA level.
Now, anything arriving in my inbox can only be spam if someone I know has a hacked system, which should be rare AND I can contact them to tell them to fix it, because I know who it is from the signature (unlike e-mail viruses that could be practically anyone I know). This means that I know when I get e-mail in my inbox, it's worth me looking at.
Unexpected e-mails are still an issue, and may get lost, but frankly that happens anyway (I get somewhere over 200 spam per day, only a couple of dozen of which make it through enough filters for me to even glance at the subject line).
Filtering could be multi-stage, too; regular inbox for trusted people, a secondary inbox for people who I have been introduced to (for example, by a mailing list), then signed but unrecognised, and then everything else.
Re: (Score:2, Informative)
Re:It's easy (Score:4, Informative)
That's because there's very little actual use of SPF. I can do with it X.509 certs (Thawte do free e-mail certs at https://www.thawte.com/secure-email/personal-email-certificates/index.html [thawte.com] - highly recommended), or GPG, as well, but the problem is getting uptake high enough for it to work.
Re: (Score:2, Insightful)
Re:It's easy (Score:5, Insightful)
Maybe not solve, but I imagine most people get the vast majority of their e-mail, and ALL critical e-mail, from people they know in advance. This means that "uncertain" e-mail can be ignored safely for significant lengths of time, confident in the knowledge that if your boss e-mails you, you'll still get notification ASAP.
Make sense?
Re: (Score:2, Funny)
Re: (Score:2)
Customer support centres are going to get spam, nothing to be done about that, BUT it dealing with e-mail doesn't interrupt what they're doing, it IS what they're doing. On the other hand, if I'm coding and see the "Hey, you got e-mail" thing wave, I generally want to check it soonish to make sure it's nothing critical, which interrupts what I am doing.
Contract companies are about the worst case scenario, however that doesn't mean MOST people wouldn't benefit.
Re: (Score:3, Insightful)
I work for a scientific consultancy, and they receive a lot of their email from people they've not received anything from before.
Also, in regards to your "Hey, you got e-mail" thing wave , you can turn that off you know. Most dev shops I've worked at recommended at least 2 hours a day no email time, and during project crunch times all email would be off. Period.
Re: (Score:2)
Re: (Score:3, Interesting)
That's not exactly a solution to the problem. I think we all agree that doing customer support through a web form sucks.
Re: (Score:2)
That makes sense most of the time.
Except when you are looking for a job.
ft
Re: (Score:2, Funny)
LoL
d00d, you are so going to miss out on big cash hand-outs from Nigerian families...
Re: (Score:2)
Possibly it's mostly an issue because I get so much spam, but the most useful people for me to whitelist (work addresses) spammers frequently use to e-mail me, presumably because they figure they're on the same domain and there's a good chance I'll have whitelisted them.
Re: (Score:2)
That's interesting, and something I hadn't heard much of before now. In fact, I can't recall ever hearing about someone receiving spam spoofed from someone they know except when the someone's computer was compromised. And digital signatures won't help, in that case (what, you think that the person isn't going to check, "Save the password to my digital signature?"
I don't think there's a solution to the spam problem--at least, not with e-mail as we know it. Any time you need to accept pseudo-anonymous conn
Re: (Score:3, Insightful)
> what, you think that the person isn't going to check, "Save the password to my digital signature?"
I haven't. Erm. Yeah, totally agreed, most people will check that box :) Well, in reality, I think most people will pull the password off it, but same net result.
Re: (Score:3, Insightful)
If you receive most of your email from people you know then this helps, as their emails can go directly as authenticated into the inbox. You would receive emails from new addresses in an unknown box, where once only for each address you would have to decide whether it was spam or not.
Id does not cure spam 100% but for most people it improves things.
Re: (Score:2)
If the email from the stranger is properly signed, then you look at it. If it is not spam, then you mark the sender as someone you trust. If it is spam, then you mark the sender as a spammer, and further messages from that identity are rejected. Spammers cannot afford to make a new key pair for every spam and ensure that the public key gets to the PKI that you use to validate messages.
Of course, there are challenges -- users misconfiguring their keys, the PKIs not being available, the PKIs themselves bei
Re: (Score:3, Interesting)
The PGP web of trust or a hierarchical PKI solves the spam problem. People will revoke their trust in a key used for spamming, and be much less likely to trust a key from the same person again, and Verisign and other companies will stop issuing certificates to entities that send spam.
Obviously some spam will be generated because it's always necessary for new people to enter the trust network, but ultimately there will form a core group of trust or certificates that never send any spam because they're trust
Re: (Score:3, Interesting)
Let's not forget that using firefox with FireGPG you can sign anything, including a forum post (although the lameness filter will, of course, filter it out so it doesn't work so you'll have to use a site less lame than slashdot if you want to sign your comments. It also has gmail integration, which works very nicely thank you.
Re: (Score:3, Informative)
Re: (Score:3, Interesting)
That used to be true. postgrey worked great for about 6 months, it no longer does much as the spammers adapted.
Re: (Score:3, Interesting)
I just implemented on my home email system and it cut spam remarkably. For me, this means somewhere around 10 a week, where I was seeing somewhere around 25 a day.
Re:It's easy (Score:5, Informative)
No greylisting implementation that I know of requires the sender to do anything special to "validate" their e-mail. What you are thinking of is a challenge-response system, and those suck because they create blowback spam.
Greylisting works on the principle that most spam comes from systems that don't follow RFC because they do not retry if they receive a temporary error. The MTA with the greylisting implmentation always returns a temporary "4xx" error code for any e-mail with a "new" sender/recipient/source IP triple and stores the information in a database. The greylist server keeps returning a temporary error for anything that matches this tuple for the configured timeout (usually about 5 minutes). After that, it lets the connection through as normal (where other anti-spam measures may be taken).
This stops most bot networks from sending spam. It still works remarkably well, as I only use that and SpamAssassin with a reject score of 10, and I see about 1-2 spam e-mails per week.
Re: (Score:2)
Ah, but luckily, you probably don't need to white list yourself. If you do send yourself e-mail frequently, you could pretty easily require that mail from yourself be cryptographically signed. Unless your key gets hijacked, you're safe.
Proof of Work (Score:3, Interesting)
I am inclined white list and then require a Proof of Work to bring any message not on the white list to my attention without error prone automated spam checking. When possible, reject at the smtp level of course to avoid relying on the easily forged headers and provide immediate feedback.
Unfortunately, no Proof of Work authentication systems are available yet.
Re: (Score:3, Insightful)
Re: (Score:2)
That's a interesting point. If the signing keys were managed by a third party, and we could blacklist self-signed keys, then such a system might work out. That said, I don't know many non-techies that would want to pay yearly for a signing key just to send e-mail. Worse, you'd certainly see spammers getting multiple keys under fake names, so I'm not sure that this would do much at all.
Will Not Work (Score:4, Funny)
Your post advocates a
(x) technical (x) legislative (x) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
(x) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
(x) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
(x) Microsoft will not put up with it
(x) The police will not put up with it
(x) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(x) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
(x) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
(x) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
(x) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
(x) Joe jobs and/or identity theft
(x) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(x) Dishonesty on the part of spammers themselves
(x) Bandwidth costs that are unaffected by client filtering
(x) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(x) Blacklists suck
(x) Whitelists suck
(x) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
( ) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(x) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Not only that. (Score:5, Interesting)
From TFA:
I use Exim4 as a pre-processor for a GroupWise system.
This allows me to reject messages during the SMTP connection (no receive and then bounce back) and I have customized the rejection messages to include my phone number. As long as YOUR email admin handles error messages in any sane way, you'll get a phone number to call and talk to the guy who set up the system that rejected your email. I get a call about every other month now.
The real problem is not "aggressive anti-spam/virus measures".
It is that 80%+ of the inbound connections are spam-related. So just about ANY action taken will reduce the amount of spam. But the email admins still need to continually evaluate their processes.
Re:Not only that. (Score:4, Insightful)
I think he is talking about reliability in that every email sent gets to its destination. Right now, email can be blocked as spam. It doesn't matter whether you do the blocking at the SMTP level or not, it is still being blocked including some legitimate emails. If legitimate email is being blocked for any reason, it means the service is not reliable. Your caveat "As long as YOUR email admin handles error messages in any sane way" doesn't solve anything since the person sending the email is usually not responsible for how their email server is configured. Meaning that for them, the service is either reliable or it isn't. This ultimately means that if someone's legitimate email gets blocked by you/your server for some erroneous reason, that your email server is not reliable, and less so than in 1998. The article is saying our current anti spam counter measures are what is making email less reliable.
Re: (Score:2)
It doesn't matter whether you do the blocking at the SMTP level or not, it is still being blocked including some legitimate emails. If legitimate email is being blocked for any reason, it means the service is not reliable.
You misunderstand the term "reliable" as it applies to networking.
TCP is called "reliable" and is said to "guarantee delivery". This is not true. TCP merely guarantees that if it was not delivered, the client program knows it was not delivered. SMTP behaves in exactly the same way.
So, the key is to block at the SMTP level, which guarantees that the real sending server gets an error message. If that sending server is legitimate (e.g., a GMail server), then the error message is passed along to the origina
Re: (Score:3, Informative)
(x) No one will be able to find the guy or collect the money - If the signature doesn't validate, the message never even gets to your inbox. Yeah, people can still send bogus-signature messages, but they wouldn't get to anyone.
(x) It is defenseless against brute force attacks - Of what nature? Few organizations on this planet have the resources to brute force a valid bogus dig
Re: (Score:2, Insightful)
How do digital signatures allow easy harvesting of email addresses?
Certificates must be centrally stored or related to a trusted central authority. With this, you only have to break that central authority to get all the valid e-mail addresses. In addition, if all e-mail had to be signed, then people wouldn't be able to use throwaway e-mail addresses as easily, so every "give us your e-mail" would mean that a valid e-mail address was being harvested.
Few organizations on this planet have the resources to brute force a valid bogus digital signature, and no one can do it on the sort of scale you'd need to send spam.
You are thinking about forging e-mail, which isn't the problem. Spam could have a valid signature without being from someon
Re: (Score:3, Interesting)
False, there are multiple standards for signing email. Certificate signatures are only one method, GPG is also used.
A larger concern is that once someone's computer is infected with a spambot you get their key.
Re: (Score:2, Funny)
(x) Greylists suck as well
Re: (Score:2)
Greylists suck more than whitelists (of which they're just a clever automated variation, after all).
I'm not a spammer, but I've fought lots of spam. To do so effectively, you need to know the weaknesses of different techniques as well as their strengths. To catch a spammer, think like a spammer. So here are a few of the many issues greylisting has that I find pretty funny.
Want to really have fun screwing with a mail server? Find two greylisting recipients on the server. Send a message to one "from" the othe
Re: (Score:2)
It gets fun when two greylisting servers start talking to each other..
Server 1: Hello
Server 2: Go away for 5 minutes then come back to me
Server 1: Go away for 5 minutes then come back to me
Server 2: WTF? I said 5 minutes!
Server 2: WTF? I said 5 minutes!
etc.
etc.
I kept two servers talking for *3 days* like that..
Re: (Score:2)
Just say it.
(x) lists suck
Re: (Score:2)
Best. Post. Ever.
V for Venema (Score:4, Funny)
I lost a lot of respect for Wietse Venema (Score:5, Interesting)
...once I started reading his replies on the postfix-user mailing list. He's extremely blunt. While many are VERY helpful and detailed, a number are a sentence or two long that, paraphrased, consist of "you're an idiot."
However, he's nothing compared to Victor Duchovni (who works for Morgan Stanley, and is a major poster on the postfix-users list). His signature, and I'm not making this up:
Yeah, you read that right. 11 lines long...and this asshole thinks he's so fucking important, he lectures you about how to thank him so he can delete your acknowledgment/thank you as quickly as possible. He's often more willing to insult than help, and on numerous occasions, comes to the wrong conclusion. Worse still, he often presents his solution with complete authority and confidence, putting the helpless user on a primrose path.
Re:I lost a lot of respect for Wietse Venema (Score:4, Interesting)
errr maybe he is... I mean important. If someone has specific and in depth knowledge and spends time helping the less knowledgeable, being an asshole sometimes come with the territory.
Re: (Score:3, Funny)
Slashdot itself is proof enough of that.
Re:I lost a lot of respect for Wietse Venema (Score:5, Insightful)
Actually, if someone deals with the unwashed masses regularly, it might be a good idea to learn some manners and/or diplomacy. There's no excuse for being an asshole, not even being ridiculously intelligent and having to deal with real idiots. Everyone has stress in their lives, and it's like geniuses can't be bothered to deal with it gracefully. Quietly ignoring the "it works, thanks" e-mail saves just as much time, without alienating the person with his first response.
Re:I lost a lot of respect for Wietse Venema (Score:4, Insightful)
Re:I lost a lot of respect for Wietse Venema (Score:5, Insightful)
For some reason many people prefer to have polite, useless help than have someone who directly solves their problem without a bunch of extra words on the side. It boggles the mind, and it's a large part of why I significantly curtailed the time I spend helping people work through their problems. For some reason, a whole lot of people with questions get angry with people who ask things like "what are you actually trying to do here?" or who tell them that their whole approach is wrong, but are perfectly fine with people who go along answering questions politely and wrongly for dozens of messages.
Re: (Score:3, Insightful)
Re: (Score:2)
Your post reinforces the polite-but-wrong genre of responses.
--
gnick
Disclaimer: A/C replies get ignored.
If this post helped you to understand why you missed the point, the best way to thank me is to not send an "it worked, thanks" response. If you must respond, please put "It worked, thanks" in the "Subject" and post as A/C so I can ignore them without inconvenience.
Re: (Score:3, Insightful)
The problem is that they take direct talk for insults, and direct answers for patronizing. People come onto these lists with the attitude that they're smarter than everyone, yet somehow they still need help. If your question is wrong then it's in everybody's best interests if someone points out that the question is wrong and guides you on how to approach things better, and it's in nobody's best interests to take it at face value and be happy and polite while leading you both into darkness.
Re: (Score:2, Insightful)
Re:I lost a lot of respect for Wietse Venema (Score:5, Insightful)
Re: (Score:3, Insightful)
Re:I lost a lot of respect for Wietse Venema (Score:4, Informative)
The "flowery" thank-you follow-ups you speak of are actually the norm, not vise-versa. On the Sun Managers list, it was EXPECTED that you post a follow-up to your question, explaining what responses you received, what was correct, what you learned, and who to acknowledge for responding and providing correct solutions. It's the de-facto standard on other lists I'm on, though not to as great a degree. It's a user community, not a help-desk queue.
Victor thinks he's so important that he can demand people not extend the courtesy of saying thank you in exactly the way he wants it, because it wastes his precision brainpower and precious seconds to have to read the message body to see whether to hit the "delete" key. If that's not unbridled arrogance, I don't know what is. I'd be willing to bet he doesn't even do that- I bet he's got a rule that deletes any message with "thank you" in the subject.
The funny thing is, I've seen a couple of Postfix-users posters specifically go out of their way to thank him, not put "thank you" in the subject line, AND cc the list. It's delicious.
Re:I lost a lot of respect for Wietse Venema (Score:4, Funny)
Re: (Score:2)
Hey I just thought I'd drop you a follow-up post to say, yeah thanks, for your post. cheers now, have a nice day.
Re: (Score:2)
Yeah, that's a terrible quality. Much better to be nice to people and not provide useful information.
While many are VERY helpful and detailed, a number are a sentence or two long that, paraphrased, consist of "you're an idiot."
There's a critical piece of data missing: were those posters, in fact, asking idiotic questions?
Oh, and Viktor makes an altogether non-arduous request of people he's already helped, albeit in a brusque manner - I'm burning with outrage.
Phone sex op
Re: (Score:3, Insightful)
If you don't get the "it worked" follow-ups to the list, others looking through the list archives trying to resolve the same issue don't know whether a) the proposed solution really worked, or b) the person just gave up or resolved it another way. It's unfortunate that Viktor doesn't understand confirmed answers are therefore useful for reducing his long-term support workload.
Re:I lost a lot of respect for Wietse Venema (Score:4, Informative)
He's extremely blunt.
In his defense: He's also Dutch and male. You could say he is double handicapped. (Most Dutchmen, like me, are not very politically correct. It's a cultural thing that tends to offend those not in the know)
Hey, CmdrThicko is it .... (Score:2)
Postifix, Postifx or Postfix? Make your mind up !
Just use gmail (Score:2)
I dunno what google do, but I get about 1 spam per 3 days on an account that receives about 50 messages a day.
My work MS exchange address with the latest anti-spam stuff gets about 10 spams per day with the same legitimate email rate.
Without anti-spam I get about 200 spams a day at work.
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2)
But "just using gmail" is a good simplification of it... just let someone else worry about your problem.
Re:Just use gmail (Score:5, Insightful)
The pull model really isn't a good idea, because that is what spammers are already trying to get people to do. They want you to open the email and click the link. A pull model just makes that automatic. Not to mention all the marketing people (pseudo-spammers) that would just love to know which of their recipients actually look at their emails, and how long they look at them, etc. I already get mailings (alumni stuff, etc) that are just links to a web page where I can read the actual letter.
And of course, "just use gmail" isn't really a solution. It only works until someone figures out how to get through gmail's filters, or Google really sells out and starts allowing select "partners" to advertise to members directly. Though there is some irony in the idea that you can avoid email advertising by using a system that has ads in the email viewer. I'm not saying anything bad about Google or gmail, just pointing out the irony :)
Re: (Score:2)
If programming was a million times more difficult (Score:3, Interesting)
We wouldn't have fewer people interested in it, we would just have a million times more bugs or one millionth the number of programs available.
Just because it is more difficult doesn't mean the people attempting it are going to do a better job at it. Flying men into outer space is difficult, just because flying men to Jupiter is a million times more difficult doesn't mean the approach we create will be more successful at it.
If anything, programming needs to be easier, so more people would do it then we could have more solutions to choose from. A parallel brute force approach with selection can produce better solutions for everybody.
Re:If programming was a million times more difficu (Score:2)
Certainly where programming is more difficult, those doing the programming can make more mistakes. But this rise in mistakes is not in proportion to increase in difficulty for the top programmers that would remain. The real serious impact of increased difficulty is that less programming would get done. The difficulty referred to is more about the entry barrier to programming, rather than the work itself. But anything that would slow down the programmer and make them think about what they were doing is a
My Solution to Spam? (Score:4, Funny)
Spam Assassin.
No, not the program of the same name, an actual assassin that kills spammers, CEOs of companies that use SPAM etc.
And if he has some extra time, assassinate some of the Wall Street Pirates responsible for the mess we're in.
I suggest 1 Trillion Dollars as a bounty, since the Government is handing money out like candy.
Still waiting for a "one solution" email product (Score:2, Insightful)
I wish the Linux platform had a "one solution" product for these services. The services pegged to Postfix that I am talking about include: -
Mailman/Mailing Lists, Autoresponders, Greylisting, POP3/IMAP, unlimited domains, Sender Policy Framework (SPF), per-user filtering, per-domain policy rules, ClamAV virus, Filtering and Spamassassin Spam Filtering.
Getting these to flawlessly get set-up from scratch is a feat in itself. Why don't we have such a product? I am no coder so I cannot do much except reporting
Re: (Score:2)
Because that's not the Linux/Unix way.
And because everything eventually touches mail so that means everything would have to be integrated into "one solution".
Not at all (Score:2)
...And because everything eventually touches mail so that means everything would have to be integrated into "one solution"...
Who said that? OK...why not provide such a product for those that want it? Why? Not every body does things on Unix/Linux "the Unix/Linux way." Do you still install your Linux software from source? Gentoo and Slackware had one of their feet on this route. Have you heard of Gobo Linux? They do their stuff another way...and it's exciting.
Ok, let me ask: What would be the problem with a product being put together like I suggested, with this product working exactly as advertised?
Please provide me an answer...Wh
Re: (Score:2)
Who said people who want to keep the culture and methods of the culture are the same people who keep pushing for universal acceptance?
Keep using Windows, and I'll be working while you're rebooting. That's not a problem for me. It's a problem for you.
Re:Still waiting for a "one solution" email produc (Score:4, Insightful)
Getting these to flawlessly get set-up from scratch is a feat in itself. Why don't we have such a product? I am no coder so I cannot do much except reporting problems.
I imagine a single script a user can run then have all those services running within parameters to be supplied. Linux folks are capable of a lot more so this should not be that difficult.
... because mail IS complicated, and each of these products has its own quirks and gotchas.
Someone who cannot be bothered to read the teeny fraction of relevant documentation necessary to properly set up this software probably has no business administering it (especially on a production network). Since a poorly configured mail server really has the potential to piss thousands of people off around the planet, I'm actually content with the current state of affairs...
P.S. you are looking for a product called Microsoft Exchange. It has nice big buttons you can point and click on. Luckily the costs involved and the presence of an official certification program serve as an effective barrier to entry for most amateur admins.
Re: (Score:2)
Re: (Score:3, Insightful)
One email every 3 seconds is not a difficult task, unless you work for a lawfirm that likes to email around PDF attachments running in excess of 100 MB. Then we'll talk.
-l
Re: (Score:2)
In spite of your tone, I'm drawn to this discussion.
Personally, I would *love* to run my own mail server, but I *know* I'm bound to make a lousy job of it because, as you say, it's complicated as all-getout and only knowledgeable folk should be allowed to operate such machinery. Let Joe User do it and he'll flood the Internet with yet more spam.
The thing is though, this used to be the case, too, for media streaming file servers, setting up X on a BSD box, and so on -- but eventually, solutions cropped up th
E.g. Postgrey (Score:2)
"Postgrey is a program which implements greylisting and is
designed to work with the Postfix MTA."
WWW: http://postgrey.schweikert.ch/ [schweikert.ch]
Available for FreeBSD at freshports ... see, it's not that weird a thought? We just need to make it a more common one.
Re:Still waiting for a "one solution" email produc (Score:2)
I believe the author of Sendmail once said "Sendmail is complex because the world is complex." Now, it probably doesn't have to be as complex as Sendmail, but there will never be a one size fits all solution.
Greylisting (Score:2, Informative)
greylistd is an option, though I haven't tested it thoroughly. For those not familiar with it, greylistd works alongside your MTA and rejects ALL incoming e-mails on their first attempt. On the second attempt after some time has passed*, it accepts the email and whitelists that IP/sender for a user-specified amount of time (defaults to 60 days I believe?).
The idea is that spambots do not attempt to redeliver rejected emails, whereas regular "legit" mail servers do. When an email is greylisted, the MTA se
Re: (Score:2)
Because bouncing spam to the supposed sender who didn't really send it is the optimal solution?
Re: (Score:2)
I have noticed that greylisting isn't quite as effective as it once was, because lots of spammers are actually using real queueing mail senders now.
I haven't noticed a lot of reduction in effectiveness in my homebrew greylisting implementation, but I also temporarily blacklist IPs that send spam or viruses using a exponential scoring system (e.g., send one spam and you get blocked for an hour, send 20 and you get blocked for 16 days, while 100 gets you blocked for a year and half).
Re: (Score:2)
Before implementing any sort of "block" at the mail server level, always make sure that you have a way to whitelist senders to get around the block.
As exceptions occur,
Re: (Score:2)
"Rules"
I generally think that adhering to the RFCs is a good idea. That said, RFCs are not set in stone, nor is there any "rule" that says that they must be followed. Greylisting uses side-effects of RFC adherence to function, but the general rule of accepting things as liberally as possible should still apply. With greylisting, it doesn't.
Also, keep in mind that the older SMTP RFC didn't specify that clients must retry when temporary errors are returned. These servers may be adhering to the older RFC.
I don't see how the pull model helps (Score:3, Interesting)
I've seen a few folks advocate the pull model for email and say that the burden then rests more on the sender than the receiver. I just don't see it.
I'm a spammer sending as much email to as many folks as possible. What would I rather do: send the message itself (let's say it's 2K), or send tiny receipts for a message (let's say 1/2K or less)? Then when the receivers pull their message I send the 2K message. And if I start to get flooded I dynamically reduce the size to 1K or even less? And if I'm slow, I increase the size to 5K or more (pretty pictures, etc).
I don't have to store the content - I can just generate it dynamically. And I can even send a bunch of receipts and change the spam content over time depending on who is paying me and how effective some spam solution is at any given time.
So, seriously, how does the pull method help? It seems to me that it's worse than push.
Re: (Score:2)
Actually, by generating it dynamically you're just taxing CPU cycles instead of disk storage. Disks are cheap.
What you could do, though, is program a mail server that lets every user pull the same single message no matter whether they were even sent the notification it was waiting. Then, just spam the notifications out.
You've effectively just saved the spammer all the bandwidth for customers who don't click on the email.
Also, the pull model means I can spam out notifications for people to check your email p
The real problem (Score:3, Insightful)
This man is a God-Damned genius:
"...The technical arms race will continue unless politicians and law enforcement join the battle with effective measures that work across national borders.
This observation has led me to conclude that the spammers aren't destroying the email infrastructure, it's the well-meaning people with their countermeasures."
Yes! Yes! Yes!
As a system administrator, I can't tell you how many times a failure to receive a customer's e-mail was due to a poorly-configured junk scanner on the customer's network.
And fighting spam is indeed a two-pronged approach. Sysadmins AND politicians need to be proactive about fighting spam. Spam is an issue that affects communications, especially business communications, with unacceptable severity. It's time for politicians to do their fair share.
mentions a few things, but no outline (Score:2)
A lot of things went into the Postfix mail system. Some were already discussed in this interview. It would take a lot of time and space to discuss everything, so I will just mention a few.
The war on spam (Score:2)
The "pull" model for email (Score:2)
The best theoretic solution is to change the email distribution model, but this may never happen. Right now, email is a "push" technology where the sender has most of the control, and where the receiver bears most of the cost. The alternative is to use a "pull" model, where the sender keeps the email message on their own server until the receiver downloads it. For example, when my bank wants to send me email, they would send a short message with an URL to view their mail, and my email software would download the message for me. This assumes of course that my email software recognizes my bank's email digital signature and their Web site's SSL certificate, otherwise we would have a phishing problem. Legacy mail software would tell the user that they have email at their bank, and leave it up to the user to download their email.
The "pull" model would change the economics of email. It would move the bulk of the cost from the receivers where it is now, to the senders where it belongs. No-one would read email if its sender doesn't provide a service where recipients can download it from.
We could go ahead and establish a standard for this pull model. We don't have to suddenly change everything over to the pull model all at once since the asynchronous notification of a message being available would be sent via email. But with such a standard in place, this allows more legitimate senders to start using it, as well as mail agent/client to recognize it. It can be a gradual migration. The notifications would just look like an enclosed URL to an email agent/client that doesn't implement the d
Re:Er...Spellcheck much? (Score:4, Funny)
Little typos like that don't matter. I mean, things work just fine whenever I sign into BankFoAmercia.com. Okay, sometimes the initially login fails, and I have to login at BankOfAmerica.com again, but after that things are fine.
Strange, though, I never can seem to make my paychecks last more than a day or two. Hrm.
Re: (Score:2)
I see why your paychecks never last long enough: you're logging on to BankOfAmerica.com. It's an obvious scam site, what with the random, hefty withdrawals for "fees" and whatnot.
Re: (Score:3, Insightful)
Not that Spelling Nazi's are prevalent here or anything, but...
Spelling Nazi's what?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Most mail servers (all the good ones) already detect mail loops at least as a configurable option. That's not the problem.
If you're hash-validating mail to fix the problems of envelope-reversed spam, why not just hash-validate mail in the first place?
If I want to spam you, I can just send spam to someone using your proposed envelope reversal as you. The way to stop that is to require validated senders, but the server admin on the sending server gets to decide who's a valid sender. A spammer can afford a Lin
Re: (Score:2)
Yes, people really still have problems with spam.
Yes, some people even don't want to use GMail, now isn't that crazy? It's a very, very nice AJAX email 'client', and it really does do wonders for (that is, against) spam. All you have to put up with is to let a huge and insanely powerful foreign corporation read your email, but that can't be so bad, now, can it?
Yes, it can.