[volunteers] [PenLUG] Help / Ideas needed for next week's

Alvin Oga alvin at mail.Linux-Consulting.com
Fri Jan 19 20:48:03 PST 2007

hi ya mark

> mark weisler wrote:
> Something on my mind is the future of SMTP (mail) given all the spam problems

fun issue .. 
ask 10 (ten) peole how they solve it and you'll get 50 ( 5-0 ) different and distinct answers

> I'm just about ready to ask Postini if they would speak to our LUG(s).

sounds like a good idea .. since they're down the street 

baracuda claims to have lots o corp clients, and some of my custsomers
uses them to clean their emails

ironport uses a modified spam-assassin and was jsut bought out for $800M by cisco
whom also claims to have more corp clients than baracuda

"corp clients" does matter because:
a) they have real $$ to spend
b) they will change to another vendor if the current one does not solve
   the spam problem
c) the clients understand there are several problems with filtering spam
d) there seems to be very very few spam that gets thru those outsourced filters

- i wonder what people think about when they find out their corp emails is
  flagged to be read sometimes manually to filter out spam
	- it's corp mail so "free speech" and privacy does not come into play

	- i'm sure the ceo and cfo and coo have their own private mail address
	with encryption turned on to "talk" to each other 

> * Are we getting to the point where mail server administration is more than=
> most individuals or smaller shops can reasonably handle?

we've been way past that point for a while ...
otherwise, the outsourced corp spam filter house would not have been growing

> * What can Postini tell us about special processing techniques they use to
> manage spam?

i'm not sure they'll get too much into the details of their recipe for their
golden egg .. but still would be good to hear from them

> * What role might cryptography play in managing spam (by, in part, clearly=
> identifying the mail originator)

a spammer that does NOT change the body of the content is a "dummy" spammer

md5 on the body ( spam contents ) will always be the same if they do
not change the body, even if its the first line of: dear "sucker" 

if the body is dynamically changed, a 1 second solution, that'd render all 
( content based ) md5 based spam filter methods useless

	- say 5 minute of perl hack should be able to set you up with a
	perl based md5 spam filter ... any subsequent incoming email
	with the same md5 is most likely ( 99.999999999% ) spam

there's gazillion spam filter rules for the gazillion+1 spammer methodologies


i have collected all the ip#, domain names, sender's email addy of any
incoming spam ... and have seen a drop of incoming spams from a few 
thousand a day to a few hundred now which implies most all spams come 
from the same (spammers mta) sources

	host# grep REJECT access | wc -l          

c ya

More information about the volunteers mailing list