Searching \ for '[EE] email spamblock router?' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: techref.massmind.org/techref/index.htm?key=email+spamblock
Search entire site for: 'email spamblock router?'.

Exact match. Not showing close matches.
PICList Thread
'[EE] email spamblock router?'
2006\01\16@170037 by James Newton, Host

face picon face
Sort version:

Is there a firewall / router that will check incoming requests on port 25
against a list of RBLs and reject the ones that are listed? Preferably with
a message about RBLs and how to get off them.

Long version:

I'm getting buried in spam.

No surprise considering how many public email addresses I have.

I have some pretty good spam filters and I use the RBLs via software on the
POP3 side. It helps a lot and things are more or less livable.

But I would really like to move the RBL blocking to the /other/ side of the
email server: On the internet side of the server. Two reasons:

A) That way the server doesn't have to store and POP3 the spam and it can
instead be dumped before it even gets to clients.

B) So that any false positives know that their email was rejected.
Hopefully, along with a quick explanation of why and some advice on how to
fix it or a link to a web contact form if they can't.

Now there are undoubtedly many fine email server programs that will do just
that but I don't really want to install and learn a new one at this time.

I've found a program that can perhaps be installed on the server and setup
to pick up connections on some port other than 25 (port forwarded by the
router) and then send them on to port 25 on the same server if they pass.
E.g. the router would forward 25 to 2525 and this software would pick up
those requests, check them against the RBLs and then forward them to
127.0.0.1:25 if they pass.

But it seems like that is a function that would fit very nicely into a
firewall or router. I'm less than impressed with the one that I have now and
I'm wondering if I can kill two birds with one stone.

Thanks for your advice.

---
James Newton: PICList webmaster/Admin
spam_OUTjamesnewtonTakeThisOuTspampiclist.com  1-619-652-0593 phone
http://www.piclist.com/member/JMN-EFP-786
PIC/PICList FAQ: http://www.piclist.com


2006\01\16@170944 by tlists

flavicon
face
I don't know of a standalone one that costs less than $1500
The only solution I have for you is exactly what you don't want:
A Soekris engineering single board computer running linux or freebsd and
a program that forwards the mail whilst checking the spam-DNS sevices.
Sorry that's all I've got, I know you wanted something easier.
http://www.soekris.com/net4501.htm
--
Martin Klingensmith


James Newton, Host wrote:

{Quote hidden}

2006\01\16@171946 by Harold Hallikainen

face picon face
I've added a single line to my sendmail config file that checks the
blocklists at http://www.spamcop.net . Works well for me!

Harold


--
FCC Rules Updated Daily at http://www.hallikainen.com

2006\01\16@172455 by Danny Sauer

flavicon
face
James wrote regarding '[EE] email spamblock router?' on Mon, Jan 16 at 16:03:
> Sort version:
>
> Is there a firewall / router that will check incoming requests on port 25
> against a list of RBLs and reject the ones that are listed? Preferably with
> a message about RBLs and how to get off them.

Barracuda.  http://www.barracudanetworks.com/  $1745 at the low end.

I've not used them, but I've used SnapGear firewalls.  They have a
"webwasher" that can clean up email as well as web traffic.
http://www.webwasher.com/ / http://tinyurl.com/7lffe - it's also not
exactly free.

> Now there are undoubtedly many fine email server programs that will do just
> that but I don't really want to install and learn a new one at this time.

That's about the only good way that'll be inexpensive, unfortuantely.
And it's only inexpensive in terms of cash - the time involved is
rather a high cost.  It's worth noting that I get maybe 2 spams per
week, if that, after running DSpam with postfix for a couple of
months.  That's out of about 3K-5K messages/day to addresses I've had
live and public for close to a decade.  I think it was worth my
time, others may disagree... :)

--Danny

2006\01\16@172618 by Bob Axtell

face picon face
James Newton, Host wrote:

{Quote hidden}

Take a look at spamaddress.com. I've had them for some months now, and
spam is nonexistent.
Costs about $5/month.

--
Note: To protect our network,
attachments must be sent to
.....attachKILLspamspam.....engineer.cotse.net .
1-520-850-1673 USA/Canada
http://beam.to/azengineer

2006\01\16@172924 by Chetan Bhargava

picon face
You should enable RBL checks and greylisting on your mail servers. It
reduces spam a lot.

Also changing your public address (alias) every 6 months helps :-)

On 1/16/06, James Newton, Host <EraseMEjamesnewtonspam_OUTspamTakeThisOuTpiclist.com> wrote:
> Sort version:
>
> Is there a firewall / router that will check incoming requests on port 25
> against a list of RBLs and reject the ones that are listed? Preferably with
> a message about RBLs and how to get off them.

--
Chetan Bhargava
Web: http://www.bhargavaz.net
Blog: http://microz.blogspot.com

2006\01\16@173213 by Danny Sauer

flavicon
face
Harold wrote regarding 'Re: [EE] email spamblock router?' on Mon, Jan 16 at 16:21:
> I've added a single line to my sendmail config file that checks the
> blocklists at http://www.spamcop.net . Works well for me!

Any DNS-based blacklist (or any blacklist, for that mater) which you
do not control is a bad idea.  Spamcop specific:
http://jhoward.fastmail.fm/spamcop.html

I'm a strong believer in using a system that learns from *your* spam.
That's the only way you'll get something that works well for *your*
usage pattern.  For example, I block incoming SMTP from Korea and most
of China, but that wouldn't work for other people.  But how many of
the DNS-based blacklist block those IP blocks?  Several.

It's one of those things where you trade some time maintaining your
own system (though DSpam takes almost none of my time now that it's
well trained) for accuracy.  If you don't have time to train /
maintain, and decide to use someone else's free service (or even
for-a-fee service), you're trusting them to classify all of your
email.  I don't have that kind of trust in people I don't know...
Heck, I don't have that kind of trust in most of the people that I
*do* know. :)

--Danny

2006\01\16@174617 by Bob Blick

face picon face
> Sort version:
>
> Is there a firewall / router that will check incoming requests on port 25
> against a list of RBLs and reject the ones that are listed? Preferably
> with
> a message about RBLs and how to get off them.

I wonder if spamassassin runs on the Linksys wrt54g? That'd be sweet. I'll
look at openwrt.org and see if there's a spamassassin package for it.

Is that more what you're talking about, James? A $59 box with no hard disk
that runs off an AC adapter, has ethernet in and ethernet out, and deals
with the spam?

I bet someone is doing it with openwrt, if not, they should.

Cheerful regards,

Bob


2006\01\16@174928 by Danny Sauer

flavicon
face
Chetan wrote regarding 'Re: [EE] email spamblock router?' on Mon, Jan 16 at 16:32:
> You should enable RBL checks and greylisting on your mail servers. It
> reduces spam a lot.

Greylisting assumes that all remote mail servers use only one IP and
that they all behave according to standards.  Both of those are
not-so-good assumptions, as the remote server may
- reject the mail given a temporary 4xx error instead of trying again
  later
- send a confusing message to the original sender, which might cause
  the original sender to resend the message
- retry through a different network interface / different server,
  which will again be subjected to the greylisting
And it *always* delays mail (unless the server remembers IP and sender
combinations for some period of time, which takes memory and may well
expire before its encountered again - esp. on a busy machine).

Given the increased delay and the likelyhood of rejecting legitimate
email, I generally am not in favor of global greylisting.  I do use
sender address verification on a couple of sites - Yahoo and Hotmail
among others - which is a bit like address greylisting except that it
also verifies the validity of the sender address before accepting mail
from that sender.  But I only do that on domains that are frequently
forged (which includes my own domains) and which I know will work with
the scheme.  AOL, for example, will ban your IP if you do a lot of
address verification against them.  then you have to call, explain
your position, and either turn it off or expect to be banned again
within a few weeks (which is annoying).

Anything that bounces email really needs to be 100% accurate 100% or
the time.  Greylisting isn't, and will only work on the stupidest of
spam programs - which are getting more and more rare.

--Danny

2006\01\16@175756 by Danny Sauer

flavicon
face
Bob wrote regarding 'Re: [EE] email spamblock router?' on Mon, Jan 16 at 16:48:
> I wonder if spamassassin runs on the Linksys wrt54g? That'd be sweet. I'll
> look at openwrt.org and see if there's a spamassassin package for it.

It takes too much memory to run most any spam filter package on those
small router boxes.  Even building spamc and running a spamd on
another box would be a bit much for a wrt54g, let alone running a full
install of perl and spamassassin. :)  We're talking 22MB RSS for spamd
running on an old mail gateway, which is a little lighter than
spamassassin would be.  DSpam is also too large.

Can the open wrt54g system use swap over NFS/CIFS?  Eeek.

--Danny

2006\01\16@180717 by Bob Blick

face picon face

> Can the open wrt54g system use swap over NFS/CIFS?  Eeek.

You can plug a hard disk into an nslu2, but it only has one ethernet port.

Only having 32 meg ram is a major hurdle for any of these little boxes.

Cheerful regards,

Bob


2006\01\16@182401 by James Newton, Host

face picon face
{Quote hidden}

That would be exactly the thing...

Errr... What is openwrt? Silly question, Google is my friend:
http://openwrt.org/


At first glance:
http://www.google.com/search?hl=en&lr=&safe=off&q=openwrt+spamassassin

It does not appear that the two have been combined...

...anyone in particular that I would talk to about making that happen?

---
James Newton: PICList webmaster/Admin
jamesnewtonspamspam_OUTpiclist.com  1-619-652-0593 phone
http://www.piclist.com/member/JMN-EFP-786
PIC/PICList FAQ: http://www.piclist.com



2006\01\16@182709 by James Newton, Host

face picon face
> Bob wrote regarding 'Re: [EE] email spamblock router?' on
> Mon, Jan 16 at 16:48:
> > I wonder if spamassassin runs on the Linksys wrt54g? That'd
> be sweet.
> > I'll look at openwrt.org and see if there's a spamassassin
> package for it.
>
> It takes too much memory to run most any spam filter package
> on those small router boxes.  Even building spamc and running
> a spamd on another box would be a bit much for a wrt54g, let
> alone running a full install of perl and spamassassin. :)  
> We're talking 22MB RSS for spamd running on an old mail
> gateway, which is a little lighter than spamassassin would
> be.  DSpam is also too large.
>
> Can the open wrt54g system use swap over NFS/CIFS?  Eeek.
>
> --Danny


How about just checking the RBLs?

I know some people object to RBLs but they are easy and don't involve any
sort of AI (which scares the heck out of me).

Also, if the router rejected an email based on an RBL listing, the person
sending the email would get the bounce (right freaking NOW!) and would know
why. In the end, this will do more good than just sending spam to the bit
bucket as it will put pressure on ISPs to better regulate their users.

---
James Newton: PICList webmaster/Admin
@spam@jamesnewtonKILLspamspampiclist.com  1-619-652-0593 phone
http://www.piclist.com/member/JMN-EFP-786
PIC/PICList FAQ: http://www.piclist.com


2006\01\16@184012 by Danny Sauer

flavicon
face
James wrote regarding 'RE: [EE] email spamblock router?' on Mon, Jan 16 at 17:29:
> How about just checking the RBLs?

Dunno - is there anything out there that does this?  I guess it'd be
pretty trivial to write an SMTP relay which just did a DNS lookup
against an RBL...  The SMTP RFCs are fairly straightforward when just
acting as a dumb relay.

> Also, if the router rejected an email based on an RBL listing, the person
> sending the email would get the bounce (right freaking NOW!) and would know
> why. In the end, this will do more good than just sending spam to the bit
> bucket as it will put pressure on ISPs to better regulate their users.

No, the person whose From: was forged in the spam will get the bounce.
I'm pretty sure those stupid bounces make up about 10-15% of the junk
I get, and I can assure you that I'm not sending out a bunch of spam.
If you're using an ISP-based RBL, which would allow you to reject
messages before accepting them and partially avoide the bounce
problem (ro at least doesn't make it worse), then you're blocking
whole ISPs instead of spamming users.  It'd be nice if ISPs cared, but
a lot of them don't - and the hapless victim users often don't know
that they need to tell their ISP about the mail blockage via RBL.
Heck, half of the ISPs I've dealt with would say that's a windows
problem and that the user should "update their antivirus" or reboot.
:)

--Danny

2006\01\16@185850 by Bob Blick

face picon face

>
> That would be exactly the thing...
>
> Errr... What is openwrt? Silly question, Google is my friend:
> http://openwrt.org/
>
>
> At first glance:
> http://www.google.com/search?hl=en&lr=&safe=off&q=openwrt+spamassassin
>
> It does not appear that the two have been combined...
>
> ...anyone in particular that I would talk to about making that happen?
>

There is a package that looks like it's half what you need - "emailrelay".
The openwrt package tracker is down right now, here's a google cache link
that will require some unwrapping:

http://66.102.7.104/search?q=cache:u2rV-QvpuvsJ:tracker.openwrt.org/packages/show.php%3Fid%3D1248+openwrt+emailrelay&hl=en

There's probably some other package available to do the rbl check.

wrt54g's are fun for just messing around with, too.

If you do get interested enough, let me know and I will tell you which
versions have more ram than others(Linksys made several revisions).

Cheers,

Bob


2006\01\16@191127 by tlists

flavicon
face
Harold Hallikainen wrote:

>I've added a single line to my sendmail config file that checks the
>blocklists at http://www.spamcop.net . Works well for me!
>
>Harold
>
>
>  
>
He doesn't run sendmail.
I run qmail on gentoo for my mail server and it was quite easy to setup
as well.

--
Martin K

2006\01\16@195658 by James Newton, Host

face picon face
{Quote hidden}

I'm not totally sure, but if MY server tries to deliver an email to another
server and that server rejects it, my server will instantly generate a
bounce notice back to me showing that the email could not be delivered. This
is NOT going to the From address in my outgoing header. It is a result of
the failed connection directly from my server to the other.

This is the point of moving the RBL check to the front end of the mail
server. If I accept the email, THEN try to bounce it, I have only the From:
address to go by. If I bounce it when the other server is still "on the
line" talking to me, I /know/ the correct server got the message.

Or am I missing something?

---
James Newton: PICList webmaster/Admin
KILLspamjamesnewtonKILLspamspampiclist.com  1-619-652-0593 phone
http://www.piclist.com/member/JMN-EFP-786
PIC/PICList FAQ: http://www.piclist.com


2006\01\16@233445 by Danny Sauer

flavicon
face
James wrote regarding 'RE: [EE] email spamblock router?' on Mon, Jan 16 at 18:59:
> > No, the person whose From: was forged in the spam will get the bounce.
[...]
> I'm not totally sure, but if MY server tries to deliver an email to another
> server and that server rejects it, my server will instantly generate a
> bounce notice back to me showing that the email could not be delivered. This
> is NOT going to the From address in my outgoing header. It is a result of
> the failed connection directly from my server to the other.
>
> This is the point of moving the RBL check to the front end of the mail
> server. If I accept the email, THEN try to bounce it, I have only the From:
> address to go by. If I bounce it when the other server is still "on the
> line" talking to me, I /know/ the correct server got the message.
>
> Or am I missing something?

Most of the junk is bounced through an open relay, often in some lax
country like China or Korea (which is why I block those groups).  The
open relay doesn't make any attempt to validate the from: or to:, just
happily accepting the message from the malicious sender and forwarding
along to the next destination.  When it gets the bad message back, it
just as happily forwards the error back to what it thinks is the
original destination - the forged From: address.  Apparantly, this is
often my address. :)

So when you reject the junk, you're usually not rejecting the message
from the sender's ISP - you're rejecting it via a second or third hop
which has already terminated its connection with the "real" originator
and has nothing but the From: header to go on (technically the "MAIL
FROM" line, I guess, as the From: header doesn't have to match).  It's
not your problem, as you've saved your bandwidth - but you've just
wasted someone else's.  Probably mine. ;)

This open relay problem is one of the strong points of the ORBS
blacklist, BTW.  There is no reason for anyone to run run an open SMTP
relay outside of laziness, but unfortunately there are several lazy
ISPs out there, and some are big ones (like, most of Spain, so it
seems) which you then either have to whitelist or discard with the
rest.

--Danny

2006\01\17@010245 by Bob Axtell

face picon face
Sporry, NOT spamaddress, spamarrest.

This cold is killing me.

--Bob

>>    
>>
>Take a look at spamaddress.com. I've had them for some months now, and
>spam is nonexistent.
>Costs about $5/month.
>
>  
>


--
Note: To protect our network,
attachments must be sent to
RemoveMEattachTakeThisOuTspamengineer.cotse.net .
1-520-850-1673 USA/Canada
http://beam.to/azengineer

2006\01\17@065657 by Alan B. Pearce

face picon face
>Any DNS-based blacklist (or any blacklist, for that
>mater) which you do not control is a bad idea.

I would agree with that. Every so often yahoo stops sending list mails to me
because my name appears at spamhaus, but with a totally different IP source,
according to the "blocked" status of my account. Sometimes takes a couple of
days before you figure "things cannot be this quiet" and you find you have
missed a heap of messages. Sure you can read them on the website, but I get
them sent as emails for a reason ...

More... (looser matching)
- Last day of these posts
- In 2006 , 2007 only
- Today
- New search...