LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   Ending Spam and Etc. (https://www.linuxquestions.org/questions/linux-general-1/ending-spam-and-etc-4175446027/)

metallica1973 01-17-2013 09:03 AM
Ending Spam and Etc.
 
This is a very general question but the idea popped into my head several years ago and wanted the opinions of all the master jedi's of this forum. I had a client that no matter what was done to control there spam(spam assassin,anti-virus(email scanning) and etc) sooner or later something would slip through. So out of frustration of looking at different solution to the INTERNET that seem to be good control mechanisms for combating SPAM, nothing seems to severally reduce the problem without being to restrictive in which the customer may not receive much email at all. So I though, why not just allow email from the domains from there existing customers and block everything else. Simply query what they already have and block the rest. When a new client comes in just add it to a whitelist. To me this would eliminate most of the trash that is out there and lessen the chance of something slipping in but not 100% bullet proof. In addition to that still have your second defense barriers in place such as SPAMASSASSIN and an anti-virus email scanner in place for the domains that are allowed through. Also use SSL/TLS authentication(pretty standard) to protect credentials from being used to read email and or send SPAM through the account. Though this sounds really restrictive, it just seems more logical when it comes to protecting a business. So maybe using Sendmail, I would add this stuff under:

/etc/mail/access

1-Who we accept mail from
2-Who we accept relaying from
3-Who we will not send to etc

http://www.cyberciti.biz/faq/sendmai...cess-database/

Any feedback is greatly appreciated.

acid_kewpie 01-17-2013 09:36 AM
well I guess that heavily depends on what kind of business they are. A business, with customers and all that, would generally need to be able to receive new business inquiries etc. Any default deny sounds too restrictive to me.

Have you possibly thought about using *cough* *splutter* google mail services? I find their spam filtering absolutely bombproof. You ship the mail off to them, brand the gmail site, and also interface over imap... media hype about security concerns aside, they provide an extremely good service. Obviously it'll come off of your bottom line, but the benefits are significant.

Also don't forget services like Postini or Messagelabs. The larger the service the bigger the exposure to spam, the better the results should be.

But just looking now it seems Postini folded into google a while ago! I went to InfoSec UK in about 2006 and was accosted by one of their reps, who seemed smashed on vodka by 2pm. Classy.

NyteOwl 01-17-2013 01:12 PM
A combination of tools tends to work best. The problem with using a whitelisting only approach is that it requires constant manual updating and precludes e-mail inquiries from prospective client/customers who are not in the system.

Personally, I'd never recommend the use of Gmail for anything serious and certainly not for business correspondence.

YankeePride13 01-17-2013 02:30 PM
Quote:
Originally Posted by metallica1973 (Post 4872214)
This is a very general question but the idea popped into my head several years ago and wanted the opinions of all the master jedi's of this forum. I had a client that no matter what was done to control there spam(spam assassin,anti-virus(email scanning) and etc) sooner or later something would slip through. So out of frustration of looking at different solution to the INTERNET that seem to be good control mechanisms for combating SPAM, nothing seems to severally reduce the problem without being to restrictive in which the customer may not receive much email at all. So I though, why not just allow email from the domains from there existing customers and block everything else. Simply query what they already have and block the rest. When a new client comes in just add it to a whitelist. To me this would eliminate most of the trash that is out there and lessen the chance of something slipping in but not 100% bullet proof. In addition to that still have your second defense barriers in place such as SPAMASSASSIN and an anti-virus email scanner in place for the domains that are allowed through. Also use SSL/TLS authentication(pretty standard) to protect credentials from being used to read email and or send SPAM through the account. Though this sounds really restrictive, it just seems more logical when it comes to protecting a business. So maybe using Sendmail, I would add this stuff under:

/etc/mail/access

1-Who we accept mail from
2-Who we accept relaying from
3-Who we will not send to etc

http://www.cyberciti.biz/faq/sendmai...cess-database/

Any feedback is greatly appreciated.
Aside from what the other posters have mentioned, another problem with denying mail from all domains except those whitelisted is what if one of your trusted domains has a few addresses that get owned? What if the spammers spoof those domains?

There is no such thing as 100% bulletproof unless you don't have e-mail :)

YankeePride13 01-17-2013 02:32 PM
Quote:
Originally Posted by NyteOwl (Post 4872385)
A combination of tools tends to work best. The problem with using a whitelisting only approach is that it requires constant manual updating and precludes e-mail inquiries from prospective client/customers who are not in the system.

Personally, I'd never recommend the use of Gmail for anything serious and certainly not for business correspondence.
I use gmail at work and I have to say that a combination of Postini and gmail's spam filter knocks out a very large amount of spam. Like I said in the last post, nothing is 100% but it does a fine job if you ask me.

acid_kewpie 01-17-2013 03:12 PM
Quote:
Originally Posted by NyteOwl (Post 4872385)
Personally, I'd never recommend the use of Gmail for anything serious and certainly not for business correspondence.
You don't say WHY but it's usually the trust issues, which I really don't buy. Especially on their business offerings, you're in tin foil hat country if you think they would actually misuse data they hold for you.

metallica1973 01-18-2013 02:02 PM
Thanks for the reply,

This client is super tight on budget and has had this issues for ages. When I came into the picture, I could not believe what I was seeing. They would regularly have virus outbreaks, there outlook mailboxes would just be overwhelmed with spam(porn and etc.). I was amazed that they had been functioning in this manner for years and there "go to" IT company, couldn't get things under control. Plain and simply unbelievable!. I looked at managed services but they quickly shot me down and only wanted to pay my consultant fee and nothing else. They want me to use what the open source community has to offer. Its a type of environment in which any change is a massive learning curve and all hell breaks loose. I'll take a glance at many of the suggestions and see what I can up and approach him again. I was leaning toward my approach because 99 percent of there newer clientel are from referrals. I asked them if they ever have had a referral from the info@blahblahblah.com and they said "never". They have a very low profile business. I also agree with using a combination of tools and not a big fan of using cloud based solution(managed email services) --> recently had another customer who had his hosted website by 1and1 and it was compromised not by a vulnerability on his website but by another website sitting on the same VM server(20 other sites on this VM) and as a result malicious code was injected in all 20 sites including his.


All times are GMT -5. The time now is 07:00 AM.