LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 01-17-2013, 10:03 AM   #1
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,116

Rep: Reputation: 58
Ending Spam and Etc.


This is a very general question but the idea popped into my head several years ago and wanted the opinions of all the master jedi's of this forum. I had a client that no matter what was done to control there spam(spam assassin,anti-virus(email scanning) and etc) sooner or later something would slip through. So out of frustration of looking at different solution to the INTERNET that seem to be good control mechanisms for combating SPAM, nothing seems to severally reduce the problem without being to restrictive in which the customer may not receive much email at all. So I though, why not just allow email from the domains from there existing customers and block everything else. Simply query what they already have and block the rest. When a new client comes in just add it to a whitelist. To me this would eliminate most of the trash that is out there and lessen the chance of something slipping in but not 100% bullet proof. In addition to that still have your second defense barriers in place such as SPAMASSASSIN and an anti-virus email scanner in place for the domains that are allowed through. Also use SSL/TLS authentication(pretty standard) to protect credentials from being used to read email and or send SPAM through the account. Though this sounds really restrictive, it just seems more logical when it comes to protecting a business. So maybe using Sendmail, I would add this stuff under:

/etc/mail/access

1-Who we accept mail from
2-Who we accept relaying from
3-Who we will not send to etc

http://www.cyberciti.biz/faq/sendmai...cess-database/

Any feedback is greatly appreciated.

Last edited by metallica1973; 01-17-2013 at 11:42 AM.
 
Old 01-17-2013, 10:36 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967
well I guess that heavily depends on what kind of business they are. A business, with customers and all that, would generally need to be able to receive new business inquiries etc. Any default deny sounds too restrictive to me.

Have you possibly thought about using *cough* *splutter* google mail services? I find their spam filtering absolutely bombproof. You ship the mail off to them, brand the gmail site, and also interface over imap... media hype about security concerns aside, they provide an extremely good service. Obviously it'll come off of your bottom line, but the benefits are significant.

Also don't forget services like Postini or Messagelabs. The larger the service the bigger the exposure to spam, the better the results should be.

But just looking now it seems Postini folded into google a while ago! I went to InfoSec UK in about 2006 and was accosted by one of their reps, who seemed smashed on vodka by 2pm. Classy.

Last edited by acid_kewpie; 01-17-2013 at 10:37 AM.
 
Old 01-17-2013, 02:12 PM   #3
NyteOwl
Member
 
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 512

Rep: Reputation: 139Reputation: 139
A combination of tools tends to work best. The problem with using a whitelisting only approach is that it requires constant manual updating and precludes e-mail inquiries from prospective client/customers who are not in the system.

Personally, I'd never recommend the use of Gmail for anything serious and certainly not for business correspondence.
 
Old 01-17-2013, 03:30 PM   #4
YankeePride13
Member
 
Registered: Aug 2012
Distribution: Ubuntu 10.04, CentOS 6.3, Windows 7
Posts: 225

Rep: Reputation: 51
Quote:
Originally Posted by metallica1973 View Post
This is a very general question but the idea popped into my head several years ago and wanted the opinions of all the master jedi's of this forum. I had a client that no matter what was done to control there spam(spam assassin,anti-virus(email scanning) and etc) sooner or later something would slip through. So out of frustration of looking at different solution to the INTERNET that seem to be good control mechanisms for combating SPAM, nothing seems to severally reduce the problem without being to restrictive in which the customer may not receive much email at all. So I though, why not just allow email from the domains from there existing customers and block everything else. Simply query what they already have and block the rest. When a new client comes in just add it to a whitelist. To me this would eliminate most of the trash that is out there and lessen the chance of something slipping in but not 100% bullet proof. In addition to that still have your second defense barriers in place such as SPAMASSASSIN and an anti-virus email scanner in place for the domains that are allowed through. Also use SSL/TLS authentication(pretty standard) to protect credentials from being used to read email and or send SPAM through the account. Though this sounds really restrictive, it just seems more logical when it comes to protecting a business. So maybe using Sendmail, I would add this stuff under:

/etc/mail/access

1-Who we accept mail from
2-Who we accept relaying from
3-Who we will not send to etc

http://www.cyberciti.biz/faq/sendmai...cess-database/

Any feedback is greatly appreciated.
Aside from what the other posters have mentioned, another problem with denying mail from all domains except those whitelisted is what if one of your trusted domains has a few addresses that get owned? What if the spammers spoof those domains?

There is no such thing as 100% bulletproof unless you don't have e-mail
 
Old 01-17-2013, 03:32 PM   #5
YankeePride13
Member
 
Registered: Aug 2012
Distribution: Ubuntu 10.04, CentOS 6.3, Windows 7
Posts: 225

Rep: Reputation: 51
Quote:
Originally Posted by NyteOwl View Post
A combination of tools tends to work best. The problem with using a whitelisting only approach is that it requires constant manual updating and precludes e-mail inquiries from prospective client/customers who are not in the system.

Personally, I'd never recommend the use of Gmail for anything serious and certainly not for business correspondence.
I use gmail at work and I have to say that a combination of Postini and gmail's spam filter knocks out a very large amount of spam. Like I said in the last post, nothing is 100% but it does a fine job if you ask me.
 
Old 01-17-2013, 04:12 PM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967
Quote:
Originally Posted by NyteOwl View Post
Personally, I'd never recommend the use of Gmail for anything serious and certainly not for business correspondence.
You don't say WHY but it's usually the trust issues, which I really don't buy. Especially on their business offerings, you're in tin foil hat country if you think they would actually misuse data they hold for you.
 
Old 01-18-2013, 03:02 PM   #7
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,116

Original Poster
Rep: Reputation: 58
Thanks for the reply,

This client is super tight on budget and has had this issues for ages. When I came into the picture, I could not believe what I was seeing. They would regularly have virus outbreaks, there outlook mailboxes would just be overwhelmed with spam(porn and etc.). I was amazed that they had been functioning in this manner for years and there "go to" IT company, couldn't get things under control. Plain and simply unbelievable!. I looked at managed services but they quickly shot me down and only wanted to pay my consultant fee and nothing else. They want me to use what the open source community has to offer. Its a type of environment in which any change is a massive learning curve and all hell breaks loose. I'll take a glance at many of the suggestions and see what I can up and approach him again. I was leaning toward my approach because 99 percent of there newer clientel are from referrals. I asked them if they ever have had a referral from the info@blahblahblah.com and they said "never". They have a very low profile business. I also agree with using a combination of tools and not a big fan of using cloud based solution(managed email services) --> recently had another customer who had his hosted website by 1and1 and it was compromised not by a vulnerability on his website but by another website sitting on the same VM server(20 other sites on this VM) and as a result malicious code was injected in all 20 sites including his.

Last edited by metallica1973; 01-18-2013 at 03:09 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Auto deleting spam assasins spam box via cronjob and Roundcube Junk Folder osmy Linux - Newbie 8 01-23-2012 05:22 PM
Move SA Marked Spam to Junk/Spam Folder Using Procmail, Postfix, and Virtual Users alden_pease Linux - Server 0 01-05-2012 01:29 AM
postfix spam. someone is using my server to send spam and it's not open relay bob808 Linux - Server 6 03-23-2010 10:44 AM
spam filter that puts spam into spam folder? paul_mat Linux - Software 3 03-31-2009 05:18 AM
procmail and spam -- do not send out of office auto replay to spam draix Linux - Software 0 12-30-2004 09:35 AM


All times are GMT -5. The time now is 05:15 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration