- Posts: 8
- Thank you received: 0
spam & open relay
18 years 2 months ago #17259
by ospf
spam & open relay was created by ospf
how to stop spamming? anybody hav an idea, approach/method or tools to stop this activities and how to detect a server that hav an open relay.
18 years 2 months ago #17263
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: spam & open relay
You are really looking at getting a good AV/SPAM product to help you with this issue. There are plenty of products out there for doing this; Sophos, GFI, IronPort, ClearSwift, etc...
If you are using Exchange 2003, Microsoft have a free filter which is included in Exchange 2003 SP2
www.microsoft.com/technet/prodtechnol/ex...003/imf/default.mspx
I'm sure there are other free ones out there but you need to ask the question, how good are they ? Some of the client based ones are really good (i use SpamFighter at home www.spamfighter.com ) but generally you need to pay to get good server based filtering.
If you are using Exchange 2003, Microsoft have a free filter which is included in Exchange 2003 SP2
www.microsoft.com/technet/prodtechnol/ex...003/imf/default.mspx
I'm sure there are other free ones out there but you need to ask the question, how good are they ? Some of the client based ones are really good (i use SpamFighter at home www.spamfighter.com ) but generally you need to pay to get good server based filtering.
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
18 years 2 months ago #17275
by nske
Replied by nske on topic Re: spam & open relay
There are two places to stop spam: at the server level and at the client level. Of course, more ideal is the first one, but you must have administrative access to the mail server.
Likewise, there are two ways to distinguish spam: based on available blacklists or based on some intelligent (or not so) detection engine, that probably draws data from a ruleset.
There are many blacklists that you can incorporate to your antispam software, most of them available online (try searching the web for "spam blacklist") and others maintained in a closed fussion from proprietary products.
Smurf mentioned some good commercial solutions for windows environments.
Some of the most powerful antispamming solutions exist for unix-like operating systems and -unlike their windows counterparts- are completelly free. Notice however that they are not plug and play solutions, depending on how well you configure them they can be better than any commercial solution or practically useless.
There are literally hundreds of noteworthy free applications that can assist antispam filtering, many of which you can find at www.sf.net . According to the Mail Transfer Agent software of the server, there are also some specific solutions (i.e. Sendmail offers many costomizable "milters" )
There are however two very powerful systems that you should check, Spamassasin and Procmail.
SpamAssasin is a system that uses rule-based capabilities and also a learning engine that can be adjusted to learn from messages manually marked as spam. It has a very active development community and there are many precomposed rulesets, most of which are mentioned at the official site.
procmail on the other hand, is a more general application that allows complete flexibility over the processing that will be applied. On top of it there are many higher-level tools available and, of course, following the traditional unix logic, it can be configured to communicate with any other piece of software (including spamassasin)
An other highly recommended method is setting SPF records in your nameservers, and configuring your mailserver to be aware of SPF records. SPF records are special TXT records that your nameservers return when answered, that define which mailservers are considered legitimate for a domain. If a message is send from a server other than those servers, it should be considered a spam and thus discarded. This way mass message forgery becomes much more difficult.
Everyone should use SPF in their domains, however for the time being not everyone does, and so you probably don't want to configure your mailservers to discard messages from domains with no SPF record. However you can configure them to take advantage of SPF records wherever they do exist
Likewise, there are two ways to distinguish spam: based on available blacklists or based on some intelligent (or not so) detection engine, that probably draws data from a ruleset.
There are many blacklists that you can incorporate to your antispam software, most of them available online (try searching the web for "spam blacklist") and others maintained in a closed fussion from proprietary products.
Smurf mentioned some good commercial solutions for windows environments.
Some of the most powerful antispamming solutions exist for unix-like operating systems and -unlike their windows counterparts- are completelly free. Notice however that they are not plug and play solutions, depending on how well you configure them they can be better than any commercial solution or practically useless.
There are literally hundreds of noteworthy free applications that can assist antispam filtering, many of which you can find at www.sf.net . According to the Mail Transfer Agent software of the server, there are also some specific solutions (i.e. Sendmail offers many costomizable "milters" )
There are however two very powerful systems that you should check, Spamassasin and Procmail.
SpamAssasin is a system that uses rule-based capabilities and also a learning engine that can be adjusted to learn from messages manually marked as spam. It has a very active development community and there are many precomposed rulesets, most of which are mentioned at the official site.
procmail on the other hand, is a more general application that allows complete flexibility over the processing that will be applied. On top of it there are many higher-level tools available and, of course, following the traditional unix logic, it can be configured to communicate with any other piece of software (including spamassasin)
An other highly recommended method is setting SPF records in your nameservers, and configuring your mailserver to be aware of SPF records. SPF records are special TXT records that your nameservers return when answered, that define which mailservers are considered legitimate for a domain. If a message is send from a server other than those servers, it should be considered a spam and thus discarded. This way mass message forgery becomes much more difficult.
Everyone should use SPF in their domains, however for the time being not everyone does, and so you probably don't want to configure your mailservers to discard messages from domains with no SPF record. However you can configure them to take advantage of SPF records wherever they do exist
Here's a nice script I use for that purpose, there are many more as well as public services (if your mail server is available through the internet). You can find them by making a search at the web. An example of such service: www.checkor.comapproach/method or tools to stop this activities and how to detect a server that hav an open relay.
Time to create page: 0.123 seconds