Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Spam Filtering
From: raffi at flossyourmind.com (Raffi Jamgotchian)
Date: Tue, 19 May 2009 08:15:06 -0400

Astaro's AntiSpam suite is very affective solution IMHO. You just need  
to decide if you want all of that stuff being handled by your  
equipment or just killed before it even gets to you.

On May 19, 2009, at 7:13 AM, Jack Daniel wrote:

As you might expect, I use an Astaro box...

But, no sales pitch here- for SMTP filtering I have found Commtouch's
anti-spam offerings to be very good.  Several commercial products
(including Astaro) license Commtouch tech as a component in their
offerings.  Theirs uses a combination of reputation and heuristics,
works very well.

There are some non-commercial anti-spam tools/techniques which are
built into a variety of systems, look for them in the solutions you
consider;
BATV does a good job of managing "backscatter" spam (spoofed bounce  
messages)

Greylisting is very good at controlling bot-generated spam (requires
an RFC-compliant retry to validate the server, then whitelists the
server)

SPF is the answer for spam which claims to originate from your own  
domain(s),

CONSERVATIVE RBLs (like Spamhaus) can be valuable, but many RBLs are a
bit too aggressive for commercial use (that is, if you want to get
email from your customers)

RDNS checks are good, but you will occasionally run into misconfigured
servers which you will have to deal with. Note: simple RDNS only
requires the IP of the sending SMTP server have a hostname associated,
it does not require SMTP to originate from an MX record IP for the
domain.

HELO/EHLO checks just make sure the sending server says "hi" in an
appropriate manner, generally checking for valid hostname formats and
such.  You will need some exceptions for older/misconfigured servers
for this one, too.

Mix and match the above as appropriate in whatever commercial or Open
Source package, and you will have a happier MTA and inbox.


Jack




-- 
______________________________________
Jack Daniel, Reluctant CISSP
http://twitter.com/jack_daniel
http://www.linkedin.com/in/jackadaniel
http://blog.uncommonsensesecurity.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]