Re: RBL for spam filtering

From: Strata Rose Chalup (strata@virtual.net)
Date: Tue May 01 2001 - 14:28:23 PDT


Joe,

Have you looked at John Hardin's "Email Sanitizer"? It's procmail,
but it's kept quite up to date. Latest release was just a couple weeks
ago. I'll include the release announcement below.

Check out also the Email Security Announcements list, ESA-L.
http://www.spconnect.com/mailman/listinfo/esa-l

----
"The procmail sanitizer has been updated. The current version is 1.129
It is available via:

US: http://www.impsec.org/email-tools/procmail-security.html EU: ftp://kanon.net/pub/jhardin/antispam/procmail-security.html AUS: http://grebopple.accessunited.com.au/email-tools/procmail-security.html

- From the changelog:

04/14/2001 (1.129) Detect and truncate Subject: headers longer then 250 characters, to protect Outlook Express users. Add VCF and NWS to the default MANGLE_EXTENSIONS list. Only defang HTML in message body, to avoid defanging email addresses like < meta.smith@example.org >. Change macro scanner to allow detailed reporting of what it finds; if you add SCORE_DETAILS=YES to your sanitizer configuration, the sanitizer will now tell you why it is considering a document to be poisoned - thanks to Brian D. Hanna for the original version of this. Modified macro score logging to include the recipient name (only meaningful if the sanitizer is running on the same system as the user mailboxes) - thanks to Peter Burkholder for his patch. Changed default filename to "default.txt" to try to force Windows to treat it safely. Fixed the REPORT bug from 1.128. Changed the canned reply text a bit to make it more clear that security policy can involve more than just a virus scanner.

The sanitizer home page is at http://www.impsec.org/email-tools/procmail-security.html " -----

_SRC

Joseph S Barrera III wrote: > > Any thoughts on using RBL for spam filtering on FoRK? > > - Joe > > Also sprach Oliver Xymoron: > > Way back on Thu, 14 Dec 2000, I wrote: > > > > > WASTE used to rely on the MAPS Realtime Blackhole List[1] to do spam > > > filtering. As of a couple minutes ago, I've turned it off as their > > > policies have gone well beyond obnoxious. See this article[2] by Jamie > > > Mccarthy for more detail. > > > > > > [1] http://mail-abuse.org/rbl/ > > > [2] http://slashdot.org/yro/00/12/13/1853237.shtml > > > > ..and we started getting ever more and more spam (I've been getting about > > 20-40 a day, not counting the stuff I filter myself). So we have a > > dilemma: deal with ridiculous amounts of spam, or be part of a spam > > filtering network that occassionally blackholes innocent people. > > > > On Tuesday, I reenabled RBL filtering. My current thinking is that the > > worst part of the RBL is the network route blackholing, which makes all > > traffic (not just mail) disappear, as it shuts off both directions of > > communication. Using simple mail filtering, RBL is probably more bad than > > good. There's also currently no alternative that's less problematic while > > still being effective.

-- ======================================================================== Strata Rose Chalup [KF6NBZ] strata "@" virtual.net VirtualNet Consulting http://www.virtual.net/ ** Project Management & Architecture for ISP/ASP Systems Integration ** =========================================================================



This archive was generated by hypermail 2b29 : Sun May 06 2001 - 08:04:36 PDT