After a reporter started to investigate Spam occurrence and the link to a few US based hosting companies and provides he was able to shut down the operation in co-operation with other backbone providers. The result is a significant drop in worldwide spam occurrence since then.
For mail servers I administrate I was able to shut down 2 of 3 SpamAssassin instances due to no work for them to do. Let’s hope this will stay this way for a while.
Vorletzte Woche musste ich meinen Mailserver neu aufsetzen, da ich auf einen neuen Server umgezogen bin. Dabei habe ich den Spamassassin diesmal nicht aus dem apt von Debian installiert sondern einfach über die CPAN Shell. Dabei kompiliert sich das ganze automatisch. Leider bekommt man dann keine Start-Stop-Scripte, wie man sie von Debian gewöhnt sind. Macht nix dachte ich mir. Lass ich den Spamassassin einfach unter daemontools laufen die eh meinen qmail antreiben.
War eine gute Entscheidung. Performance und Stabilität haben meines erachtens zugenommen. Bis jetzt noch keine Probleme mit gehabt. Ein bisschen getunt habe ich auch noch. Einige Rules für den Spamassassin lassen sich compilieren über ein bistimmtes Plugin – das macht die ganze Sache natürlich noch schneller.
When I couldn’t sleep last night I had to think about my new mailserver installation and the load of measurements I’ve undertaken to prevent my customers getting spam or to allow anybody to relay spam through my server. Then I realized that there might be the chance of a new method how good spam-filter techniques could be used as a spam drone.
Get the situation: I’m John the bad spammer and want to deliver my mails to a lot of boxes around the world. I connect to a mailserver and deliver all my mails with a faked envelope. The to address has to contain an mailinglist or something like that which bounces emails for people who are not listed and the return address should be the person where the spam has to go. The mailserver (when configured to comply with RFC) should send the bounce directly to the person who should recieve the spam. This is only working if the spamfilter like spamassassin doesn’t act after the SMTP dialog has finished.
I didn’t try it but it could be exploited at some point. Due to the fact that there are many hosts who doesn’t send bounces anymore (in Germany some of the government servers has bounces off) or has the spamfilter integrated in the smtp dialog which scans the mail while delivering it shouldn’t be a big problem. But it could…