Email - ZeroSource - Part 2

Tag Archives: email

Whitelisting should be last resort!

Posted on May 11, 2008 by zerolove

I get tired of people trying to sell their spam filtering and all they do is turn up every filter so that all email is marked/quarantined as spam and they expect you to whitelist everything you want to get.

So what is whitelisting? Well it is a list of accepted items, in this case email address or domains. When whitelisted an emails skip the filtering so that they are delivered. If I wanted to make sure that any email from z3r010v3@gmail.com would get delivered to me I could whitelist the whole email or I could whitelist @gmail.com and then it would always get to me. This is not the way to do it, I believe whitelists should be a last resort.

With computers being infected with viruses that allow spammers to send emails from them, and email servers configured wrong allowing for open relays there is always a chance a domain you have whitelisted will spam you. To top it off most whitelist use the “From” address and this is easy to bypass. I had a client for example that whitelisted *@*.gov so that all emails from anything ending in .gov would get through. That is fine till you have a person complaining at the clients office because they are getting spam from not.a.real.host.gov. Then you have spammers that are smart and figure out what email address to use based on the company. For example here in Alabama lawyers always want to whitelist alacourt.gov, yea didn’t take spammers long to figure out they could spam any law office in Alabama if they just used the alacourt domain for their email address.

The same that goes here for whitelisting also applies to blacklist. I have had clients inadvertently blacklist everyone at aol.com or gmail.com. So the same goes here for blacklisting.

If you do not trust your rules and filters work at them more. Don’t just start whitelisting every tom, dick, and harry.com

Technorati Tags: email,spamassassin,spam

Categories: Nerdology | Tags: email, spam, Spamassassin

Stop the Backscatter, er Joe Jobs!

Posted on May 10, 2008 by zerolove

No comments

Vbounce is the weapon!

What ever you are going to call it as some call it backscatter and some call it Joe Jobs, well it is annoying. People where complaining, it was an direct attack of this junk. No fear tho, I have added to my Ninja weapons. This time, I have activated…. vbounce. It was really that easy since it comes with Spamassassin 3.2.x and you are using that version right? Well you should be.

Configure

/etc/mail/spamassassin/v320.pre

Change:

# VBounce – anti-bounce-message rules, see rules/20_vbounce.cf
#
#loadplugin Mail::SpamAssassin::Plugin::VBounce

# VBounce – anti-bounce-message rules, see rules/20_vbounce.cf
#
loadplugin Mail::SpamAssassin::Plugin::VBounce

and then turn on if you have not shortcircuit see Justin Mason’s entry at the Spamassassin Wiki here.

Then in /etc/mail/spamassassin/local.cf add
whitelist_bounce_relays myrelay.myhost.net you should add every server that sends email on your behalf. You must enable this or none of this will work correctly. Now also in /etc/mail/spamassassin/local.cf add score BOUNCE_MESSAGE 5.0.

What it does

So now when backscatter comes in, we are going to check and see if it came from one of our servers. If it does then we are going to mark it with vbounce and send it on in. Now if it is not from one of our servers it is going to hit BOUNCE_MESSAGE and get marked spam. I have enabled this on all my servers and have not yet got another complaint. This is one of those tools I think are going to be very important.

Technorati Tags: Linux,Spamassassin,backscatter,email,howto

Categories: Nerdology | Tags: email, linux, Spamassassin, Work

ClamAV Update and Fix

Posted on April 24, 2008 by zerolove

No comments

So if you run ClamAV (and you should) to scan incoming email, the current release had some issue or did on several of my servers. The errors put out where:

cdiff.o(.text+0x190a): In function `cdiff_apply': ../shared/cdiff.c:984: undefined reference to `gzdopen'

cdiff.o(.text+0x1950):../shared/cdiff.c:994: undefined reference to `gzgets'

cdiff.o(.text+0x19a5):../shared/cdiff.c:1016: undefined reference to `gzclose'

cdiff.o(.text+0x19f5):../shared/cdiff.c:1010: undefined reference to `gzclose'

tar.o(.text+0xd4): In function `tar_addfile':../shared/tar.c:82: undefined reference to `gzwrite'

tar.o(.text+0x109):../shared/tar.c:95: undefined reference to `gzwrite'

tar.o(.text+0x1a3):../shared/tar.c:111: undefined reference to `gzwrite'

etc..... then

collect2: ld returned 1 exit statusmake[2]: *** [freshclam] Error 1make[2]: Leaving directory `/usr/local/src/clamav0.93/freshclam'make[1]: *** [all-recursive] Error 1make[1]: Leaving directory `/usr/local/src/clamav-0.93'make: *** [all] Error 2

To fix recompile Zlib with --shared

Don't forget to sponsor me for March of Babies use the Badge at the right to sponsor me. The walk is this weekend.

The Birmingham Pulse is available and kicking online http://bhampulse.zerosource.org check it out!

Technorati Tags: ClamAv,Linux,Email

Categories: Nerdology | Tags: email, linux, Work

.exe in url and Earth day ends!

Posted on April 23, 2008 by zerolove

No comments

So now that earth day is over, where to start. Spamassassin update, we are seeing a ton of emails with URL’s that end in .exe such as

http://stalmix02.nazwa.pl/video.exe

So this one isn’t a tough one and I don’t know who wrote this originally but here is the rule to catch this:

uri EXE_FILE /\w\.exe/i
score EXE_FILE 10.0
describe EXE_FILE Potential link to executable

I’ve also had a ton of backscatter hitting the servers. I was also having trouble getting it to go away, not even sure it is gone yet. These are the things I’ve done. Of course I recommend running the latest and greatest Spamassassin currently 3.2.4. First edit your v320.pre should be located in /etc/mail/spamassassin and make sure this is on:

# VBounce – anti-bounce-message rules, see rules/20_vbounce.cf # loadplugin Mail::SpamAssassin::Plugin::VBounce

Then in your local.cf again located in /etc/mail/spamassassin and place:

whitelist_bounce_relays yourdomain.com

So I hope you had a great Earth Day, I know I did. I made my contributions today. Last night I had 15 Bean Soup and tonight I had bean burrito’s. Sometimes I contribute silently and then sometimes the world knows of my contributions.

Technorati Tags: Linux,Email,Spam,Earth Day

Categories: Nerdology | Tags: email, linux, spam, Work

PC World – Linux Communications Suite Enters Beta

Posted on March 11, 2008 by zerolove

No comments

PC World – Linux Communications Suite Enters Beta

I can speak from experience here. We tried an alternative to Exchange. We searched and searched, we tried several and finally we found the one we thought would be it. We deployed it to several clients and all hell broke loose. First every couple of days there was an update. This required us to go on site and install and addon to outlook. Then the server would not work or would randomly disconnect. We purchased support from this company only to get the run around, another patch, or no answer at all. At one time Adobe wouldn’t work inside of outlook for a client that had the “addon” installed. No response, for 9 months. Then they got sold…

We are now selling hosted exchange, and I can say it works exactly how I would have expected. More important there is support and the clients are familiar with it.

Vista, and Mac support still not available in the other.

Categories: Nerdology | Tags: email, linux