[KLUG Members] Spam and Tagged Message Delivery Agent
Bob Kanaley
members@kalamazoolinux.org
Mon, 11 Mar 2002 16:43:24 -0500
Bob,
I recently came across a different approach to stopping spam called Tagged
Message Delivery Agent (TMDA) http://software.libertine.org/tmda/
TMDA's Whitelist-centric Strategy ``Deny everything that is not explicitly
allowed''
I would be interested to know if you or anyone else has had any success
using this.
It seems to make a lot of sense. Spammers are essentially sending one way
mail from someone else's open relay or their sites would quickly be put on
the rbl list and automatically blocked (everyone does real time black hole
mapping don't they?)
So, with TMDA you simply create a whitelist of trusted people from existing
email addresses, then the first time someone not on the list sends you an
email, they get an automatic reply from your SMTP server saying something
like "Hi, if you were really trying to email me, please send this message
back to me to be added to my recipient list, then resend your message". If
the sender replies they are automatically added to the whitelist. If the
sender doesn't reply, their messages don't get through. Of course if a
spammer does manage to sneak in, you can always move them to the black list.
The docs say that right now, it is only plug and play for Sendmail and
Postfix, but I suspect some of our clever KLUG members could make it work on
any postoffice software.
I haven't tried it yet because I will have to make a compelling case to
management for the "Deny everything" stance before I can put it in place.
Tagged Message Delivery Agent (TMDA)
TMDA is an OSI certified software application designed to significantly
reduce the amount of SPAM/UCE (junk-mail) you receive. TMDA combines a
"whitelist" (for known/trusted senders), a "blacklist" (for undesired
senders), and a cryptographically enhanced confirmation system (for unknown,
but legitimate senders). TMDA strives to be more effectual, yet less
time-consuming than traditional filters.
TMDA also acts as a local mail delivery agent, with a flexible filtering
language that allows fine-grained control over how incoming and outgoing
mail is delivered and sent.
> To: members@kalamazoolinux.org
> Subject: Re: [KLUG Members] Question about spam..
> From: bob@acm.org
> Date: Sun, 10 Mar 2002 11:20:04 -0500
> Reply-To: members@kalamazoolinux.org
>
> >Ive been reading the list for a while now, I was wondering if there was
any
> >email programs out there for linux, that would help eliminate the massive
> >amounts of spam I recieve to my domain.
>
> there are several toolsthat I've been using for spam, some old, some new.
> Fundamentally, they automate (to a greater or lesser degree) a lot of the
> process of submitting complaints to service providers regarding spam.
>
> Two tools come to mind that are both useful and have gotten results:
> adcomplain - a huge PERL script that does analysis of e-mail header
> information.
> spamcop - A server-based (their server) set of tools that does much the
same
> thing as adcomplain.
>
> Adcomplain sends your complaint to a server which has a database
identifying
> the right place to send the complaint, which is posted when you mail the
com-
> plaint to the server. Adcomplain is also good about generating text for
the
> complaint itself.
>
> Spamcop does a more complete job of analyzing the header information, and
> then presents this information on a wege page. You can then add additional
> text to the message, and it is sent on from there to the target[s]. You
> start the process by mailing one or more bits of spam to the spamcop
> server, which mails you back with a URL.
>
> There are advantages and weaknesses to each of these.
>
> Mostly what you need are tools like these, and the will to spend a bit of
> time, every day, using them. I have found it to be a good investment.
Please,
> BE PERSISTANT! The amount of spam may not go down for a while, perhaps
weeks,
> but it will abate. Sending good explanatory messages, perhaps with a
little
> customization (a strength of adcomplain) to the right place (a strength of
> spamcop) helps, too.
>
> <plug type=shameless>
> I'm putting together a KLUG presentation on this topic for a bit later
this
> year. I suspect that by then, I'll be more spam-free than I am now. If you
> heed this message, and attend my presentation, you will be, too!
> </plug>
>
> Regards,
> ---> RGB <---
> End of Members Digest