Jump to content

Setting up my server to use Spamcop


Jimemac

Recommended Posts

I was wondering if anybody had some recommendations or feelings about what I should use as a plugin for Exchange 2000 server. I want to give Spamcop's blacklist a try.

I also had another idea as Spamcop may be too agressive for what I need. Currently we only need to receive email from within the United States. I was thinking about blocking all ip's from Korea, China, Japan, and Brazil. As this is pretty much where all our spam is coming from. Is there a way I can do this?

Thanks for all your help in this matter!

Jimemac

Link to comment
Share on other sites

Hi, Jimemac!

I was wondering if anybody had some recommendations or feelings about what I should use as a plugin for Exchange 2000 server.  I want to give Spamcop's blacklist a try.

...You may want to start at SpamCop FAQ: SpamCop Blocking List information. Please, note, especially the link labeled "How do I configure my mailserver to reject mail based on the blocklist?" and its sub-link labeled "Microsoft Exchange."

I also had another idea as Spamcop may be too agressive for what I need.  Currently we only need to receive email from within the United States.  I was thinking about blocking all ip's from Korea, China, Japan, and Brazil.  As this is pretty much where all our spam is coming from.  Is there a way I can do this?<snip>

...IIUC, there's something called "blackholes" that does something along these lines but I don't have any good references to its use. Perhaps another participant will drop in with more and better information.... :) <g>>

Link to comment
Share on other sites

One monster of a list of various BLs would be http://moensted.dk/spam/ ... check the ones that look interesting to see what it takes to get listed, unlisted, intent of the spaecifc BL .... Some are insane and basically block the world, others just the personal choices of the list owner/maintainer, and some do what's been asked .. countries, ISPs, etc.

However, you'll probably find that the "plug-in for Exchange 2000" isn't exactly the way you'll find these things listed / advertised. Exchange has enough security issues without trying to add in "plug-ins" ....

Link to comment
Share on other sites

I can help you out if you're looking for conservative lists with very few false positives. (None so far since December here, blocking around 1500 messages a day.)

I know there's a BL that will allow you to block Korea, and there might be others for other nations.

The party line is that blocking the entire nation is bad because it doesn't give legit ISPs in Korea a reason to improve, but if the reality of the situation is that you simply are never going to get mail from Korea, then this is surely one way to go.

Link to comment
Share on other sites

In general, before activating a DNSbl, you should have some way to have it tag instead of reject and see if any real e-mails show up tagged.

Generally the open proxy and spamhaus.org listings are reported to have almost no false positives.

Open relay lists will have false positives as usually open relays are real mail servers that are misconfigured.

I find it very odd that postmasters that would not hesitate to use an open relay list, are reluctant to use an open proxy list. The open proxy list is less likey to reject real e-mail, and more likely to reject spam.

If your mail server can handle a MILTER to reject spam, then you can look up news.admin.net-abuse.email posting by Steve Linford

This will allow you to use the more aggressive DNSbls like spamcop.net, dynamic pool lists, and multi-hop lists, or when e-mail has a bad RDNS, it can divert the e-mail to a content filter that can perform more tests. The most reliable is to look up the IP address that the links in the spam resolve to and see if it is from any I.P. address that you would not receive e-mail from.

By the way, if your mail server can not use SMTP rejects for undelivered e-mail, then your filtering solution is just an automated delete, and when false positives occur, neither the sender or the receiver will likely find out about it until significant time has elapsed.

The biggest drawback of not using SMTP rejects is that you have no way of reliably only notifying legitimate senders that their e-mail was not delivered.

Any mail server that is generating bounces for undelivered e-mail allows spammers and virus writers to use it to abuse others, and it is likely to get listed in several DNSbls, or private block lists.

In an ideal world, a mail server should only generate a bounce message for an e-mail message that it originated.

-John

Personal Opinion Only

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...