9/28 So the spam brigade finally found me on here in a way that
annoys me greatly. It was okay before, but now it sucks.
I still use PINE. I am open to any suggestions to please
let me know...do I need to switch to something beside PINE?
Spam Assassin? What? -maxmcc
\_ To respond to all the posts in this thread in the laziest means
possible: Milter plans are in place which will include global
spamassassin and antivirus scanning. We just lack time and
manpower. - jvarga
\_ You need to switch to something besides pine, but not because of
spam.
You can configure SpamAssassin for your account and still use
a bad mail client. -tom
\_ tom, if you aren't going to be helpful, you can at least not
be a jerk. -jrleek
\_ Come on guys give tom a break. tom is in fact being helpful.
Perhaps his words are overly candid and blunt but are not
without merits. The clueless pp obviously needs serious help
and as tom correctly pointed out needs to use spamassassin.
\_ Wouldn't it make more sense to have something more global
where CSUA filters out spam instead of individual users
configuring their own spamassassin files? My .razor and
.spamassassin directories are getting big.
\_ Are you gonna pony up the cash to pay a part time admin
to run this sort of thing? People don't realize that
for any decent sized machine, this sort of service is
a full time endeavor.
\_ Full time to run spamassassin? Isn't this the
sort of experience the students who run soda
need? I mean, some of us can do it for free,
but doesn't that defeat the purpose? Teach a
man to fish and all that.
\_ Spamassassin is insufficient (perhaps IMO) for
what the person above suggests. Having the CSUA
automatically filter spam would 1) be a time sink
on admins and 2) suck. The greylisting suggestion
below isn't a bad one, but implementing it across
the board (as root of late is wont to do) would,
again, suck.
\_ Seconded. It should also auto-forward all spams to
spam@uce.gov.
\_ Tom may be able to be helpful but he can't not be a jerk.
\_ You can configure SpamAssassin to work with pine. I'll be
happy to send you my configuration if you email me. -jrleek
\_ I got same issue. Someone please give me a pointer on how to
configure procmail... I want to send everything with Windows-1251
encoding to spam...
\_ Does CSUA use greylisting? Might be an idea, worked wonders
for me. -John
\_ care to elaborate on that a bit please?
\_ http://en.wikipedia.org/wiki/Greylisting
Advantage: stops almost all spam today. Disadvantage:
sometimes delays legitimate mail, between a few minutes
and an hour or more. Spammers can mostly circumvent it
if they try.
\_ Greylisting returns a 450 for every mail received and
enforces a delay of some small timeframe. Generally
enforces a delay of a number of minutes. Generally
even a short delay (1-5min) works to kill the fantastic
quantities of spam originating from forged addresses or
spam zombies. As pp said, it delays _all_ mail as well
as blocking mail from misconfigured MTAs that don't
understand 450s. Also what helped us was really severe
rate limiting of mail from all APNIC netblocks (no more
than x mails from a given IP to a given address within y
timeframe) and "cooling down" periods for IPs generating
too many 550s within, say, a minute. Pp is correct
that greylisting does not stop determined spammers, but
generally it's too much effort for most of them. -John
currently it's too much effort for most of them. -John
\_ thanks, john. -kngharv
\_ Poll: Should CSUA adopt greylisting?
Yes: ..
No : ..
\_ Greylisting can be rather heavy on memory usage.
Last I checked, soda doesn't exactly have a lot
of it.
\_ Maybe this should wait until the new soda
is put in place?
\_ How much does it have? How much does it
need? What will it cost?
\_ For me, pre-greylist = ~30 spam per day. post-
grey-list = ~4 spam per day.
\_ Greylisting (or maybe just sendmail) pisses me off.
When you send a multi-recipient e-mail and one recip is
greylisting, all recips after that person block until
it goes through. This could just be sendmail's sucky
sending semantics. --dbushong
\_ How would sendmail's smtp greeting delay compare
for suck/gain tradeoff? --jon |