Mailing List Archive: exim: users

Spam Blocking by BT

Index | Next | Previous | View Threaded

dave at restall

Sep 4, 2009, 7:38 AM

Post #1 of 2 (469 views)
Permalink

Spam Blocking by BT

Hi,

I have a client who's server has just been blacklisted by BT, not
without some justification, however the help received from BT to
resolve the problem is non existent. Originally, the server was set up
simply as the MX for about 600 domains with about 1000 users in
virtusertable. None of the accounts were local accounts, the box just
accepted what came in and forwarded the message to the recipient. No
filtering, no checks. Unfortunately, some of the domains had wildcard
addresses in them so the machine was a spammers dream :-( Since many of
the addresses forwarded to BT Connect accounts and have done for several
years, it was inevitable that at some point BT would start to get a bit
sensitive about the amount of spam being received and would do something
about it hence the blacklisting.

The blacklisting has caused the client some problems - not least of
which is the complete reluctance of BT to engage in a dialogue to resolve
the problem, eventually BT white-listed the server after one of the end
users wrote a message to the BT Chairman. In the meantime, I was asked
by the client what was required to limit the damage so I migrated them
from sendmail to exim + clamav + spamassassin + DNSBL + sender/callout.
I also removed all the wildcard addresses that went to BT. BT now say
that the client will still be blocked eventually because they still
receive a 'significant' amount of spam from the server even though the
new configuration throws away 97% of messages before they are forwarded
to the btconnect accounts (For instance, yesterday 88834 rejects and 3016
deliveries according to eximstats). BT haven't defined 'significant'.
I suspect that if I ask BillW or MarcP, I'd get different definitions
of significant :-)

My question is, what more can I do to cut down the spam further ? I
don't know of any spam filter that is 100% accurate and what I let
through BT may block but similarly, what a BT spam filter might let
through, spamassassin would block. Spam is a moving target/definition.

BT seem to be using DKIM and SPF but will this really make a big
difference if I implement it on the server ?

Exim is performing much better than sendmail BTW, though this is
probably due to the fact that poor old sendmail was doing nothing other
than store and forward and was consequently being hit with so much
backscatter that it couldn't do anything but run slowly.

Regards,

Dave
exim/2009-09-04.tx exim-users
+----------------------------------------------------------------------------+
| Dave Restall, Computer Nerd, Cyclist, Radio Amateur G4FCU, Bodger |
| Mob +44 (0) 7973 831245 Skype: dave.restall Radio: G4FCU |
| email : dave [at] restall Web : Not Ready Yet :-( |
+----------------------------------------------------------------------------+
| Please ignore previous fortune. |
+----------------------------------------------------------------------------+

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

maillist at ovb

Sep 4, 2009, 8:35 AM

Post #2 of 2 (426 views)
Permalink

Re: Spam Blocking by BT [In reply to]

Hello David

David Restall - System Administrator wrote:
> from sendmail to exim + clamav + spamassassin + DNSBL + sender/callout.
First, what is the sender/callout used for? If you use it for verification of sender addresses on servers other than the ones controlled by you, it's by many considered some form of abuse as well. Have a read at http://www.backscatterer.org/.

The calmav, spamassassin and DNSBL are only for getting rid of some spam to your users but not primary what your server sends out.

First of all, my general rule I suggest you implement are:
1. Accept submissions with sender addresses out of your domains only after SMTP authentication (outbound)
2. All the rest must go to known addresses within your domains (inbound)

This should make sure that only *your* users are able to send mail to the internet at large (authentication) through the server (no abuse by others) and inbound mail from anywhere only to your users, that is the point where the sa, dnsbl, et all kicks in as well.
In short: A mail you accept for processing is either through an authenticated connection or has its final destination in one of the domains you host.

Then you should only have mail sent to BT originating by your users. If BT still complains, it could be that one of your users is sending SPAM, which you can stop by disabling their account so SMTP auth will fail.

DKIM and SPF all have their own limitations and are no cure to the general SPAM problem, you should know all the limitations of these techniques before implementing them. Generally speaking, they *might* work for your, if all your users send mail through your server to the internet, and only through your servers. But if forwarding of mail accounts is used, this might get you into trouble already.

Oliver

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads