Help! I've been blacklisted! [was Re: adelaide IT jobs]

Richard Russell richard at yellowgoanna.com
Tue May 27 19:51:09 CST 2003


<snip>

> As it happens, I am the mailserver admin for the domain in 
> question. And yes, the whole of 202.* was blocked due to the 
> rampant amount of spam coming from that block. 66.* will not 
> be far behind it I feel.

See John Edwards' email for reasons why this is a silly thing to do.

> 
> This is not a decision made lightly. As an admin I need to 
> balance the signal-to-noise, doing this takes time (money). I 
> cannot be sitting 24/7 blocking individual hosts/IPs. 

No. Try using a blacklist, or spamcop, or spamassassin, or something.

> 
> Spam mostly comes from dynamic IP addresses these days, so the only 
> real protection is to start blocking blocks of IPs, eg 
> 202.6.73.4 now, when we begin to see 202.8.33.211, 
> 202.27.4.2, 202.99.66.241 
> etc etc etc we need to take drastic measures, for systems 
> with thousands of users, these spammers can almost bring your 
> system to a stop. Action needs to be taken.

I think you're doing it wrong, personally.

> 
> Creators of spam have long ago figured the work arounds for 
> spam filters to the point they are mostly useless, most 
> admins now will block at the firewall, I tend to let sendmail 
> to the job for me. It is harsh but workable. I am not saying 
> this is the perfect method if fighting SPAM, but it is all we 
> have to work with. Should anyone have a better system I am 
> always open to suggestions and trialling new methods

I use spamassassin, and it blocks maybe 80% of my spam.

I am aware of some systems that use bayesian filters that can learn what
is spam and what is not. These may also be appropriate for you.

I also dispute whether it is workable -- how do you know if you haven't
been blocking thousands of wanted emails? You'll never know.

I, like John Edwards, dispute your assessment that "most admins" do
this. I am an admin of a number of systems, and I do not do this. :)

rr

-- 
Richard Russell
Yellow Goanna P/L
m: +61 412 827 805
e: richard at yellowgoanna.com
w: http://www.yellowgoanna.com

-- 
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.freenode.net
To unsubscribe from the LinuxSA list:
  mail linuxsa-request at linuxsa.org.au with "unsubscribe" as the subject



More information about the linuxsa mailing list