OT: obscene message sizes and idiocy - a solution!

[Fairlight]

You'll never BELIEVE what D . Thomas Podnar said here...:
> Mark has solved part of his problem with a nice solution.

Thanks.

> Our issues in looking at in-house solutions were...
> 1) You still have to take time to manage / update them.

Haven't had to update flmailauth since someone asked for a feature over a
year ago--subject line keyword bypassing.

> 2) all of the incoming spam would still have to come in across the T-1 line,
> then get filtered.

There is that.  Except mine is at my ISP's level with dual-homed T3's.  No
mail ever touches our systems here except via PuTTY in a mutt session.
Only what makes it through the spam filters is ever seen in any fashion.

> One of the things I didn't want to do was restrict email to only known
> parties through one of the "click here and type in the almost invisible
> letters and numbers to authenticate yourself" solutions, which have been
> discussed here recently.

Mine is actually using an MD5 hash of the first message sent, sends a
message back containing it, and all you have to do to validate is reply and
quote the message (which will include the code line in the signature area).
I've had about 2 spammers actually autorespond in two years or so.  This
has been in service for quite some time.  No arcane imagery involved.  You
don't even have to type the code.  Hit reply, make sure you leave the
message in there, and send.  It's that simple.

> The solution for us was an outside service that handles all of the
> spam and virus filtering and detection before hitting our network
> connection, and that is constantly improved and updated by the vendor.

My ISP uses SpamAssassin, -many- RBL's, some other custom stuff they
wrote, and lets you customise your filters at the MTA level.  I've had my
protection set to the highest level and at one point I was still getting
8000 spams in 14 days.  Not good enough.  Beysian filters are incredibly
easy to fool.  RBL's are only as good as the numbers they already know
about.  I can also add my own rules with whatever software I choose--for me
that's procmail and my own custom rig.

Honestly, if someone isn't intelligent enough to simply read a brief
message and reply-and-quote to validate, I likely don't want to deal
with them anyway.  Originally I had a smiley here, but I took it out.
Seriously, if they're that dumb, I don't have time for them.  All they
have to do is prove they're a semi-intelligent person, without any great
hardship to them.

And I can always whitelist people in advance that I don't want to have to
deal with it at all.

> The good news is that it does a great job of filtering and there is a
> nice browser interface for checking your spam box, training it to
> release messages it considers spam and you don't, etc. for, are you
> ready, $2.00 PER PERSON per month. This is per human being, not per
> mailbox, so aliases don't count.

Not bad.  Sounds like a good feature set.  I don't mean to belittle their
offerings, or your suggestion.  It simply wouldn't work for us though, as
we don't utilise pop3/imap clients, nor do we hold with webmail interfaces.
Nor do we want an MTA doing receiving even after filtering, as then it all
comes down our pipe at unwanted times.  And the way we do mail, it never
slams our own uplink--just our provider's, and they have more than ample
bandwidth.

> But this may be the best $50 per month we've ever spent. Instead of
> walking in every morning to 250 emails, I now have 5 - 10, and I don't
> have to constantly manage in house tools.

Nothing mean intended, but I have 0. :) The only spam I've gotten in the
last year that's actually -reached- me are paypal/ebay spoofs (because
I can't really block them well via address, the Received headers are
multiline and not always reliable, and I -need- to see their emails), of
which I've gotten maybe 20 in 2 years.  

I get the occasional advert from a party with which I've registered
software or services, but that's using a separate address that I could
change on a dime.  I just block offenders unless I'm interested though.  I
haven't had to change that in 2 years either.

I can't remember the last time I had to look at spam except to sort out
a mess like the 900KB mails this morning that ate through 9MB of disk on
my home directory filesystem, hit my quota, and were starting in on the
mail filesystem quota.  That kind of abuse sufficiently cheesed me off
to finally handle it for good.  It's happened before but not to such an
extent.  Some numbnutz sent me a bloody unsolicited .rar for crying out
loud, for one example.

Mind you, my solution isn't for everyone.  John Esak said he's against the
concept of having to validate up-front no matter the reason, for example.
That's his opinion and I respect that preference.  He's whitelisted with me
entirely so he never has to deal with it. :) But between my wife and I, and
a few other parties that were interested enough in my auth system to ask
me for and use it, everyone using it has been more than thrilled with not
having to deal with any of it.

It's getting more insane by the day.  And Symantec just released their
semi-annual Internet security report which said spam is on the decline.  It
is if I look at the 14day numbers from IgLou, but what's there is worse in
quality than when there was higher quantity.  The sizes have rocketed, for
one.

I've seen solutions elsewhere--even before I wrote mine.  I wasn't
satisfied with them specifically because they all had limitations, you had
to train them, they required you use pop3 or imap based clients or a web
interface, or MTA routing--you name it.  There's no way we're going to bow
to spammers and change the way we handle mail just to avoid them.  This
works for us in a -very- specific context--the way we feel mail -should- be
handled.  And it is really the most secure way to handle email, the way we
do it.  There's zero risk of accidental infection, as our terminal emulator
doesn't even have command-trigger escape codes that could be abused.  We
don't have to download megs of mail when we start the client.  We see only
what we want to see.  If we need an attachment, it's easy to save it out
and scp it down.  Nothing hits Windows unless we tell it to--ever.

It wasn't like I was lazy and didn't look at other solutions out there.  I
just didn't like or trust any of them enough to keep me from writing it the
way I thought it would work best. :)

Actually, I'd have loved to read some of the info they have, but half their
site is in PDF format.  Complete non-starter for me when a site is like
that.  I'm sure their solution is everything you say it is.  It's just not
for us, same as mine isn't for everyone.  I don't think there's one uniform
solution--it's contextual.

mark->