Welcome to BroadbanterBanter. |
You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.
|uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.|
| ||Thread Tools||Display Modes|
How to deal with 98% spam? (corporate case)
I have a small business. Every day we get 10-20 legit emails, and
(especially over a weekend) about 50x as many in spam.
The spam probably comes from email addresses ripped off our website
over the years, plus a load sent to [email protected] and [email protected] etc. I
realise one can stop some of this by having java code in place of
mailto: links, or use www enquiry forms (which a lot of people hate)
but it's too late to do that now.
This very high spam ratio means that no simple rules can be used
effectively. Blacklisting (DNS and addresses) works only partly; we
still get loads of emails clogging up our email clients. So I am
looking for a way to get rid of it more effectively, while not dumping
any legit incoming emails.
We've been using Mailwasher, which is pretty good but if set up to
work usefully, it is not 100% safe. It is also not a good solution for
multiple users receiving email - we have to run it first thing in the
morning, on one specific PC where it maintains its database, before
anybody reads their email. It also has no automatic way of adding to
the whitelist because it doesn't see outgoing emails.
It occured to me that if we could maintain a whitelist (by
automatically adding the To: header from our OUTgoing email to it) we
could have a very good working system which would never drop an email
from an existing contact. Moreover, we could get it started by
processing all our existing emails (going back to 1995) and extracting
the To: headers from them.
One can get services like Messagelabs but they cost a fair bit of
money. Also they can blacklist some addresses without us knowing about
it. I know a man who does "legit" commercial mailings and he has a
team of people working for him who spend most of their time working
out how to get around these message processing services!
So I have decided to set up an in house mail server on which we can
run antivirus software, do spam DNS checking, bouncing, etc, and
through which outgoing email will pass so it can be added to the
This is a very sensible approach, I would suggest that you choose
something like Exim (http://www.exim.org) together with SpamAssassin
(http://www.spamassassin.org). SpamAssassin (just on the point of a
major updated release, in -rc status now) is able to filter on a
combination of built-in rules, user specified rules, and Bayesian word
probability analysis that learns your spam and ham mail characteristics
and scores appropriately.
Exim (or another MTA if you prefer it) can be integrated with
SpamAssassin in several ways, either used to reject mail at smtp time if
it seems spammy enough, or simply to mark it up and then allow mail
client filters to check on the status of the mail and decide whether to
bin it or bung it into a spam folder for review.
Some information on this can be found he
To complicate matters somewhat, we want to enable all emails from a
particular company, so if we send an email reply to e.g.
we want to add to the
whitelist. But if we get an email from we don't
want to do that! So there would be some rules; e.g. major domains like
aol, yahoo, btinternet etc would never acquire wildcards.
It should be possible to script this so that on sent mail Exim calls a
script that adds whitelist entries to the SpamAssassin local
configuration file to allow return mail.
Generic whitelisting is also very simple using SpamAssassin.
But you may find that you don't need it if you use Exim, especially if
you look at:
which has some good sugegstions on how to set up smtp transactions to
avoid a fair amount of spam.
Does anyone know of any commercial software which would do this? We
plan to run FreeBSD on the server - it will also be a www/ftp server,
later running online shopping...
Both Exim and SpamAssassin will run under FreeBSD (or indeed under
Linux). And they are Free software so do not directly cost money, just
time to learn how to configure.
I gather sendmail can have plug-ins so this sort of thing could be
written. I know someone who could do it but he thinks what I am
proposing is an overkill.
Nothing is overkill where spam is concerned.
Presently we have 64k ISDN dial-up access but will be getting BB soon,
so I am trying to get something sorted.
I would appreciate any suggestions as to how to do this perhaps more
Hope the above is useful.
please observe reply-to address
|Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)|
|Thread||Thread Starter||Forum||Replies||Last Post|
|How to deal with 98% spam? (corporate case)||King Queen||uk.telecom.broadband (UK broadband)||3||August 21st 04 01:28 AM|
|How to deal with 98% spam? (corporate case)||Richard Sobey||uk.telecom.broadband (UK broadband)||2||August 20th 04 03:02 PM|
|How to deal with 98% spam? (corporate case)||Gordon Henderson||uk.telecom.broadband (UK broadband)||0||August 20th 04 12:45 PM|
|How to deal with 98% spam? (corporate case)||poster||uk.telecom.broadband (UK broadband)||0||August 20th 04 12:44 PM|
|How to deal with 98% spam? (corporate case)||Greg Hennessy||uk.telecom.broadband (UK broadband)||0||August 20th 04 12:21 PM|