Posts Tagged ‘spam’

Do not use xinetd to create an obscure port for SMTP

Monday, February 27th, 2012

Years ago I created a simple xinetd rule to use a custom port for SMTP.

I set this up  years ago when my local ISP started to block outbound SMTP connections on port 25 as an anti-spam measure. I had been using our web server for SMTP relay for several years before this because this same ISP had quite poor uptime in the past. When my ISP blocked port 25, my email stopped going out. I could either switch to the ISPs mail servers, or find another way to get my mail to our web server.

I can’t recall the exact reasoning, IIRC, the ISP also required that you use an email address from their domain in either the from or reply-to lines. Whatever the reasons, I created a custom port to route email through our server to continue to bypass our ISP’s email system altogether.

I chose an unused, non-standard, low TCP port and set up the redirect in xinetd. Sendmail, our SMTP server, was previously configured to  relay for specific IP addresses, I didn’t change that.

That was at least 5 years ago. It was a simpler time and spammers stuck to searching on default ports for open email relays.

Well, today I can confirm that spammers will do a port scan to find open email relays – surely there are better ways to make money that come up with crazy ways to send a bit of spam?

I learned that I had created an open relay on a non-standard port by accident. When an inbound connection is relayed by xinetd to a different port number (at least the way I did it) the service has no idea what is the real  remote IP address. Sendmail thought it was relaying for email from localhost! Argh.

Unfortunately, for a few hours today our web server was relaying spam for some Brazil IP address and advertising something or other in Portuguese. The old relay rule was turned off as soon as I traced the hole.

 

Shaw email SPAM filters for shaw.ca addresses are mediocre

Monday, January 24th, 2011

 

Shaw SPAM filter catches a lot of false positives.

Shaw SPAM filter catches a lot of false positives.

I have mentioned my disdain for Shaw’s email at least once on this blog.

Today, I’ll write a bit on Shaw’s mediocre spam filter.

We manage a fully legitimate, opt-in email newsletter for a local retail chain. This client has a large (relative to the business size) email newsletter list.  The vast majority of the email subscribers reside in the trade radiuses of their stores in the GVRD, Kelowna, Victoria, and Calgary.

By a slim margin over hotmail.com, shaw.ca email is the most popular email domain in these areas, at about 25% of email addresses on the list. The list subscribers is heavily female; however, I doubt that this affects the ratio of  email providers by very much.

The point is that for a BC or Alberta merchant, your email newsletter effectiveness is highly dependent on Shaw’s hit and miss SPAM filter.  We have a test shaw.ca email account, and subscribed to dozens of opt-in newsletters.  For months we have built up an archive of all the items flagged as SPAM. And we’ve seen many, many,  false positives.  See the thumbnail at the right.  Everything that I’ve highlighted in yellow is a false positive, in other words, they should not have been flagged as SPAM.

The Bay, Beyond the Rack, indulgeliving.com: Your emails are being flagged very frequently as SPAM at Shaw.  I didn’t count, but well over 50% of your emails are being SPAM binned at Shaw.  Many other firms get caught, though, less frequently.

Unfortunately, I don’t have any real secrets to sell you on consistently getting deliverability into the Shaw Inbox.  We have tried a dozen different changes in how our client’s e-newsletter is delivered to Shaw, and the results have been somewhat positive, but definitely not 100% successful.  Even the much touted Sender Score Certification did not work.

In brief, since this post could go on for pages and pages:

  • Email users – I do not recommend ever using your ISP’s free email accounts.  They really don’t care as much as the firms that specialize in email.  I would not trust that commercial email that I need, such as an invoice or receipt, would get to my shaw.ca inbox.  I strongly recommend any of the big 3 webmail providers instead.
  • Email marketers – if BC and Alberta are important to you, watch your open rates by domain.  You might find that some email hosts do not like you very much.
  • Shaw – if you happen to stumble on this, could you please just outsource the whole email system to someone who cares?  Cut a deal with Google or Hotmail and split the advertising revenues and be done with it.  You know, and I know, that email isn’t a profit centre for you, so it will never be as good as the webmail specialists.

Note: I have written about Shaw here; however, I can tell from the email open rates, that Telus email SPAM filters are also quite finicky; however, I do not have a telus.net email address to  use for testing this theory.

 

User Friendly Form Spam Block

Thursday, December 25th, 2008

SPAM, SPAM, SPAM. How do I hate thee.

Well, it finally happened again – abuse of one of our web pages by spammers.  This time, it is form spam – an automated web crawling tool (I assume) has discovered the “save/send/share” feature of print-bingo.com.  That form lets print-bingo.com users email their custom bingo designs to friends, family, or themselves. This form is now used by a spam bot network to send poor quality spam using our “invite” emails.  I’m currently getting about 10 bounce backs a day and growing – it has to be stopped before my VPS gets blacklisted for spamming.

I could setup a CAPTCHA, but I hate them – particularly the ticketmaster.com’s.  So, I will try to foil spammers with simple tricks to fool “dumb” automated spam software.

I’m trying a hidden to humans “fake” email field.  This post Quick tip to fight email form spam is the model.  The basic idea is to create a form field with “email” in the name and hide it with CSS (display:none) so that humans will not see or fill in the field.  Then deny attempts to use the form where the hidden field has been filled in.

We’ll see how well this works.

Merry Christmas!

Reducing Memory Used by Milter-Greylist

Monday, July 21st, 2008

Our VPS was running low on free memory the last few weeks.  After a bit of research, we realized that our email greylisting software, Milter-Greylist was using the most memory of everything installed on our server.  More than our database engine, web server, email server, and everything else (not combined)!

For those who don’t know, Grey Listing delays emails in an attempt to foil spammers which don’t typically follow standards for retrying email messages. Milter-greylist is a package that works with sendmail, our SMTP server. Milter-greylist is great, however, it keeps it’s working history in memory, which was OK for the two years that we have run it.  However, the amount of spam attempts continues to rise… why don’t home users notice that their computers have become SPAM zombies anyway?

So, the milter-greylist was storing tens of thousands of records in memory.  It had to be reduced.  Rather than switch to a database driven greylisting package, we decided to start blocking some SPAM attempts earlier in the process.

We enabled the outright blocking of inbound email attempts by any IP address listed on Spamhaus.org’s SBL+XBL list.  SBL+XBL are lists of computers (built by crazy wizardry) that one can use to blacklist email attempts.  I’m uncomfortable using blacklists like this, but, what can you do?  The odds of good mail being lost are very small, and hopefully, anyone who happens to get bounced unintentionally can phone us.

So, following the simple instructions here:

http://www.joeldare.com/papers/spamhaus.pdf

We were able to reduce the traffic to Milter-Greylist and it’s memory usage by 2/3 to 3/4!  Uptime and performance of our VPS and therefore everything hosted on it should be slightly better.

Spammers suck.