Reverse DNS blacklisting and filtering
Reverse DNS blacklisting and filtering
Hi Mail Enable
1) Extending the â€Reverse DNS blacklisting†to also looking up the IP of the server, where the URL in a e-mail is pointing, would be great – because the spammers have to place their spam-pages on a server somewhere. This server is most often already blacklisted, but is not found because Mail Enable is only looking up the IP of the sending mail server (and not the server to which the URL is pointing). Therefore, the current version of Reverse DNS blacklisting is not catching spammers, who have hacked a mail server or the like, but this recommended extension would.
NoSpamToday uses this feature and it is working very very good: http://www.nospamtoday.com/download/server/
NoSpamToday (based on SpamAssassin) is a mail proxy, which is to be placed in front of the Mail Enable server. The mail proxy must listen to port 25 and redirects the mail to another port, where Mail Enable is listening. Mail Enable cannot not listen on port 25 also, because then it will conflict with the mail proxy. The mail proxy then adds blacklisting-positives in the header of the mail, which you can filter out in MailEnable. In this work-around-way Mail Enable also rejects spam, which is sent from hacked mail servers and the like.
It is working great, but I really would like to see the feature included in Mail Enable too, because centralized administration is better.
2) Mail Enable’s filtering could be much better, if we could use “Andâ€, “Orâ€, “Not†ect. in the process of filtering.
1) Extending the â€Reverse DNS blacklisting†to also looking up the IP of the server, where the URL in a e-mail is pointing, would be great – because the spammers have to place their spam-pages on a server somewhere. This server is most often already blacklisted, but is not found because Mail Enable is only looking up the IP of the sending mail server (and not the server to which the URL is pointing). Therefore, the current version of Reverse DNS blacklisting is not catching spammers, who have hacked a mail server or the like, but this recommended extension would.
NoSpamToday uses this feature and it is working very very good: http://www.nospamtoday.com/download/server/
NoSpamToday (based on SpamAssassin) is a mail proxy, which is to be placed in front of the Mail Enable server. The mail proxy must listen to port 25 and redirects the mail to another port, where Mail Enable is listening. Mail Enable cannot not listen on port 25 also, because then it will conflict with the mail proxy. The mail proxy then adds blacklisting-positives in the header of the mail, which you can filter out in MailEnable. In this work-around-way Mail Enable also rejects spam, which is sent from hacked mail servers and the like.
It is working great, but I really would like to see the feature included in Mail Enable too, because centralized administration is better.
2) Mail Enable’s filtering could be much better, if we could use “Andâ€, “Orâ€, “Not†ect. in the process of filtering.
-
- Site Admin
- Posts: 4441
- Joined: Tue Jun 25, 2002 3:03 am
- Location: Melbourne, Victoria Australia
Content filtering is a very broad subject and there are an array of tools and plug-ins that can be integrated to provide a comprehensive filtering strategy. Parsing messages for content (including URLs/IP addresses) is arguably one of the best means of determining if a message is spam.
There are many vendors providing solutions to Spam and rather than integrate each and every one of them, the short term solution is to provide a more flexible means of calling and integrating such plug-ins.
As such, MailEnable intends to provide advanced filtering through scripts. This will effectively allow you to script your own filters as to either call other content analysis plugins or to craft your own scripts to acheive the same.
It is likely to be released into the current release of Enterprise Edition and into V2 of Professional Edition (but this as yet has not been finalized).
Some insight into its form is outlined here: http://www.mailenable.com/mailenable/he ... ipting.asp
There are many vendors providing solutions to Spam and rather than integrate each and every one of them, the short term solution is to provide a more flexible means of calling and integrating such plug-ins.
As such, MailEnable intends to provide advanced filtering through scripts. This will effectively allow you to script your own filters as to either call other content analysis plugins or to craft your own scripts to acheive the same.
It is likely to be released into the current release of Enterprise Edition and into V2 of Professional Edition (but this as yet has not been finalized).
Some insight into its form is outlined here: http://www.mailenable.com/mailenable/he ... ipting.asp
Regards, Andrew
-
- Site Admin
- Posts: 4441
- Joined: Tue Jun 25, 2002 3:03 am
- Location: Melbourne, Victoria Australia
Making it possible to use plug-ins is good, but why not extent it to also looking up the web server (the url)? I mean when the mail enable team already has done the programming of finding out if the sending mail server is blacklisted, why not also do the inquiry on the web server.
It is like "walking all the way" to the police and asking if a person has done crime A and not wanting to know if the person has done crime B - even though the chance of this is much higher.
If mail enable would extent their BL-inquiry to the web server too, then we have no use for mail proxies and the like, which makes a better solution for us. No extra programs like NoSpamToday and SpamA. were needed. We would have it all in the Enterprise solution.
It is like "walking all the way" to the police and asking if a person has done crime A and not wanting to know if the person has done crime B - even though the chance of this is much higher.
If mail enable would extent their BL-inquiry to the web server too, then we have no use for mail proxies and the like, which makes a better solution for us. No extra programs like NoSpamToday and SpamA. were needed. We would have it all in the Enterprise solution.
-
- Site Admin
- Posts: 4441
- Joined: Tue Jun 25, 2002 3:03 am
- Location: Melbourne, Victoria Australia
Re: "why not also do the inquiry on the web server. "
I am not sure exactly how this would occur. Someone in this scenario would presumably need to maintain a list of spammer urls/host names/ip addresses to be verified against.
DNS blacklisting works in this way whereby the IP address of their mail server's outbound interface is blacklisted. The same sort of list would need to be available for spam urls - if such a list is available, it would almost certainly need to be subscribed to and charged.... in which case a plug-in by that vendor is most likely to be needed. More likely, I would think MailEnable would provide support for the content scanning engine used by NoSpamToday (as an example).
I am not sure exactly how this would occur. Someone in this scenario would presumably need to maintain a list of spammer urls/host names/ip addresses to be verified against.
DNS blacklisting works in this way whereby the IP address of their mail server's outbound interface is blacklisted. The same sort of list would need to be available for spam urls - if such a list is available, it would almost certainly need to be subscribed to and charged.... in which case a plug-in by that vendor is most likely to be needed. More likely, I would think MailEnable would provide support for the content scanning engine used by NoSpamToday (as an example).
Regards, Andrew
The blacklists are already available for everyone and they are already being maintained professionally and Mail Enable is already using them, but Mail Enable is sadly only looking up the IP of the sending server and not the IP of the web server (and not a url). Therefore, Mail Enable is not catching the real spammers and we, the consumers, have to buy extra software to protect our mail servers even though a little extension would do the trick.
Here is the trick:
1) Analyze the received e-mail.
2) If it has a URL inside, then retrieve the domain of it.
3) With this domain, retrieve the IP of the web server.
4) Make the enquiry in the blacklist (as Mail Enable is already doing with the sending mail server).
5) If the IP is blacklisted, then reject the mail (as Mail Enable already is doing)
Please, take a look at: http://www.spamhaus.org/effective_filtering.html
And read:
Can we please have this option in Mail Enable too, so we can extent our spam prevention to not only looking up the IP of the sending mail server, but also the IP of the web server?
Here is the trick:
1) Analyze the received e-mail.
2) If it has a URL inside, then retrieve the domain of it.
3) With this domain, retrieve the IP of the web server.
4) Make the enquiry in the blacklist (as Mail Enable is already doing with the sending mail server).
5) If the IP is blacklisted, then reject the mail (as Mail Enable already is doing)
Please, take a look at: http://www.spamhaus.org/effective_filtering.html
And read:
Now you see?Spamhaus lists the IPs of spammers' web servers and DNS servers, in addition to spam sources in the SBL for this purpose. Spammers may find fresh sources not yet on our DNSBLs, but they have to advertize a web site hosted somewhere.
Can we please have this option in Mail Enable too, so we can extent our spam prevention to not only looking up the IP of the sending mail server, but also the IP of the web server?
-
- Site Admin
- Posts: 4441
- Joined: Tue Jun 25, 2002 3:03 am
- Location: Melbourne, Victoria Australia
Yaaaaaaaahhhhhhhhhhooooooouuuuuuuuwwwwwwwww
The real spammers jump around a lot hijacking new mail server, but they do not that often change their web servers, because if they did people wouldn't reach to see they site, before they had moved and it is also harder for them to setup up new web servers then hijacking new mail servers.
Thank you for your time Hope to see this feature in Mail Enable soon. Until then I recommend NoSpamToday. Actually, NoSpamToday use other dns-registers then SpamHaus'. NoSpamToday is working so effectually at this point that if I did not do anything other than using NoSpamToday’s way of also looking up the web server then it would still take 95% of all spam – alone! The current Reverse DNS Backlisting and Bayesian filtering (in Mail Enable enterprise version) would take the rest.
The real spammers jump around a lot hijacking new mail server, but they do not that often change their web servers, because if they did people wouldn't reach to see they site, before they had moved and it is also harder for them to setup up new web servers then hijacking new mail servers.
Thank you for your time Hope to see this feature in Mail Enable soon. Until then I recommend NoSpamToday. Actually, NoSpamToday use other dns-registers then SpamHaus'. NoSpamToday is working so effectually at this point that if I did not do anything other than using NoSpamToday’s way of also looking up the web server then it would still take 95% of all spam – alone! The current Reverse DNS Backlisting and Bayesian filtering (in Mail Enable enterprise version) would take the rest.
Last edited by zeusdk on Tue May 24, 2005 7:26 pm, edited 1 time in total.
-
- Posts: 192
- Joined: Tue Mar 22, 2005 1:18 pm