How To Blacklist - Part II

**rlsullivan** · 07-03-2011, 03:28 PM

On 03-12-2011 mrunkel said:
Why isn't this a feature? Because it's dumb and it serves no purpose.

The biggest reason, because we don't want 100 phone calls a month from irate users complaining that their vital emails are being blocked because Untangle is crap when some admin has blocked hotmail.com or whatever.

It just makes no sense. Spammers fake "From:" headers, so what is the freaking point?

...forums.untangle.com/spam-blocker/18272-how-blacklist.html...

I would agree that attempting to block spam using the "From:" header makes no sense. I would throw out, that what does make sense is the ability to block spam using the "To:, Cc:, Bcc:" headers. As these can not be faked if they want us to receive their spam. I get tonnes of spam (still) for users that are no loner using my email server and have not used it in years.

Another argument, in the same thread, says the email server should do this work. While that is true, I think it would be best if it can be dropped at the network gateway and not get on my network in the first place, let alone get to my email server. Adrianp918 said, "isn't that like buying a car to do the work of a tank.....get a tank?" My reply is I do not want/need all the features of a tank, just the armor. So I am asking for an armored car. Heck, I will even go so far as to say I am begging for one.

How do we add the ability to drop all email that is addressed to xxxx@xxxx.xxx?

If the to:, cc, and/or bcc fields = "xxxx@xxxx.xxx" then drop connection.

Thank you,
R.L. Sullivan

**adrianp918** · 07-03-2011, 03:35 PM

I think it would be a huge des-service if you had the gateway do all these functions. that would require the gateway to open the email and then reseal it.

i have another idea that would probably suite you in a much better way, i will send you a pm

**rlsullivan** · 07-03-2011, 03:54 PM

It seems I have been bitten by the noob's curse. I attempted to reply to your PM and said I can't yet so I will have to reply here.

Thank you for your PM idea. I will take a look at it more in depth.

From a quick glance it looks like something I will be installing on my email server. I was hoping to be able to use the cpu cycles of my Untangle box and not that of my email server for dropping outdated email addresses. I guess I am a little confused as to how checking the "To" header would be any different than checking the "From" header or even reading the email to match all the rules that RBHL make.

On a different note, I do want to express just how much I have learned from your public posts and say you have gained at least one fan! Thank you for all the work you put into this forum.

R.L. Sullivan

**adrianp918** · 07-03-2011, 03:58 PM

no problem, i will pm you my email address so you can email me if you have any questions

**sky-knight** · 07-03-2011, 04:45 PM

Many of these features exist on competing anti-spam products because they are what are called "store and forward" filters. This is to say, they are e-mail servers themselves, and they are configured to forward messages off to the real server after filtration is complete.

Untangle is an inline filter. It eavesdrops on the e-mail session and acts accordingly. Because the mail session is already open on your mail server, you're actually burning extra resources on Untangle that your mail server has already burned to do what you're asking.

The mail server already has an SMTP session going. So why not have the mail server do what you want? Untangle is there to help deal with spam in an intelligent way. And, IMHO it's a bad practice to have a mail server that accepts all mail blindly. Configuring your mail server to only accept mail to valid addresses is just part of dealing with the mail server.

Granted that is a line of thinking, a philosophy if you will. If you want to run your network differently, Untangle may not be the best product for you.

**adrianp918** · 07-03-2011, 07:39 PM

i can agree Rob,

i have been using a email proxy and spam filter setup that i must say for the past years has never let me down and has gotten nearly 100% of my spam....atleast 99.7% of it and then i filters that get the rest

**Danp** · 07-03-2011, 08:45 PM

This still works great for me.

**rlsullivan** · 07-03-2011, 08:58 PM

Sky-Knight, Thank you. Now I understand the difference and see how it would not be wise to filter on the Untangle server.

The issue with telling the email server to only accept valid emails is this can lead to email harvesting. I guess, like most things in life, one has to choose between the advantages and disadvantages of doing something that can be done in more than one way.

I will use a the email server and this thread can be closed (for I have my armored car now).

**sky-knight** · 07-03-2011, 10:15 PM

I don't really agree with that, if you aren't responding to unsolicited NDRs, the spammers can't tell if a message went through unless the SMTP session actually completes. There are many MANY far more effective harvesting methods to get your e-mails.

I just assume all addresses are already harvested, you aren't going to hide them for long anyway. Untangle's spam filter is self learning, and it will adapt over time. If you want to mess with the spammers, just enable tar pitting and laugh!

**sky-knight** · 07-03-2011, 10:16 PM

Originally Posted by Danp

This still works great for me.

That is a hack, and one that is computationally considerably more expensive than a simple black list script on the mail server directly.

Why put an unsupported change on the Untangle when the same edit on the mail server itself is often easier, and supported?

Thread: How To Blacklist - Part II

LinkBack

Thread Tools

How To Blacklist - Part II

Posting Permissions