Results 1 to 7 of 7
  1. #1
    Untangler
    Join Date
    May 2009
    Location
    Rochester area, New York, USA
    Posts
    31

    Default Check against valid user list

    I know that in the present version of Spam Blocker, it isn't possible to check SPAM against a list of valid e-mail addresses, but can it be written in in the future?

    Even if I had to import the user list by hand, it would greatly speed things up. The VAST majority of the SPAM that UT filters is directed to invalid e-mail addresses.

    If an initial scan against a list of valid users could be done early in the process, it would decrease the load on the server and conserve bandwidth. I envision it being like SMTP Tarpitting in that it would do an easy comparison operation and drop the message without further processing if it does not match.

    UT has weeded out 108,460 SPAM messages since I put the box in last night. That's for a 50 user network! Over 99% of those were to invalid, random e-mail addresses with our domain tacked on, like
    348e95phq@mycompany.com, or wagner@mycompany.com.

    Imagine the increased efficiency if it only had to run e-mail to valid addresses through the filters.

  2. #2
    Master Untangler JEllingson's Avatar
    Join Date
    Jan 2008
    Location
    Warner Robins, GA
    Posts
    348

    Default

    You are thinking UT is a mail relay. It isn't.

    If your mail server rejects the RCPT TO command due to an invalid recipient, then that is it. UT only scans when it sees a DATA command sent... which is after the RCPT TO.

    For example, if you have Exchange Server running, you can filter invalid recipients in the System Manager for Exchange. (See prior posts here in the forums for details if you need them).

  3. #3
    Untangler
    Join Date
    May 2009
    Location
    Rochester area, New York, USA
    Posts
    31

    Default Exchange 2000

    Thanks JEllington,

    I have Exchange 2000, so I don't have the option to drop mail to invalid users directly, but I'm running GFi MailEssentials on the server which does the same thing.

    I just see the UT box getting deluged with SPAM to invalid users and wonder if it's possible to just drop them. Apparently it isn't easy or it would already be done.

    I'll read more.

    Sincerely,

    Ted

  4. #4
    Untangle Ninja raditude's Avatar
    Join Date
    Jan 2009
    Location
    Eugene, OR
    Posts
    1,143

    Default

    If you enable tarpitting, it will drop a lot of the spam, and since the upgrade to 6.1, and the ability to set a super-spam score.

    Also if you set to quarantine then your exchange server does not see the spam (it is put in quarantine on the UT box, and if the user is invalid the only thing your exchange server gets is a daily quarantine digest for this user, so 1 piece of mail/day which GFI could just drop like it is doing now with all the spam), which is only released if the user logs in and actually approves it to be sent. Our company loves the quarantine feature, it has lightened the load on the exchange server a ton!

  5. #5
    Untangler
    Join Date
    May 2009
    Location
    Rochester area, New York, USA
    Posts
    31

    Default

    it has lightened the load on the exchange server a ton!
    UT has a had a great impact on lessening the amount of SPAM that hits the server. It would be cool if there were a way to decrease the load on the UT server itself.

  6. #6
    Untangle Ninja raditude's Avatar
    Join Date
    Jan 2009
    Location
    Eugene, OR
    Posts
    1,143

    Default

    From what I have found, the only "lessoning" you will get on the UT server is enabling "Tarpitting", as it rejects connections. Beyond that the only other way would be to get less spam sent to you, and that is a whole different can of worms to tackle, which UT has no control over....

  7. #7
    Master Untangler JEllingson's Avatar
    Join Date
    Jan 2008
    Location
    Warner Robins, GA
    Posts
    348

    Default

    There are some minor tweaks to SpamAssassin to help it deal with a higher load... look into increasing child processes, turn on shortcircuit option, and to install a local caching DNS server that doesn't use your ISP (uplink) for its lookups.

    Another option is to disable external checks (Razor, DCC, Pyzor, CommTouch) and enable SANESECURITY checks (it uses ClamAV signatures that are updated regularly).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2