BSDCan2018 - 1.54

BSDCan 2018
The Technical BSD Conference

Aaron Poffenberger
Day Talks #2 - 9 June - 2018-06-09
Room DMS 1140
Start time 13:30
Duration 01:00
ID 954
Event type Lecture
Track System Administration
Language used for presentation English

Fighting Spam at the Frontline

Using DNS, Log Files and Other Tools in the Fight Against Spam

After more than 20 years of fighting, the spam problem isn't getting better. Spam has system costs, people costs, and organizational costs. The costs go up the further along the delivery path it progresses. We can't prevent spammers from spamming, but we can prevent much of it from entering our mail handler.

Fighting spam at the frontline (firewall and MTA) is the earliest and cheapest place we can wage the war. Tools and strategies like greylisting (along with whitelisting and blacklisting), and tar-pitting have their place, but are we using them effectively? Is there more we can do?

In this talk we'll look at the various strategies we can take to improve our ability to block spam at the MTA without blocking or delaying (or delaying for long) legitimate senders.

One of the biggest complaints about greylisting and blocking is impact on legitimate mail. For low-traffic email domains delayed delivery and the odd-lost email might be acceptable. For higher-traffic domains, or those where timely delivery is critical, effective blocking requires a more active, but automatable, approach.

In this talk we'll look at the current state of ip-x-listing (whitelisting, greylisting, and blacklisting), additional tools and strategies we can use to improve the accuracy and effectiveness of our lists, while ensuring timely delivery of email from legitimate senders.

We'll also discuss strategies for keeping groups of mail servers in sync with the latests lists. Some of the tools and techniques we'll look at:

  • MTA-specific features like postscreen
  • Using SPF records to whitelist well-known senders
  • Using the mail logs to whitelist outbound recipient domains
  • Integrating feedback from SpamAssassin
  • Using log files to identify bad actors
  • Effectiveness of third-party lists