Myself and a colleague were both getting Joe-jobbed yesterday. I had an easy time telling Exim to reject mine at SMTP time, but the colleague receives mail on our only Plesk server, so it’s using qmail. I’ve noticed before that qmail admin tools are primitive and incomplete, so I looked for the appropriate rocks to bang together to put this fire out. (I think I just sprained a metaphor.)
My best attempt so far is to edit the user’s .qmail file to start with a pipe to a command that exit 100s if it detects an error for an email which the user obviously didn’t send (wrong email client or whatever). qmail understands code 100 as a hard error, so I think that should generate an SMTP error, but I didn’t figure out from the logs whether it was SMTP-time or later and my testing was inconclusive. I suspect Plesk will remove my pipe when the user next edits their email account, too. How do qmail/Plesk users not drown in spam?
In related news, I’ve started getting “Challenge Response” emails from users of Merak Mail Server Software for emails I never sent. I’m answering the challenges so that challenge-response users get spam if their server spams me. Challenge-response is evil – I don’t want spam from your mailserver just because you accepted spam that said it was from me. If you are using Merak Mail Server Software, change away now!
One of my current anti-spam tactics is to read my email in batches (which Suw suggests is a good idea) and group messages which look “similar”. Very similar messages appear for very few reasons: people resending messages, mailing list threads, stuff from spam-nets and a few others. Apart from spam-nets, most of the others match one of a few keywords. My current method of doing this is part-automatic and part-human. Are there automated anti-spam tools which exploit this local similarity? I think DCC used to include this idea, but then there were software patents and hoo-ha and I stopped paying so much attention.
Finally, a small discussion has broken out in the comments of Is Yahoo Now Even Worse On Spam? about whitelisting and business-critical uses of free webmails.
Loading ...
8 comments so far
1 Justice // Sep 18, 2008 at 4:37 pm
How to not drown in spam with qmail? Easy:
http://www.spamdyke.org/
It works great, lessens the general load on the server and is easy to integrate with qmail/plesk.
2 MJ Ray // Sep 18, 2008 at 5:02 pm
Thanks for the pointer! I also cured a mail loop which was causing problems on the server, but if the problems recur, I’ll give spamdyke a go.
3 Steve Kemp // Sep 18, 2008 at 9:49 pm
An alternative to spamdyke (which I’ve never heard of before) is qpsmtpd – another SMTP proxy which you can sit ahead of qmail.
I’ve got a lot of experience with it, and it works very nicely.
Qmail, under plesk, does suffer quite badly. Many of our customers have issues with it. (People who pay extra for the spamassassin plesk plugin also suffer, because it doesn’t allow you to limit the spamassassin processes – and that can trigger OOM conditions.)
4 Another Wednesday, Another Joe-Job | Software Cooperative News // Sep 25, 2008 at 7:23 am
[...] another of our mailboxes got joe-jobbed, just like last week. Again, it was one of our Exim servers (yes, one got done along with a qmail last week). Again, it [...]
5 Pulling One File From a Plesk Backup | Software Cooperative News // Oct 8, 2008 at 10:13 am
[...] won’t repeat my frequent anti-Plesk rant, but suffice to say: it’s a [...]
6 Christine // Mar 18, 2009 at 10:27 pm
The ONLY way to completely stop backscatter and joe-jobbing issues to use MagicSpam for Plesk. magicspam.com
It’s the only antispam that uses ‘Mail Server Profiling’ needed to stop spam sent via forged email addresses.
7 MJ Ray // Mar 19, 2009 at 11:09 am
Why is the pay-to-use MagicSpam any better than SpamDyke or qpsmtpd?
8 Christine // Mar 19, 2009 at 5:40 pm
MagicSpam ties right into the plesk interface and needs no manual installation,configuration or compiling and all the controls are in the Plesk interface.
MagicSpam also has access to unique blacklists. These blacklists are built right in which saves time during RBL lookups.