Another Apporach to blocking spam

[karlvg]

I am using GFI Mail Essentials to block spam. Granted it catches a lot of spam, however, there is about 10% of spam that slips through. After doing research on spam, I thought that I shouldn't just filter on keywords in the email or subject line. When spam is sent and caught, resources are still wasted, bandwidth, cpu, memory, drive space, etc.
I want to stop spam from entering the system.
I am using IIS SMTP in my DMZ and it forwards mail to my Exchange 2000 server internally. I turned on logging on the IIS SMTP. I created a database that filters out valid users and invalid users and the ip addresses of the smtp servers that connected to my server. Everyday, I have about a list of 200 ip addresses that I enter into the "IIS SMTP\Connection Control\Select which computers may access this virtual server\All except the list below" and I add each ip address individually. I have about 2000 addresses and it seems to be working. Rarely do I come across a duplicate entry.
I was wondering if someone knew how to enter the ip address into the metabase programically and not one at a time?
Are there any limitations to the number of IP addresses that can be entered?
The documentation is very minimal on programming the metabase.
Right now, the database is very basic, but I envision the ability to create a list, check off the spamming ip addresses and enter them directly into the metabase. I think that this is where focus of spam blocking should be.
TIA,
Karl

 

[Davetoo]

What will you do if you have legitimate email that you block because a customer of yours happened to have their server hacked and spam sent from it which you subsequently prevent all mail from that IP?

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.

 

[karlvg]

Inform the customer, help them with their problem, once resolved allow them to deliver to me.
Just by filtering does not help those whose severs that have been taken over. This spam stuff needs to end. It wastes all of our time.

 

[karlvg]

It has happened twice. Two different companies called and said that they were getting bounce backs from my domain. We investigated found that there was relaying, block the relaying and now they are sending.

 

[Davetoo]

I'm too busy as it is to solve someone elses relaying problem.

Good luck, sounds like a lot of work to me because the spammers will continue to hack different systems, and you'll be forced to continue to block sending IP's, help legitimate companies with their relay problems, and on and on and on.

GFI does a good enough job for us that the few that do get through are just annoyances.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.

 

[karlvg]

Thanks,
In this case helping others only helps yourself.
GFI is good, but it doesn't prevent your resources from being used. Eventually, your pipe could be filled with spam. What if spammers start sending out large files to your domain as a DoS attack. Eating away at your bandwidth. The way viruses are today, that can easily happen.

 

[Davetoo]

Yes it could, as could a million other different things every day. That's why my company pays me every couple of weeks, to handle situations like that when they arise.

They don't pay me to fix other companies relaying problems, nor to prevent every "maybe" out there. I just don't feel your approach will help solve anything in the long run, that's all. Best of luck to you.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.

 

[EverquestAddict]

Greetings,

We use NEMX Spam Filter (Which I hate with a passion. Their Customer Service is horrible) and it catches about 90% as well as GFI. Lander is right. SPAM will always be here and if you devote too much time for a 100% solution, you will be just spinning your wheels. I know, I have went down this road before. When an end user tells me, "I had 14 Spam e-mails in my inbox", I just show them how we catch about 2000 a day. 8000 over a weekend. And they usally are comfortable with getting a few. We do have Norton for Exchange running as well and you can tweak it to filter out a few more, but in the end, Spammers will just find other ways.

I devote more time to security, data backup and server uptime than Spam.

Oh and Lander, love your signature. It's so true. hehe

"I live in my own little world. But it's ok, they know me there"

 

[karlvg]

OK, there is a difference of opinion and I agree with the above. I just want to stop it at a different level. There isn't a difference between what I want to do and black listing a domain. Spammers can easily change the from address/domain.
Anyways - lets get back to the original question:
I was wondering if someone knew how to enter the ip address into the metabase programically and not one at a time?
Are there any limitations to the number of IP addresses that can be entered?

 

[Davetoo]

Why don't you just set your spam filter to one or more of the regular DNS black list sources and be done with it? Let someone else do the work for you.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.

 

[karlvg]

That's just it. It is set to the DNS Black list and spam still gets through. Why, because spammers can make up domain names.

 

[Davetoo]

Ok, well, sorry, can't answer your questions. Good luck reaching zero spam.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.