[Exim] New Metod to Control SPAM : Mail Online Listing

Top Page
Delete this message
Reply to this message
Author: Danny Bendersky
Date:  
To: Exim-users
CC: Cruz Jaime, Ochsenius Christian
Subject: [Exim] New Metod to Control SPAM : Mail Online Listing
Hi all,

I currently run an ISP, and worked for ISP's since 1995, so I have lot
of experience (good and bad) with SPAM.

After talking with a spam expert friend of me, and analizing the spam
problem, I thing that there is a VERY good solution to stop the
outgoing spam for an ISP. Taking care of this, we can reduce the source
of the problem.

The way to stop the spam is controling the INCOMING and OUTGOING spam.
This metod focused for the OUTGOING spam. To fight the INCOMING there
is lot of ways, like Grey Listing, Software that filter the spam,
etc...

Here is the metod:

The ISP's know the information of their DialUp/DSL customers, as they
use a login and password to connect. Generally they have a table called
'radonline' where we can see all the current connections.

The idea is to create a new table called somthing like 'mailonline' and
store there:

Username, IP Assigned, Mailcounter, Date, MaxSentMailPerDay,
Calling_number

The idea is that every time a user get connected, to store there this
information (using the radius software to do that). The mailcounter is
the number of mails he send, at this time is cero. The max_mail is the
limit we want to set for that customer per day, maybe 500. This number
can be part of a comertial product. As we define the MailQuota, we can
define the MaxSentMailPerDay.

So, after we had this info, at the Exim level, we can count each mail
from that IP, and update the 'mailonline' table to be something like
this:

Username, IP_Assigned, Mailcounter, Date, MaxSentMailPerDay,
Calling_number
someone, x.x.x.x, 5, 2004-05-27 00:00:00, 500, 235XXXX

The number 5 says that this IP sent 5 e-mails. Using this metod, we can
control exactly how many mails our customers send.

If the customer is a spammer, he will disconect and reconect every some
period of time, to change his IP, so we need to tell our radius that
every time the customer login, to update the 'mailonline' table, so we
know the IP that is using a valid user all the time.

At the Exim level, we can define that if the 'Mailcounter' is bigger
than 'MaxSentMailPerDay', to reject the mail.

Finally, as the 'MaxSentMailPerDay' is a daily rule, every night at
midnight we need to reset the 'mailonline' table. For that we can use
a cron job.

If any one like this metod, and have sugestions and/or improvements,
please share them with all of us.

PS: The 'Calling_number' is important if you have customers that share
the same account.

Maybe there is a better way to set the 'MaxSentMailPerDay' using Exim,
but this is the way I found until now.

Hope this help all of us, and improve the fight against spam.
--
Saludos....

Daniel Bendersky.

------------------------------------------------------------------
Daniel Bendersky              Director de Operaciones y Tecnología
dbenders@???                          http://www.netline.cl
NETLINE                                Av. Vitacura # 2939 of. 202
Oficina   : +56 2 751 2600            Las Condes, Santiago - CHILE
Celular   : +56 9 998 9122               Fax2mail : +56 2 751 2651
Voice2mail: +56 2 751 2618
            "Success is a journey, not a destination"
------------------------------------------------------------------