Controlling Spam to the NOC

Jeff_Workman · May 23, 2002, 8:41pm

Hello,

Has anybody on this list figured out an effective way to eliminiate, or at least severely limit, the amount of spam that arrives in your NOC? I am aware of solutions such as Spamassassin, Vipul's Razor, and the various RBL lists, but has anybody used one of these solutions, or anything else, to reduce the amount of spam going into noc@/trouble@/etc mailboxes without severely restricting the rest of the internet's ability to reach the noc via email for legitimate purposes? Particularly in a NOC where it's quite possible that some of your customers are listed in the RBLs but still need to reach you.

-Jeff

Alif_The_Terrible · May 23, 2002, 9:02pm

<ramble>
You hit it dead on: use all the tools at your disposal, but preemptively
"whitelist" your customers. Unfortunately, the whitelisting isn't always as
easy as it sounds. If they are within your IP space, you're good to go, but
if they have the rare portable block, or they are multihomed, etc., you need
to be more careful.
</ramble>

In Short: Whitelist like crazy, and then blacklist like mad!

Jon_Lewis1 · May 23, 2002, 9:17pm

We do both...but I wouldn't say whitelist like crazy. More like whitelist
as needed, and find a blacklist or one of the message body parsing utils
you like...or both.

For the rare emergency when a customer (or non-customer) needs to talk to
our NOC and can't get email through, we have these neat things called
telephones. They work pretty well. In fact, I think mine often works too
well.

Karsten_W_Rohrbach · June 27, 2002, 4:28pm

Jeff Workman(jworkman@pimpworks.org)@2002.05.23 16:41:08 +0000:

Hello,

Has anybody on this list figured out an effective way to eliminiate, or at
least severely limit, the amount of spam that arrives in your NOC? I am
aware of solutions such as Spamassassin, Vipul's Razor, and the various RBL
lists, but has anybody used one of these solutions, or anything else, to
reduce the amount of spam going into noc@/trouble@/etc mailboxes without
severely restricting the rest of the internet's ability to reach the noc
via email for legitimate purposes? Particularly in a NOC where it's quite
possible that some of your customers are listed in the RBLs but still need
to reach you.

TMDA as per-account or generic delivery filter (depending on your MTA
setup), with a whitelist of known customers (which should be easy to
derive from a CRM backend or customer address database and a few lines
of shell voodoo).

regards,
/k