[milters] Archive

Lists Index Date Thread Search

Article: 260
From: Jeff Groves
Date: 2004-11-28 15:55:29 -0500
Subject: Re: milter-mole

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

So, as I have grown to understand from the reading that I've done and from your email
below, 
the effort behind SIQ is to create an expert system that is able to reason whether or not
an 
email is crap or not.  Better than filtering, an expert system is adeptly honed to be able
to 
mimic the choices for letting valid email through that a seasoned, experienced postmaster 
conjures up with an assortment of blackhole lists and milters.

Am I getting warm in my interpretation?

Thanks,

Jeff G.

April Lorenzen wrote:
> Removal...........: milters-request@milter.info?subject=remove
> More information..: http://www.milter.info/#Support
> --------------------------------------------------------
> 
> Hi Jeff,
> 
> SNMPTrap potentially has security / anti-spoof benefits over the SIQ
> protocol *for the purpose of sending data which will be used as facts to
> score domains, ips or domain+ip pairs.* It was just a wild suggestion and
> I don't think it (SNMPTrap) panned out. We are not presently concerned
> with how to collect trustable data from inbound servers / recipients.
> 
> The SIQ protocol is optimized for speed, and once we determined there is
> no requirement to be able to trust the data the SIQ "reputation" server
> receives - people spoofing queries is not an important issue. They can
> spoof all they want - they are the only user of the response they get
> back, and the queries they send are not used as input to the "reputation"
> system.
> 
> Vitalij's milter-mole seems much more like GOSSIP to me - but in V's
> suggestion - many trusted reporting nodes send data to a central server
> and apparently the mole also signals 'we thought this was bad' or maybe
> even 'we thought this was good'
> 
> The SIQ protocol "reputation" service I operate doesn't use judgements
> from any source in determining scores. It (the Outbound Index) is based on
> facts about the domain, ip, domain+ip, nameservers and related criteria.
> The Outbound Index facts are about longevity and stability - how long has
> the domain, or name server, or IP been around / assigned to this usage -
> showing a pattern of wildly varying "customers" / forgeries vs dull stolid
> consistency of most legitimate senders, also whether identity is obvious
> or concealed.
> 
> The "security" factors are also part of the Outbound Index structure - for
> example, a free webmail that requires zero verification of identity to
> sign up - and has no rate limiting - has a lower security rating than a
> bank with tight policies - no one but their own employees have access to
> their outbound server, and their employees are required to use port 587
> submission for any mail sent with the bank domain.
> 
> I don't like the term reputation - because it may be taken to be
> subjective judgements or conjure up visions of "samples of spam" used to
> justify blacklists, or some geek like me deciding whether or not
> recipients get to see ads for di-et patches or V or C or p o rn or
> whatever. But "reputation" seems to be the term we are stuck with. The way
> we use the Outbound Index is all pre-DATA so there is certainly no
> censorship.
> 
> Thank you,
> 
> - April
> 
> 
> 
> 
>> From my reading of both Vitalij's email above and the discussion on the
>>wiki that you provided, I think that both are basically barking up the
>>same tree.
>>
>>As an additional question generated by my reading, what were the
>>benefits of using SNMPTrap over the current DNSBL arrangement?
>>
>>Thanks,
>>
>>Jeff G.
> 
> 
>>>>milter-mole: This
>>>>module will post periodically on the central server of address of ip
>>>>and e-mail sender and destination address in case if a sender or
>>>>recipient is not improper. In case if ip or e-mail sender or e-mail
>>>>recipient often repeat oneself at all participants on the amount of
>>>>voices to block an ip and e-mail sender. And also I ask to consider
>>>>possibility of creation of support sql (mysql) for the local use in
>>>>the personal aims.
> 
> 
> 

Lists Index Date Thread Search