I’m sure it’s all nice and handy to have Comodo AntiSpam (CAS) do all the configuration automatically for itself but I am very used to having manual control to configure the proxies. While I’d like to add CAS for its challenge-response (C-R) mechanism, I want that as the LAST method to eliminate spam, not the first (and perhaps only) method. I want to use passive filtering to identify spam before using C-R; see http://spamlinks.net/filter-cr.htm#issues-harmful. I want the passive filtering done first to reduce the chance of inflicting innocents with “challenge spam” (and, yes, the challenges are unsolicited by the innocents). I will not rely on C-R to filter out spam unless all responsible methods are first employed. That means I need to daisychain the proxies which means they need to let me daisychain them together.
My current anti-spam setup is:
For POP3 accounts (non-SSL):
e-mail client ← SpamPal ← POP3 server
For POP3 accounts (SSL required):
e-mail client ← Gmail POP3 server
For HTTP accounts (Yahoo):
e-mail client ← SpamPal ← YahooPOPs ← Yahoo HTTP server
I currently use SpamPal because of its DNSBLs (DNS blocklists of known spam sources) and Bayesian filter. Unfortunately, SpamPal does not support SSL connects so I cannot use it for my Gmail account unless I add the stunnel proxy after SpamPal but that’s just more to go wrong. Gmail’s spam filtering is very good but if I start seeing lots of spam coming through Gmail then I’ll have to incorporate the stunnel proxy.
For DNSBLs, I use SpamHaus SBL+XBL (which includes CBL and blitzed.org), ORDB (for relays), NJABL (for relays and open proxies), and SpamCop. I used to use SORBS but their list has some very old entries (3 months since last trap) and they employ extortion to get delisted (forcing a $50 donation to a charity). I won’t use SPEWS because they are a IP range blocking list to rate spamminess of a domain rather than identify actual spam source, were unresponsive, and are dead now. I won’t use APEWS or UCEPROTECT (same group manages both blocklists) because they intend to emulate SPEWS (which I considered a vigilante blocklist since they had no means of delisting other than their flawed automatic method). I found Spamhaus, ORDB, NJABL, and SpamCop gave me a good combination to avoid false positives but still give good coverage to identify spam sources. But DNSBLs only work for known spam sources (caught or reported) so SpamPal also gives me a Bayesian filter (although I might look into replacing it with K9, SpamBayes, or SpamAssassin). SpamPal also has its MX block filter to identify e-mails that originate from mail servers with dynamically assigned IP address (i.e., infected user hosts running trojan mailers). It is configured to use the NBABL dynamic IP list. If the e-mail doesn’t come from a static IP addressed mail host then I don’t want it. SpamPal also lets me block by country (i.e., IP addresses allocated in a region) to block mails from China, Korea, Malaysia, Argentina, Brazil, Nigeria, Turkey, or other countries where I don’t correspond with anyone there (and for those outside the USA it also includes an option to block mails from the USA). SpamPal has its logfile option that will keep a plain-text version of every spam-tagged e-mail so I have a means of getting at an e-mail that was a false positive if I configured my e-mail client to immediately delete spam-tagged mails (instead I now move them into the Junk folder and use auto-archiving to permanently delete after 3 days).
SpamPal gives me a lot of methods to detect spam that are passive without wasting more bandwidth and disk space sending out challenges which are, in effect, spam to the innocents that receive them. Also, this backscatter of “challenge spam” is reportable in the DNSBLs and can get a C-R user added to the blacklists (SpamCop, for example). So before using C-R, I want to continue using passive and responsible methods to eliminate spam. With passive filtering, spam is handled by me and I don’t end up trying to use other users as unpaid involuntary spam filterers for my mails. My non-whitelisted non-spam senders would still end up getting the challenge but I consider that an acceptable irritation for them to send me good mails (plus they’ll get added to the whitelist to not bother with the challenge again). This is for personal e-mails received at home or on my laptop and not for business use so I’m not concerned about irritating and pushing away potential customers.
In the above schemes, I can daisychain the SpamPal and YahooPOPs proxies. At the e-mail client, you specify the SpamPal proxy as the POP3 server and in the username you specify to where SpamPal will connect via “username[ [ at ] popdomain] [ at ] popserver[:port]”. Basically at the starting point which is the e-mail client, you specify enough information so each proxy can strip out what it needs to tell it where to connect. I don’t know how CAS works or if it will even operate as a cooperative proxy to daisychain with other proxies. Even if SpamPal weren’t in the mix, CAS would need to cooperate with the YahooPOPs proxy to let me continue using my freebie Yahoo Mail accounts.
SpamPal merely tags suspect mails. It is up to the user to define rules in their e-mail client as to what action to take based on which tag (header) got added by SpamPal. That’s okay when SpamPal was the only spam filter used. If CAS is added to the proxy chain (assuming it can be added), CAS needs some means of also detecting if SpamPal added its bad tag (“X-Spampal: SPAM” header) versus it good tag (“X-Spampal: PASS” header). I prefer using headers rather than marring the Subject with a “SPAM” tag string. I know that CAS has its whitelist but I don’t know on what criteria is allows for definition in that whitelist. If CAS can search all the headers and can whitelist based on the existence of the “X-Spampal: SPAM” header then that already spam-tagged e-mail will bypass CAS and get handled using rules in the e-mail client to manage the spam. That way, C-R does not get employed for e-mails that have already been identified as spam. I want C-R to the LAST method used to filter out spam and only if the mail hasn’t already been tagged as spam.
One, will CAS daisychain with other proxies?
Two, can CAS be configured to ignore mails that have specific headers so spam already tagged by upstream proxies will not generate a challenge mail? If the mail can be detected as spam then I don’t need to be sending out challenges for it.