top report presentation (PDF) article (Ja.) white list black list watch tool applyers Q&A blog (Ja.) links history contact

Voices of the applyers

13 Dr. KUNISHIMA Takeo    I administer the server of a certain society. I had quite been in trouble over spam messages of hundreds a day rushing to the mailing list for contact to the society, whose address is exposed on the web, in spite of using Spam throttle.
   I remembered that I had ever found the anti-spam system named S25R, so I thought that it was worth trying.
   It shall not often fail in receiving legitimate mail, so I first introduced Qgrey, which may seldom mistakenly reject legitimate mail. It excluded quite much spam, however, some spam messages slipped through.
   100% of the SMTP connections which Qgrey blocked were spam. Blocked legitimate messages were less than one a day. I thought that legitimate messages to the society were seldom trapped by the S25R rejection conditions because almost all of them might be sent from the members' offices. Then it might be safe to introduce the pure S25R system. So I applied the S25R patch to qmail and started the operation. There were old descriptions in the patch, so I rewrited them into the newest ones.
   As a result... I couldn't say anything but "surprising!" Received spam messages were quite reduced to about 10 a day. In a time period of 13 hours, the number of SMTP connections temporarily rejected by S25R was 2048. Indeed it had excluded, without receiving, more than 99% of spam. In the period, there were no legitimate messages mistakenly rejected; all of the legitimate messages to the society had been delivered correctly. To tell the truth, I had not expected that it was so effective.
   As for spam messages of about 10 a day slipping through, I counter them by describing a black list pattern for each, or by other methods. They are enough few for me to analyze in spare moments from my work.
   I deeply thank Mr. ASAMI Hideo, who invented such a wonderful method.
[Summary of the blog article (Dec 18, 2007), translated by the author; carrying permitted]
12 Mr. H.    I am an information system administrator of an organization governing medical institutes.
   We use the security software GIDEON to exclude a rush of spam messages of about 20,000 a month, but I had been busy for regitering into GIDEON many samples of spam slipping through.
   After I noticed the S25R system and applied it to Postfix, more than 80% of spam was excluded before GIDEON processed it, so the labor of registering spam samples was mitigated. However, I became busy for maintaining the white list and the black list. So I applied greylisting with postgrey combined with S25R. Consequently the labor for operation was quite reduced.
   Received spam messages have reduced to about 800 a month, 4% of a rush of spam messages. (This data includes legitimate mail judged as probable spam by GIDEON, so real spam is rather fewer.) Complaints from doctors about spam have almost been extinct. I appreciate such a wonderful idea you offered free.
   My only trouble is that other people think I am idle because the labor for anti-spam measures of one hour a day has become almost unnecessary.
11 Mr. ITO Masahiko    I operate my personal Internet site. In order to apply the S25R system to sendmail, I made a daemon program called smtp_wrapper, which calls a filter script implementing the S25R system. I have got a satisfactory result.
10 Mr. SUZUKI    I operate my personal Internet site. I had received much abuse mail. After applying the S25R system, almost all abuse mail has been blocked. It is a very helpful system!
9 Mr. NAKAYAMA Shigeru    We have applied the S25R system into the network of Tokyo Institute of Psychiatry, in which there are about 150 users.
   We offer to the users a web interface which displays a grey list for each recipient, and maintain the white list on requests from the users.
   It works very well. Almost virus mail is blocked, so the anti-virus gateway software seems to be needless although we spent much cost for it.
8 Mr. TAKAMURA Kazunori    Itoh Co., Ltd. operates about 350 domains and 4,000 mail accounts of the company and the customers of hosting and housing services.
   Although I once tried to use antibadmail for anti-spam, I gave it up because of its serious side effect that often mistakenly blocks legitimate messages. After that, I paid attention to the S25R system, and introduced Mr. HIROSHIMA Naoki's S25R adapting patch for qmail. I thought I coundn't abandon this very effective system, however, I found white list maintenance to be hard because of much mail traffic.
   When I was thinking what I should do, Mr. SATOH Kiyoshi made Qgrey (S25R adapting patch for qgreylist) and offered it to me. It is working very well and the server load is quite light. It blocks about 70% junk mail among about 40,000 mail accesses a day. The load on the anti-virus gateway became less.
   However, I am worried about some retrying spam messages from Taiwan and Korea slipping through greylisting. Some users filter them with bsfilter (Bayesian spam filter).
7 Dr. SHIBANO Kohji    We have applied the S25R system into the network of Tokyo University of Foreign Studies. There are about 5,000 users, and more than 1,000 of mailing lists are provided for more than 20,000 members.
   First we had a provisional operation period over half a month. During that period, we had made the system block spam for 3 hours and free it for 1 hour in every 4 hours. About 6,000 spam messages were blocked a day, and viruses trapped by the anti-virus gateway decreased from 1,000 a day to 300 a day.
   During the provisional operation period, we registered about 800 entries on the white list by analyzing the mail logs. Moreover, we developed a script that find legitimate hosts and register them on the white list automatically. (We didn't applied postgrey.) This script checks consistency between a HELO address and a sender address as well as retry accesses.
   After the provisional operation, we started the full-time spam-blocking operation.
6 Mr. KIMATA    We have applied the S25R system into the network (about 500 users) of the Toki city office in Gifu prefecture. We had had difficulty in operating mail service because of a lot of spam and virus mail. They seldom get in after applying the S25R system. It is a very helpful system!
5 Mr. S.    We have applied the S25R system into our corporation network (about 120 users). Surprisingly much abuse mail has been blocked since I set up the mail system taking a leaf from the report, even though I am not so skillful in operating the mail service. I appreciate the S25R system!
   It is not so hard to watch logs because the mail traffic is under 1,000 messages a day. We have successfully put legitimate hosts into the white list by ourselves.
4 Mr. K.    We have applied the S25R system in order to keep about 18,000 users (corporation members and customers of our hosting service) away from harm of spam.
   Because of many usres, we need to make strenuous efforts to find many legitimate hosts which must be registered on the white list. Our white list entries have exceeded 1,000.
   About 3/4 of mail accesses are blocked as abuse. Though many users had complained of spam to the helpdesk, no one complains after applying the S25R system.
3 Mr. UCHIDA    I applied the S25R system into my personal Internet site. The block rate is almost 100%, far from "99% block rate". It is a very helpful system.
   It is not hard to watch logs because the mail traffic is under 200 messages a day.
2 Mr. HIROSHIMA Naoki    We have applied the S25R system into our network (about 40 users) in the United States. Because our mail server is not Postfix but qmail, I realised the system applying a qmail patch which checks hostnames.
   We have found that unexpectedly mamy spam messages retry, although the situation is different between Japan and the United States. Sometimes a retry access is found to be spam after listing the host in the white list.
   Our white list entries are nearly 500. We needed to spend effort on listing entries on the white list just after applying this system, however, the increase is one or two entries a week at present. We cannot do without the S25R system because it blocks about 2,000 spam messages a day.
1 Mr. SATOH Kiyoshi    We have applied the S25R system into our network service (about 100 users). I think this system is simple but effective.
   In the S25R system, it is recommended to find retry accesses against the response code "450" and save legitimate hosts using the white list. I got an idea that such procedure can be automated using postgray, and realized a system combined postgrey with the S25R system's check conditions. Although some spam messages slip through postgrey, it blocks about 95% of abuse mail.
top report presentation (PDF) article (Ja.) white list black list watch tool applyers Q&A blog (Ja.) links history contact