scheidell at secnap
Oct 6, 2008, 12:38 PM
Post #2 of 3
(176 views)
Permalink
|
|
Re: Trusting TLS for spamfighting purposes?
[In reply to]
|
|
> Can SpamAssassin negative score emails that are sent using TLS?
>
> I realize anyone (even spammers) can use TLS, but I tend to trust
> encrypting mail servers more than I do non-encrypting ones.
>
> However, I'm guessing all evidence of TLS usage has disappeared by the
> time SpamAssassin gets the message?
I looked at this a while back.. Lots of spam with TLS from servers.
(too easy to set up in linux/ms)
As to how to check fingerprints:
Depends on your MTA.
Postfix, add this to main.cf:
smtpd_tls_received_header = yes
See this in emails:
Received: from fl.us.spammertrap.net (fl.us.spammertrap.net
[204.89.241.173])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mail.secnap.net (Postfix) with ESMTPS id 34B33164838
for <scheidell[at]secnap.net>; Sat, 4 Oct 2008 10:29:49 -04
Regardless, I don't see any relationship between TLS and !spam.
In fact, most 'spam' that got through today had tls 'fingerprints' from our
MTA.
Only thing TLS MIGHT help with is zombies (I doubt that the infected bot on
the xp workstation would use TLS encryption). So, using it with p0f, MAYBE,
as in:
If you think p0f or other 'dialup' things this is a workstation, and it has
TLS fingerprints, maybe not trigger the p0f / dialup/dynamic rules.
--
Michael Scheidell, CTO
>|SECNAP Network Security
Winner 2008 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.spammertrap.com
_________________________________________________________________________
|
