[SC-Help] I'm a bit at a loss here... (9 Million questions - or less)

[Galen]

I own, along with a few other people, a recently started webhosting company. 
We have a rather strict anti-spam rule (one which basically means that if we 
get a report from you guys and it's at all proven to be correct they're out 
on their arses) but, at the same time, have a bit of a problem with privacy 
meaning we'll accept munged reports for instance and don't reveal any 
information about our users without a court order and, if they want us to 
and will pay for it, we'll even fight that for them.

Anyhow, to make a short story long...

I found the ISP section for SpamCop, signed up, configured it for hourly 
reports, and set it to the abuse@ email address. So far so good.

I want to test this. I want to see an example. I've been using SpamCop for 
ages, mostly to report UseNet spam lately, thanks for adding that. I've 
never seen the other end of things and, well, in order for things to run 
smoothly it would be good to know what we need to do, how we need to do it, 
etc...

Is there some sort of method of filing a null-valued report so that I can 
process it and see how it's done? Helpdesk doesn't fall directly in my lap 
but administration (and thus dealing with abuse reports) falls directly into 
my hands and I am accountable for such and want to ensure that I do my job 
properly. The last thing I want to see online is someone saying that the 
company who's administration/security I'm in charge of is being listed as 
blacklisted or, worse, a spam-friendly site. Well no, that's not the last 
thing I want to see but it's pretty close. I'm pretty sure the last thing I 
want to see would be, oh, something that belonged inside of me laying on the 
floor.

We use pretty robust cPanel/Fantastico/WHM software on Linux (RedHat) with 
all the various email scripts built right in with IMAP/POP3 support. (I 
think they support push now too actually.) Anyhow, If we wanted to offer the 
end-users (clients really) a choice to use the BL from SC at the server 
level... Well... How much am I looking at spending and I don't suppose 
SpamAssassin already hooks up with you? A search for information on such 
things didn't turn up a great deal really.

I guess I have techs and consulting available pretty much for free now that 
I think about it and I can likely script something if needed with the help 
of other people. (I'm one of the Microsoft MVPs and while they're generally 
Micro-centric they often tend to know a bit about other OSes as well and I 
have a background in Unix so *should* be able to figure it out if there's an 
API I can follow but no amount of searching for one for SpamAssassin has 
been forthcoming either.) So, well, if it's just a simple matter of the BL 
being a downloadable file on a regularly scheduled setting (and you don't 
mind the traffic) I could probably set it up as a CRON job to import it and 
then simply set it as an option for end-users to protect their inboxes with.

We, the site, have a goal and that is to be what hosting should be. That 
means, frankly, that we won't allow spam and do regular security checks as 
well as checking sites for malware content that could be spewing mass 
amounts of email into the 'net. To cooperate with the people who fight 
SPAM/UCE is not something we do because of any pressure or anything but it's 
something we do because it's required by our own morality. To be frank, I'm 
sick of bloated messages that I didn't ask for clogging up my own networks. 
I get, I suspect, about 5000 legitimate emails a day. (Yes, I signed up for 
everything over the years and that doesn't count newsgroups.) When there's 
an added 2.5 to 3k UCE/SPAM emails in the bunch it's really a problem. On a 
good day maybe about 75% of email traffic here is legitimate... Most days 
aren't good days. The people who host with our company will NOT be allowed 
to contribute to that mess. Rather than wait until it's a problem we'd like 
to start now and do it properly/effectively.

That's about enough of that other than one last question. Are there any 
other vendors here who might have some sort of form mail that they'd be 
interested in at least letting me look at? When/if we get a complaint then 
it *should* follow a standard procedure with the email ports being closed 
for that domain for 24 hours for investigation and then the subject (if 
proven to be a case where the client is the offender) site(s) being disabled 
or email ports being re-opened and the reporting agency being notified of 
our findings. I'll happily modify something if you have some sort of form 
you'd be willing to let me look at.

Anyhow, this is my first post to this newsgroup...

Hah! Wait, no... One last question...

Is anyone dumb enough to actually come in and SPAM this newsgroup? I hate to 
say it but there would be some humor in that, not from the act but from the 
uproar that it'd likely cause and the immediate call-to-action by the people 
who seem to frequent here. (Yes, I read a bunch prior to posting - such is 
the only way one should operate in NGs in my opinion.)

So, thanks... Thanks a whole lot. For the year's of service and for 
hopefully getting this figured out.

Galen
-- 
http://www.whathostingshould.be - We are what hosting SHOULD be.