On Mon, Oct 13, 2008 at 5:53 PM, Joey <[EMAIL PROTECTED]> wrote: >> -----Original Message----- >> From: Justin Piszcz [mailto:[EMAIL PROTECTED] >> Sent: Monday, October 13, 2008 5:37 PM >> To: Joey >> Subject: RE: Finally blocking some spam >> >> What anti-spam measurements do you currently use? >> >> What does your main.cf look like? > > (Snip) > > 1st: Firewall using IPlists discussed in this thread. > 2nd: RBL's: > reject_rbl_client bl.spamcop.net, > reject_rbl_client b.barracudacentral.org, > reject_rbl_client zen.spamhaus.org, > reject_rbl_client dul.dnsbl.sorbs.net, > reject_rbl_client psbl.surriel.com, > reject_rbl_client ix.dnsbl.manitu.net, > > the rest via postfix settings which are: > alias_maps = hash:/etc/postfix/aliases > biff = no > body_checks_size_limit = 21200 > bounce_queue_lifetime = 1d > bounce_size_limit = 2048 > command_directory = /usr/sbin > config_directory = /etc/postfix > daemon_directory = /usr/libexec/postfix > data_directory = /var/lib/postfix > debug_peer_level = 2 > delay_warning_time = 24h > deliver_lock_attempts = 10 > disable_vrfy_command = yes > header_checks = regexp:/etc/postfix/header_checks > html_directory = no > mail_owner = postfix > mail_spool_directory = /var/spool/mail > mailbox_size_limit = 35000000 > mailq_path = /usr/bin/mailq > manpage_directory = /usr/share/man > maximal_queue_lifetime = 5d > message_size_limit = 20000000 > mydestination = $myhostname, localhost.$mydomain, $mydomain > myhostname = myserver.net > mynetworks = 127.0.0.0/8 > myorigin = $mydomain > newaliases_path = /usr/bin/newaliases > queue_directory = /var/spool/postfix > readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES > relay_domains = /etc/postfix/backup_domains > relay_recipient_maps = hash:/etc/postfix/backup_domains_recipients, > hash:/etc/postfix/transport_recipients > sample_directory = /usr/share/doc/postfix-2.2.10/samples > sendmail_path = /usr/sbin/sendmail > setgid_group = postdrop > show_user_unknown_table_name = no > smtpd_hard_error_limit = 3 > smtpd_helo_required = yes > smtpd_junk_command_limit = 3 > smtpd_recipient_restrictions = reject_invalid_hostname, > reject_non_fqdn_sender, reject_non_fqdn_recipient, > reject_unknown_sender_domain, reject_unknown_recipient_domain, > permit_mynetworks, reject_unauth_destination, > check_helo_access hash:/etc/postfix/helo_access, > reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, > check_policy_service unix:private/policy, check_sender_access > hash:/etc/postfix/client_checks, check_client_access > hash:/etc/postfix/client_checks, check_sender_access > hash:/etc/postfix/freemail_access, check_recipient_mx_access > hash:/etc/postfix/mx_access, check_sender_access > hash:/etc/postfix/senders reject_unauth_pipelining, > reject_rbl_client bl.spamcop.net, reject_rbl_client > b.barracudacentral.org, reject_rbl_client zen.spamhaus.org, > reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client > psbl.surriel.com, reject_rbl_client ix.dnsbl.manitu.net, > check_recipient_access hash:/etc/postfix/filtered_domains > smtpd_restriction_classes = from_freemail_host > soft_bounce = no > strict_rfc821_envelopes = yes > transport_maps = hash:/etc/postfix/transport, > hash:/etc/postfix/transport_bounce > unknown_address_reject_code = 554 > unknown_client_reject_code = 554 > unknown_hostname_reject_code = 554 > unknown_local_recipient_reject_code = 550 > > >
you might want to consider the invaluement Anti-Spam DNSBL http://dnsbl.invaluement.com/ It does cost a little bit of money (a very small amount) but it's blocking 40% of connections *after* zen, spamcop and surriel have their chance. FPs are on par with Zen, which is very very good for us at least. -Aaron
