On Mon, 13 Oct 2008, Joey wrote:
-----Original Message-----
From: Justin Piszcz [mailto:[EMAIL PROTECTED]
Sent: Monday, October 13, 2008 5:37 PM
To: Joey
Subject: RE: Finally blocking some spam
What anti-spam measurements do you currently use?
What does your main.cf look like?
(Snip)
reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client
psbl.surriel.com, reject_rbl_client ix.dnsbl.manitu.net,
check_recipient_access hash:/etc/postfix/filtered_domains
smtpd_restriction_classes = from_freemail_host
soft_bounce = no
strict_rfc821_envelopes = yes
transport_maps = hash:/etc/postfix/transport,
hash:/etc/postfix/transport_bounce
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 550
1. You are not using rhsbls, which can be HIGHLY valuable, at the helo, sender
and client level.
2. Where are your spf checks?
3. Do you use greylisting? It can help significantly!
4. Do you use the SBL DROP list as part of a CIDR reject list? Look it up
on google.
5. Do you perform backscatter checks for email from <>, MAIL-DAEMON, etc?
6. You should also look into www.policyd-weight.org, a great anti-spam
policy server!
7. You can also use SAV but look/read around there is a specific list of
domains out there that you can use it for that is relatively safe.
8. Install fail2ban, you can add regexp to block (firewall) automatically
on X number of blocks by a certain IP address via rbl, rhsbl, etc.
I think you can do a lot better if you implement these suggestions vs. blocking
by country.
Justin.
