> -----Original Message----- > From: Justin Piszcz [mailto:[EMAIL PROTECTED] > Sent: Monday, October 13, 2008 6:06 PM > To: Joey > Cc: postfix-users@postfix.org > Subject: RE: Finally blocking some spam > > > > On Mon, 13 Oct 2008, Joey wrote: > > >> -----Original Message----- > >> From: Justin Piszcz [mailto:[EMAIL PROTECTED] > >> Sent: Monday, October 13, 2008 5:37 PM > >> To: Joey > >> Subject: RE: Finally blocking some spam > >> > >> What anti-spam measurements do you currently use? > >> > >> What does your main.cf look like? > > > > (Snip) > > > > reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client > > psbl.surriel.com, reject_rbl_client ix.dnsbl.manitu.net, > > check_recipient_access hash:/etc/postfix/filtered_domains > > smtpd_restriction_classes = from_freemail_host > > soft_bounce = no > > strict_rfc821_envelopes = yes > > transport_maps = hash:/etc/postfix/transport, > > hash:/etc/postfix/transport_bounce > > unknown_address_reject_code = 554 > > unknown_client_reject_code = 554 > > unknown_hostname_reject_code = 554 > > unknown_local_recipient_reject_code = 550 > > > > > > 1. You are not using rhsbls, which can be HIGHLY valuable, at the helo, sender > and client level. > 2. Where are your spf checks?
check_policy_service unix:private/policy, > 3. Do you use greylisting? It can help significantly! I used to use check_policy_service unix:private/tumgreyspf and this worked GREAT, it really reduced the spam, HOWEVER clients complained about the delays and we also had issues when solving a problem for a client with someone on the phone and they said I'm sending you something in an email and then having to wait anywhere from 5-45 minutes depending on the sending server so we had to drop it. > 4. Do you use the SBL DROP list as part of a CIDR reject list? Look it up > on google. Will research this! Looked beifly at http://www.spamhaus.org/drop/ > 5. Do you perform backscatter checks for email from <>, MAIL-DAEMON, etc? We don't see a lot of backscatter, however do you have a reference, I have no problem looking into this. > 6. You should also look into www.policyd-weight.org, a great anti-spam > policy server! > 7. You can also use SAV but look/read around there is a specific list of > domains out there that you can use it for that is relatively safe. > 8. Install fail2ban, you can add regexp to block (firewall) automatically > on X number of blocks by a certain IP address via rbl, rhsbl, etc. In reading this site they talk about password failure and updating firewall rules. Do you have a ruleset for too many connections for port 25, or how are you implementing this? This sounds like a potentially helpful tool. I just don't see an example for what we would try to do. > > I think you can do a lot better if you implement these suggestions vs. > blocking > by country. > > Justin.
