Roman Gelfand put forth on 1/3/2010 3:44 PM:
> I do train DSPAM and it works great. However, if I could block it
> before it gets to DSPAM, why not. I wouldn't feel bad if exchange
> told me this is perfectly good email. I am, looking, to do away with
> exchange server altogether.
Is managing local block lists above your "effort threshold"? If the answer is
no...
I've been building some local lists for about 1.5+ years now and it has pretty
much completely clobbered my snowshoe problem. I get one to two spams a day in
the inbox these days, if that. I go many days in a row with none. Every few
weeks or so I'll see 5-10 spams in the inbox due to a run from a previously
unknown snowshoe spammer IP or /27 or /24 range. I block it and sail mostly
spam free again for another few weeks.
I don't use any content filtering software, period, only smtpd checks, postgrey
daemon, and zen.spamhaus.org. I filter about 10 countries and all of Africa
using ipdeny.com cidr blocks and I do some rdns name regex rejections.
Interestingly, I've not had a rejection from spamhaus in months. Heck, I don't
even know if Postfix is querying zen anymore. I've nothing of zen in my logs
since Sept 25, 2009. Postfix only logs zen rejections, not unsuccessful lookups
(at my default logging level anyway).
Anyway, I'm almost entirely spam free, whilst making use of no content filtering
or dnsbls (although I do have on dnsbl configured, as mentioned previously). I
run a small vanity server so YMMV. It's a pretty simple A/S setup but very
effective. ~/spammer is my main anti-snowshoe file, mostly US IP space. It
currently has 789 netblocks listed from /29s to a /12. I heard your gasp "Uahh!
You block a /12? OMG! OMG!. This /12 happens to belong to a cable ISP:
OrgName: Mediacom Communications Corp
CIDR: 173.16.0.0/12
NetName: MEDIACOM-RESIDENTIAL-CUST
It was not in spamhaus PBL or any other "dynamic IP" dnsbls at the time I
blocked it. It's entirely residential and should be policy blocked. Anyway,
here's my config in case you may any of it useful. I can provide static block
lists in off list email or on a web page if you like.
header_checks = pcre:/etc/postfix/header_checks
mime_header_checks = pcre:/etc/postfix/mime_header_checks
smtpd_helo_required = yes
cidr=cidr:/etc/postfix/cidr_files
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
check_recipient_access hash:/etc/postfix/whitelist
check_sender_access hash:/etc/postfix/whitelist
check_client_access hash:/etc/postfix/whitelist
check_client_access hash:/etc/postfix/blacklist
check_client_access regexp:/etc/postfix/fqrdns.regexp
check_client_access pcre:/etc/postfix/ptr-tld.pcre
check_client_access ${cidr}/countries
check_client_access ${cidr}/spammer
check_client_access ${cidr}/misc-spam-srcs
reject_unknown_client_hostname
reject_non_fqdn_sender
reject_non_fqdn_helo_hostname
reject_invalid_helo_hostname
reject_unknown_helo_hostname
reject_unlisted_recipient
reject_rbl_client zen.spamhaus.org
check_policy_service inet:127.0.0.1:60000
--
Stan
