Victor Duchovni put forth on 11/18/2010 12:52 PM:
> This filter is too fragile IMHO. My best advice is to find filters that
> detect spam.
I think you've missed some of my previous posts regarding my spam
filtering setup. I kill about 99.5+% of it at SMTP time, without
resorting to body filters or any external content filters such as
SpamAssassin. I'm stalking the last half percent Victor. Probably a
fruitless effort. Not long ago someone stated on another list that the
goal in fighting spam isn't necessarily to kill it all, but to simply
make the problem manageable. I'm probably crossing that line with this
effort.
>> But the fact that we don't receive legit mail composed in
>> non-English languages does make it spam.
>
> RFC 2047 is not about non-Enlish. It enables encoding of non-ASCII
> characters, these may crop up in English text from time to time.
> It is naïve to assume otherwise :-)
Yes, I fully understand this possibility. My analysis and action is
based on mail flow seen here. And I'm not looking to filter all mail
with this, simply the suspect stuff I've identified.
>> Does my motivation here make more sense now?
>
> Not really, the approach is still too fragile IMHO.
Ok. Here's my basic overall anti-spam setup snippets from main.cf. As
I said, this combo kills about 99.5+% of the spam:
header_checks = pcre:/etc/postfix/header_checks,
regexp:/etc/postfix/phish419.regexp, tcp:[127.0.0.1]:2526
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
check_sender_access hash:/etc/postfix/auto-whtlst
check_client_access hash:/etc/postfix/blacklist
check_sender_access hash:/etc/postfix/blacklist
check_recipient_access hash:/etc/postfix/whitelist
check_sender_access hash:/etc/postfix/whitelist
check_client_access hash:/etc/postfix/whitelist
check_client_access proxy:${cidr}/dnswl
reject_unknown_reverse_client_hostname
reject_non_fqdn_sender
reject_non_fqdn_helo_hostname
reject_invalid_helo_hostname
reject_unknown_helo_hostname
reject_unlisted_recipient
check_client_access proxy:pcre:/etc/postfix/fqrdns.pcre
check_client_access proxy:pcre:/etc/postfix/ptr-tld.pcre
check_client_access proxy:${cidr}/countries
check_client_access proxy:${cidr}/spammer
check_client_access proxy:${cidr}/misc-spam-srcs
reject_rbl_client zen.spamhaus.org
reject_rbl_client psbl.surriel.com
reject_rhsbl_client dbl.spamhaus.org
reject_rhsbl_sender dbl.spamhaus.org
reject_rhsbl_helo dbl.spamhaus.org
check_policy_service inet:127.0.0.1:60000
Ok, here's the approach for sorting the spam with the encoded subject
headers, which is merely a test case at this point on a single mailbox.
Do you still feel this is too fragile (assuming the PCRE is correct to
match what I'm targeting)?
/etc/postfix/header_checks
/^Subject: =\?.{6,12}\?/ PREPEND X-Encoded-Subject: true
/home/user/.dovecot.sieve
require "fileinto";
if false {}
elsif header :contains "List-Id" "list.spammers.dontlike.us" {
fileinto "1-SDLU";
stop;
}
elsif header :contains "List-Id" "linux-ide.vger.kernel.org" {
fileinto "1-Linux-IDE";
stop;
}
elsif header :contains "List-Id" "linux-raid.vger.kernel.org" {
fileinto "1-Linux-RAID";
stop;
}
elsif header :contains "List-Id" "linux-scsi.vger.kernel.org" {
fileinto "1-Linux-SCSI";
stop;
}
elsif header :contains "List-Id" "XFS" {
fileinto "1-XFS";
stop;
}
elsif header :contains "List-Post" "postfix-users@postfix.org" {
fileinto "1-Postfix-Users";
stop;
}
elsif header :contains "List-Id" "users.lists.roundcube.net" {
fileinto "1-Roundcube";
stop;
}
elsif header :contains "List-Id" "dovecot.dovecot.org" {
fileinto "1-Dovecot";
stop;
}
elsif address :contains "from" "*" {
fileinto "*";
stop;
}
elsif address :contains "from" "*...@gmail.com" {
fileinto "*";
stop;
}
elsif address :contains "from" "*...@gmail.com" {
fileinto "*";
stop;
}
elsif address :contains "from" "*" {
fileinto "*";
stop;
}
elsif address :contains "from" "*" {
fileinto "*";
stop;
}
elsif address :contains "from" "*" {
fileinto "*";
stop;
}
elsif address :contains "to" "postmas...@hardwarefreak.com" {
fileinto "Postmaster";
stop;
}
elsif header :contains "Received" "for <postmas...@hardwarefreak.com>" {
fileinto "Postmaster";
stop;
}
elsif header :contains "List-Id" "debian-user.lists.debian.org" {
fileinto "1-Debian-Users";
stop;
}
elsif header :contains "List-Id" "spam-l.spam-l.com" {
fileinto "1-Spam-l";
stop;
}
elsif address :contains "To" "*" {
fileinto "SpamTrap";
stop;
}
elsif address :contains "Cc" "*" {
fileinto "SpamTrap";
stop;
}
elsif header :contains "Received" "for <*>" {
fileinto "SpamTrap";
stop;
}
elsif address :contains "To" "*" {
fileinto "SpamTrap";
stop;
}
elsif address :contains "Cc" "*" {
fileinto "SpamTrap";
stop;
}
elsif header :contains "Received" "for <*>" {
fileinto "SpamTrap";
}
elsif address :contains "To" "*" {
fileinto "SpamTrap";
stop;
}
elsif address :contains "Cc" "*" {
fileinto "SpamTrap";
stop;
}
elsif header :contains "Received" "for <*>" {
fileinto "SpamTrap";
stop;
}
elsif header :contains "List-Id" "samba.lists.samba.org" {
fileinto "1-Samba";
stop;
}
elsif header :contains "X-Encoded-Subject" "true" {
fileinto "1-1encoded_subject";
stop;
}
else {
fileinto "INBOX";
}
As you can see this is pretty darn selective.
--
Stan
