> set postix server to check for rfc complaince and you see a spam drop of
> atleast 90% and
> setup postscreen with it.. 98% less spam
> and in above just check for the helo compliance and not hostname checks, that
> will drop to many ok servers..
>
> greetz
>
> Louis
>
>
>
>
>
>
>
>> Op 19 aug. 2015 om 22:23 heeft Alice Wonder <al...@domblogger.net> het
>> volgende geschreven:
>>
>>
>>
>>>> On 08/19/2015 01:14 PM, Ben Greenfield wrote:
>>>>
>>>> On Aug 19, 2015, at 4:08 PM, Viktor Dukhovni <postfix-us...@dukhovni.org>
>>>> wrote:
>>>>
>>>> On Wed, Aug 19, 2015 at 04:07:27PM -0400, Ben Greenfield wrote:
>>>>
>>>>>>> /^Received:\b.*\.eu\b REJECT
>>>>>>>
>>>>>>> Is that correct or could someone point out what I'm doing wrong.
>>>>>>
>>>>>> What you're doing wrong deciding that all mail from a .eu domain
>>>>>> should be blocked and trying to block said mail by looking at
>>>>>> Received headers.
>>>>>>
>>>>>> Both the decision and the methodology are wrong.
>>>>>
>>>>> I'm open to suggestions.
>>>>
>>>> First explain the problem, rather than the solution.
>>>
>>> We receive a lot of spam that have very rare top level domains .site,
>>> .link, .website, .eu.
>>>
>>> I have been using the custom header checks which appeared to working for me
>>> until I started trying to reject the .eu mail. I was actually blocking all
>>> mail that had .eu somewhere in the name.
>>>
>>> I decided i needed a regex that would only match patterns at the end of the
>>> url.
>>
>> Do you have a honeypot address?
>>
>> I do that but still manually check them, as soon as I get 3 different
>> spammer IP addresses on same /24 I I block the /24 for two weeks.
>>
>> Are you using any of the dns blacklists? That cut down on my spam
>> tremendously.
>>
