Re: Recent upsurge of spam messages rate

Tue, 28 Mar 2017 20:16:19 -0700 

I have a script that does a simple "head-count" over the last 1500
maillog entries.

Just now it showed the following results:

<QUOTE>

Nuisance hosts blocked by firewall:    97

Connections handled by Postscreen:    134
        Black-listed Locally:    10
        Black-listed by DNSBL:    94
        Pre-Greets:        1
        Hang-ups:        78
        No-Queues:        7

Connections passed on to mail server:    21
        Auth Probes:        2
        No-Queues:        1

Messages actually received:        18

Ratio of bad connections is        86 percent

</QUOTE>

Allen C


On 28/03/17 22:00, Daniele Nicolodi wrote:
> Hello,
>
> this is not strictly Postfix related, but I don't know how to get in
> contact with a similar crowd of experienced folks. Please direct me to a
> more suitable mailing list, it one exist.
>
> In the last two weeks I've seen an upsurge of the rate to which spam
> messages are delivered to my domain inboxes. Nothing is changed in my
> quite standard configuration, thus I guess that spammers found a way to
> circumvent the basic protections I have in place. Did anyone notice
> something similar? What are the possible countermeasures?
>
> I use Postfix with this simple configuration:
>
> header_checks = pcre:/etc/postfix/header_checks.pcre
> smtpd_helo_required = yes
> smtpd_delay_reject = yes
> disable_vrfy_command = yes
> smtpd_recipient_restrictions =
>         permit_sasl_authenticated
>         reject_invalid_hostname
>         reject_non_fqdn_hostname
>         reject_non_fqdn_sender
>         reject_non_fqdn_recipient
>         reject_unknown_sender_domain
>         reject_unknown_recipient_domain
>         permit_mynetworks
>         reject_unauth_destination
>         permit_dnswl_client list.dnswl.org
>         reject_rbl_client zen.spamhaus.org
>         reject_rbl_client b.barracudacentral.org
>         reject_rbl_client dul.dnsbl.sorbs.net
>         reject_rhsbl_reverse_client dbl.spamhaus.org
>         reject_rhsbl_sender dbl.spamhaus.org
>         reject_rhsbl_helo dbl.spamhaus.org
>         permit
>
> with header_checks.pcre containing:
>
> /^X-Delivered-To: .*@grinta\.net$/  REJECT Mail forwarding loop detected
> /^(Delivered-To: .*@grinta\.net)$/  REPLACE X-$1
> /^X-Spam-Status: Yes/  REJECT Looks like spam
>
> and SpamAssassin as a SMTP proxy filter via spampd.
>
> Thanks for any comment.
>
> Best,
> Daniele
>

Reply via email to