On Fri, 17 Aug 2012, Bowie Bailey wrote:
On 8/17/2012 10:56 AM, Ben Johnson wrote:
Basically, I need to do something about the spam inundation, as soon as
possible.
The quickest way I know of to reduce spam is to reject mail at the MTA based
on the zen.spamhaus.org blacklist. I have been using this for a few years
now. It blocks lots of spam and I haven't had any problems with it.
+1 for zen.spamhaus.org DNSBL at SMTP time.
You can also implement graylisting, although it will slow down mail delivery
from new senders, which may or may not be an issue for you. I haven't tried
it, but lots of people swear by it.
As for Greylisting, a lot of spam is least-effort one-shot no-retry
delivery, but not all. It won't reduce spam that is sent via a "proper"
MTA or via a spambot that does retry-until-successful. You can set a short
delay period to block the one-attempt-gush spammers, or a longer delay
period to give new spamvertised domain names a chance to appear in URIBLs
for the spammers who retry. And, of course, you have to balance this
against your users' expectations for delivery time, and perhaps do some
education to set those expectations more realistically.
I use greylisting, with whitelists for regular correspondents.
There are some other MTA SMTP-time methods to pluck the low-hanging fruit:
Publishing an SPF record. There's anecdotal evidence that it cuts down on
joe-job attempts.
Even if you publish an SPF record, you might want to explicltly reject
From addresses in your domain if the message is received from the
Internet. This can be done using SPF, but you may not be comfortable doing
SMTP-time rejects based on SPF failures.
Something I have fairly good results with is rejecting mail from the
Internet where the HELO is not a fully-qualified domain name.
Since my MTA is the only valid source for email from my domain, I also
reject messages where the HELO is in my domain. You will, of course, have
to carve out exceptions to this rule for valid outbound mail. On a
multihomed MTA or an MTA where outbound mail is submitted via an SSL
tunnel this is pretty easy.
For the above, if you have Sendmail I recommend milter-regex; my
milter-regex.conf is available here:
http://www.impsec.org/~jhardin/antispam/milter-regex.conf
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Ignorance is no excuse for a law.
-----------------------------------------------------------------------
7 days until the 1933rd anniversary of the destruction of Pompeii
