On Tue, 9 Jun 2015, David Jones wrote:
Some of the best and easiest things you can enable to block spam are
outside of SpamAssassin at your MTA (sendmail, postfix, etc.).
- Enable greylisting. This is just about the only way you can block
zero-hour spam from compromised accounts that come from legit mail
servers before they get listed in RBLs.
Just bear in mind some commercial organizations may be very hostile to
anything that delays delivery of mail, regardless of how much it would
reduce spam.
Two things that I have found very useful at the MTA level are:
(1) Delay sending your SMTP banner a second or two and reject any sender
that starts sending information before that. This is a built-in option in
Sendmail, google "greet_pause".
(2) Check the HELO the other guy sends and reject if it's not a FQDN (i.e.
it's not got any periods at all). This probably shouldn't be done on mail
originating locally, but for mail coming in from the Internet the other
MTA should always be sending a FQDN in the HELO. A non-FQDN HELO is a
pretty good sign of a spambot sending from a compromised workstation or PC
directly to your MTA.
I have some other MTA checks in place, but these two block the most.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Maxim V: Close air support and friendly fire should be easier to
tell apart.
-----------------------------------------------------------------------
