Am 09.06.2015 um 20:29 schrieb John Hardin:
On Tue, 9 Jun 2015, David Jones wrote:Some of the best and easiest things you can enable to block spam are outside of SpamAssassin at your MTA (sendmail, postfix, etc.).- Enable greylisting. This is just about the only way you can block zero-hour spam from compromised accounts that come from legit mail servers before they get listed in RBLs.Just bear in mind some commercial organizations may be very hostile to anything that delays delivery of mail, regardless of how much it would reduce spam. Two things that I have found very useful at the MTA level are: (1) Delay sending your SMTP banner a second or two and reject any sender that starts sending information before that. This is a built-in option in Sendmail, google "greet_pause"
for recent postfix with postcreen it is "postscreen_greet_wait"
postscreen_greet_action = enforce
postscreen_greet_wait = ${stress?2}${stress:11}s
the 11 seconds are not randomly, many spambots have a internal timeout
of 10 seconds and at begin of 2015/01 change it from 10 to 11 was a
impressive dropdown of visible rejects in mailgraph
additoonally if you use postfix consider "postscreen_whitelist_interfaces = !ip-of-backup-mx, static:all" and add for every domain a backup-mx to that interface, the stats below are unique IP's over the last month and "Honeypot-Only" tried the backup MX, got a temporary reject and never tried on the primary IP
Default-MX: 62419 Honeypot-MX: 25943 Honeypot-Only: 18382
signature.asc
Description: OpenPGP digital signature
