more crazy spam

[crypted]

I run it twice a day.

[Turbanator]

crypted: the postfix tag for smtpd that ends with ,permit is the full line I have in my config.


I think it would be good to have some sort of place for users to post their antispam setups. I know it would help me, I too have a ton of spam that hits my servers (4000+ daily) and plenty get through. The URIBL is something new to me so that was helpful. Also, maybe people posting their header/content filters would also be helpful. I'm getting pressure from the bosses to get spam under control like gmail or else....in my opinion we have all the tools built in with ispc3 so there is no reason why it cannot be done (maybe go a step further like spamsnake??).

I can't really help any further than what I've provided other than make sure you're running as-update as Till suggest but also telling it to learn from junk mail folders.

[crypted]

Turbanator: Do you have a lot of email disregarded that wasn't spam at all? Those flags don't alter the XSPAM scores do they? It appears to be a direct deletion at upon incoming to the system...

I agree it would be useful to work together to post information to come up with a better spam solution comprised of all the thirdparty lists and what not...

[Turbanator]

By putting your tag 1 level to -1000 as you have, every email gets tagged.

The smptd restrictions, I believe, block the emails from coming into the system at all.

I'm at the point of reading more about the uribl (or others for use within spamassasin) and setting up content filters which is probably the best solution since we get a lot of "spam" that comes through with low tags, but are clearly unwanted emails.

[crypted]

Post your findings here, please....once you've come up with more SA solutions.

[crypted]

Still receiving spam. I don't see anything about HELO in the main.cf for postfix. Anyone else setup/modify the configuration to add that?

Some say that most spam emails do not say HELLO to the postfix server when sending it to you. Whereas all normal email will have a HELLO initiation.

Thoughts?

Here is my MAIN.CF showing my restrictions and all. It's filtering out about 20+ extra a day that would have made it to INBOX. No telling how many its filtering that would have been caught by SA and sent to Junk.

Code:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = my.derekgordon.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = my.derekgordon.com, localhost, localhost.localdomain
relayhost = 
mynetworks = 127.0.0.0/8 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
virtual_alias_domains = 
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /var/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
# smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination,reject_rbl_client zen.spamhaus.org,reject_rbl_client dnsbl.sorbs.net,reject_rbl_client bl.spamcop.net, reject_rbl_client combined.rbl.msrbl.net, reject_rbl_client multihop.dsbl.org, permit
smtpd_tls_security_level = may
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
virtual_create_maildirsize = yes
virtual_maildir_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
virtual_transport = maildrop
header_checks = regexp:/etc/postfix/header_checks
mime_header_checks = regexp:/etc/postfix/mime_header_checks
nested_header_checks = regexp:/etc/postfix/nested_header_checks
body_checks = regexp:/etc/postfix/body_checks
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
message_size_limit = 0

Opinions welcome.

[crypted]

Here's a quick HOWTO to resolve the spam problems.
http://www.howtoforge.com/forums/sho...726#post238726

It's very useful and is along the lines of a lot of discussion here in this thread.