Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #71  
Old 12th November 2010, 01:45
crypted crypted is offline
Senior Member
 
Join Date: Dec 2006
Location: Oklahoma, USA
Posts: 429
Thanks: 3
Thanked 14 Times in 6 Posts
Default

drewb0y have you thought about modifying the postgrey information script in my second or third post? Instead of having it email, you could have it out to a file and parse to count recurrences.

Maybe an if/then that 5+ occurrences in a day = ipfilter rule?
__________________
ISPC3 on Debian! It's great!
Reply With Quote
Sponsored Links
  #72  
Old 12th November 2010, 11:08
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,034
Thanks: 265
Thanked 151 Times in 131 Posts
Default

I'm using fail2ban to block spammers.
(rule: postfix-spamers550)

http://www.howtoforge.com/forums/showthread.php?t=28781
__________________
Never execute code written on a Friday or a Monday.
Reply With Quote
The Following User Says Thank You to edge For This Useful Post:
drewb0y (12th November 2010)
  #73  
Old 12th November 2010, 15:39
drewb0y drewb0y is offline
Senior Member
 
Join Date: Sep 2010
Posts: 103
Thanks: 10
Thanked 14 Times in 7 Posts
Default

Thanks Edge, I just implemented that and within the first 5 minutes it banned 14 different IP addresses.I still plan to implement the country blocking somehow, but this should help for a while.

I did increase the fail2ban timeout to 20 minutes instead of 10 as well.

Quote:
Originally Posted by edge View Post
I'm using fail2ban to block spammers.
(rule: postfix-spamers550)

http://www.howtoforge.com/forums/showthread.php?t=28781
__________________
ISPConfig 3.0.5.4p1 - The Perfect Server - Debian Wheezy (nginx, BIND, Dovecot, ISPConfig 3)
Installed on Debian 7.6 on a KVM VPS
Reply With Quote
  #74  
Old 12th November 2010, 15:42
drewb0y drewb0y is offline
Senior Member
 
Join Date: Sep 2010
Posts: 103
Thanks: 10
Thanked 14 Times in 7 Posts
Default Hmmm

That has definite possibilities, but I would have no idea how to implement that. My programming skills basically extend as far as copying something already done and modifying it for my situation.

Quote:
Originally Posted by crypted View Post
drewb0y have you thought about modifying the postgrey information script in my second or third post? Instead of having it email, you could have it out to a file and parse to count recurrences.

Maybe an if/then that 5+ occurrences in a day = ipfilter rule?
__________________
ISPConfig 3.0.5.4p1 - The Perfect Server - Debian Wheezy (nginx, BIND, Dovecot, ISPConfig 3)
Installed on Debian 7.6 on a KVM VPS
Reply With Quote
  #75  
Old 12th November 2010, 15:51
crypted crypted is offline
Senior Member
 
Join Date: Dec 2006
Location: Oklahoma, USA
Posts: 429
Thanks: 3
Thanked 14 Times in 6 Posts
Default

I completely forgot about fail2ban, thanks Edge.

I'll add that to my list of things to add to a new HOWTO in the near future.

Thankfully, we have a great group of us here to throw things around to build the best (free) method for fighting spam on our ISPCONFIG-based servers.
__________________
ISPC3 on Debian! It's great!
Reply With Quote
  #76  
Old 12th November 2010, 19:27
drewb0y drewb0y is offline
Senior Member
 
Join Date: Sep 2010
Posts: 103
Thanks: 10
Thanked 14 Times in 7 Posts
Default

I totally agree with you crypted. Working on solutions together is fantastic.

I implemented IPtables blocking by country now and posted a how to on it separately here.

HOWTO: Implement iptables blocking by Country
__________________
ISPConfig 3.0.5.4p1 - The Perfect Server - Debian Wheezy (nginx, BIND, Dovecot, ISPConfig 3)
Installed on Debian 7.6 on a KVM VPS
Reply With Quote
  #77  
Old 15th February 2011, 06:51
Turbanator Turbanator is offline
Senior Member
 
Join Date: Jun 2008
Posts: 218
Thanks: 22
Thanked 16 Times in 16 Posts
Default

My spam has greatly dropped but I still get hit each night...(I swear my users sign up on spam lists just to piss me off) Even though we move a ton of email into the Junk folder and train SA each night, plenty of spam still gets through. It seems many are those damned image spam.

I think there is an image spam filter, (without setting up an awesome spamsnake), has anyone implemented that in our setup here (not spamsnake) on a "perfect server".

I'm curious about the extra server load and how well it works.

Also, I beleive spamassassin is updated when ispconfig is, so I haven't upgraded to the newest SA yet and waiting for the next ispc release. Is everyone using the default with ispc (3.2.5) or has anyone gone past what is installed and is running the latest SA 3.3.1?
Reply With Quote
  #78  
Old 15th February 2011, 15:37
crypted crypted is offline
Senior Member
 
Join Date: Dec 2006
Location: Oklahoma, USA
Posts: 429
Thanks: 3
Thanked 14 Times in 6 Posts
Default

Can you post the header and content of a few of those emails as CODE?
__________________
ISPC3 on Debian! It's great!
Reply With Quote
  #79  
Old 15th February 2011, 17:02
Turbanator Turbanator is offline
Senior Member
 
Join Date: Jun 2008
Posts: 218
Thanks: 22
Thanked 16 Times in 16 Posts
Default

HEre is on sample that isn't an image spam, but it does represent a huge number that get through...notice the spam tag. And I'll get a bunch in a row from the same fake domain. We manually move these into junk folders and "learn" nightly but I don't think there is enough info for SA to learn anything.

If you want, PM me, and I'll forward one directly to you to see if yours filters.

Code:
+OK 2628 octets follow.
Return-Path: <MAILER-DAEMON>
Delivered-To: me@here.com
Received: from localhost (localhost [127.0.0.1])
	by ns1.heredns.com (Postfix) with ESMTP id BBAFE10B42DC
	for <me@here.com>; Tue, 15 Feb 2011 07:36:41 -0800 (PST)
X-Virus-Scanned: Debian amavisd-new at ns1.heredns.com
X-Spam-Flag: NO
X-Spam-Score: -2.499
X-Spam-Level: 
X-Spam-Status: No, score=-2.499 tagged_above=-100 required=2.88
	tests=[BAYES_00=-2.599, RDNS_NONE=0.1]
Received: from ns1.heredns.com ([127.0.0.1])
	by localhost (ns1.heredns.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id BwsAmpARgQ1p for <me@here.com>;
	Tue, 15 Feb 2011 07:36:41 -0800 (PST)
Received: by ns1.heredns.com (Postfix, from userid 5000)
	id 9A56110B42D8; Tue, 15 Feb 2011 07:36:41 -0800 (PST)
Delivered-To: me@here.com
Received: from localhost (localhost [127.0.0.1])
	by ns1.heredns.com (Postfix) with ESMTP id 8FB5310B42DC
	for <me@here.com>; Tue, 15 Feb 2011 07:36:41 -0800 (PST)
X-Virus-Scanned: Debian amavisd-new at ns1.heredns.com
Received: from ns1.heredns.com ([127.0.0.1])
	by localhost (ns1.heredns.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 4hB6JyN8jwL9 for <me@here.com>;
	Tue, 15 Feb 2011 07:36:41 -0800 (PST)
X-Greylist: delayed 604 seconds by postgrey-1.31 at ns1.heredns.com; Tue, 15 Feb 2011 07:36:41 PST
Received: from gqep.proulseraw.com (unknown [174.36.86.118])
	by ns1.heredns.com (Postfix) with ESMTP id 2766010B42D8
	for <me@here.com>; Tue, 15 Feb 2011 07:36:41 -0800 (PST)
Message-ID: <383399536@gqep.proulseraw.com>
Date: Tue, 15 Feb 2011 09:20:59 -0600
To: <me@here.com>
From: "Karen Miller" <winn@proulseraw.com>
Mime-Version: 1.0
Subject: Earn your share of this $59 billion industry
User-Agent: Cert - OutMode/2.0 tigww/2.73b3
X-Mailer: Firefox / 3.2
Accept-Language: en - us
Content-Language: en - us
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
X-EsetId: 06519D20EC8831375713

Internet Job Locator: #1 site for online jobs


For more information and to view positions click here:
http://gqep.proulseraw.com/2438b36396769379324611396256dab50136a9



Thank you for visiting the Locator















Unsubscribe: http://gqep.proulseraw.com/2438b36396769379324612396256dab50136a9
or send mail to: unsubscribe
2764 N. Green Valley Pkwy Suite 394
Henderson, NV 89014

Click this link to unsubscribe: http://gqep.proulseraw.com/396256dab50136a912438b36396769379
I'll look for an image one and post here as well.
Reply With Quote
  #80  
Old 11th March 2011, 18:46
crypted crypted is offline
Senior Member
 
Join Date: Dec 2006
Location: Oklahoma, USA
Posts: 429
Thanks: 3
Thanked 14 Times in 6 Posts
 
Default

It's been complete hell here, so sorry for not responding for so long but I didn't forget! Are you still having image spam problems?

I'm working on a new mixed guide to integrate several types of protection against bad robots, email harvesters, and so forth into Apache. Testing out each piece of the puzzle one by one on my end before I finish the HOWTO and distribute it.
__________________
ISPC3 on Debian! It's great!
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Spamfilter policy - question about spam actions prisfeo Installation/Configuration 4 2nd February 2010 16:17
Ubuntu 8.04 Spamsnake - all SA scores 0.00 Thomas_Powers HOWTO-Related Questions 23 24th June 2008 17:37
complete spam protection with postfix - howto alexnz Server Operation 1 22nd June 2006 14:06
Howto let procmail move spam to folder? oversight HOWTO-Related Questions 9 1st May 2006 15:39
Webmin docs missing namit Server Operation 11 5th January 2006 09:51


All times are GMT +2. The time now is 04:45.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.