Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #41  
Old 1st October 2010, 19:51
crypted crypted is offline
Senior Member
 
Join Date: Dec 2006
Location: Oklahoma, USA
Posts: 429
Thanks: 3
Thanked 14 Times in 6 Posts
Default

No, the spamtrap works like this:

1) spam is sent to several email accounts on your system because emails are found on forums or whatever and easy targets
2) added spamtrap email looks legit and will also be added to the spamming roster
3) real email and spamtrap email will be spammed with the same email
4) postfix will discard all emails that were sent to both the spamtrap email and the real email addresses

You can put the spamtrap emails in hidden HTML code and all that crap to get them out there, as well. Basically, it just adds another line of defense.

I had my real email address shown on this forum for a few months. My spam went up like mad as a result. I added the spamtrap to my signature and what not, helped reduce it by about 10 a day since both emails were present for their spam-finding spiders.

Again, taken individually some of these steps won't be that great of a help. But, when you implement all of this as a collective you will see a great reduction.

Still not sure? Pretend that we're on the Death Star and we want to send get rid of those pesky Storm Troopers before they find our vulnerable spot. So, we force their ship into a Black Hole. No more Storm Troopers! Spam trap is the black hole for SciFi people.
__________________
ISPC3 on Debian! It's great!

Last edited by crypted; 1st October 2010 at 20:07.
Reply With Quote
Sponsored Links
  #42  
Old 1st October 2010, 20:17
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,034
Thanks: 265
Thanked 152 Times in 132 Posts
Default

Okay. Understood..

One more thing.
When I send an email to myself (from lets say a gmail account) I receive it instantly.

Should it not be delayed for some time? I've set the "--delay=120" in /etc/default/postgrey.
(postgrey shows: POSTGREY_OPTS="--inet=127.0.0.1:60000 --delay=120")

I've even removed the proxy.gmail.com from /etc/postgray/whitelist_clients, and yes I did restart postgrey
__________________
Never execute code written on a Friday or a Monday.
Reply With Quote
  #43  
Old 1st October 2010, 20:20
crypted crypted is offline
Senior Member
 
Join Date: Dec 2006
Location: Oklahoma, USA
Posts: 429
Thanks: 3
Thanked 14 Times in 6 Posts
Default

I would say not. I've noticed instant receipt from email addresses I've received content from previously. However, new addresses (so long as their domain is not whitelisted) will take some time to arrive.

If you're that concerned though, you can use the script mentioned in the BONUS INSTRUCTIONS and found a few posts down on the first page. It will give you all the details about how GREYLIST is operating. Good for debugging, troubleshooting, and curiosity.
__________________
ISPC3 on Debian! It's great!
Reply With Quote
  #44  
Old 1st October 2010, 20:21
primal23 primal23 is offline
Member
 
Join Date: Aug 2009
Posts: 78
Thanks: 13
Thanked 1 Time in 1 Post
Default

What I am trying to get from the log, are things that are blocked by the body_checks and header_checks since I have been getting a few false positives, and ubuntu's log viewer wont stay on the position I have need it to, it jumps to the new item automatically. Is this possible? Hope this isnt hijacking the thread.
Reply With Quote
  #45  
Old 1st October 2010, 20:26
crypted crypted is offline
Senior Member
 
Join Date: Dec 2006
Location: Oklahoma, USA
Posts: 429
Thanks: 3
Thanked 14 Times in 6 Posts
Default

Quote:
Originally Posted by primal23 View Post
What I am trying to get from the log, are things that are blocked by the body_checks and header_checks since I have been getting a few false positives, and ubuntu's log viewer wont stay on the position I have need it to, it jumps to the new item automatically. Is this possible? Hope this isnt hijacking the thread.
I would first suggest using the postgrey script I discussed in the post above to ensure it isn't your postgrey creating false positives (doubtful). If it is, you can add whitelist entries for domains or email addresses. You can also do whitelists for the body/header checks in postfix.

However, I don't believe you will see anything in the mail.log discussing what you want.
__________________
ISPC3 on Debian! It's great!
Reply With Quote
  #46  
Old 1st October 2010, 20:26
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,034
Thanks: 265
Thanked 152 Times in 132 Posts
Default

Quote:
Originally Posted by crypted View Post
I would say not. I've noticed instant receipt from email addresses I've received content from previously. However, new addresses (so long as their domain is not whitelisted) will take some time to arrive.

If you're that concerned though, you can use the script mentioned in the BONUS INSTRUCTIONS and found a few posts down on the first page. It will give you all the details about how GREYLIST is operating. Good for debugging, troubleshooting, and curiosity.
I'll have a go at it, but can you please post the "greylist_script.sh" also, or did you make a typo, and should "greylist_script.sh" be named "postgrey_stats.sh"?
__________________
Never execute code written on a Friday or a Monday.

Last edited by edge; 1st October 2010 at 20:41.
Reply With Quote
  #47  
Old 1st October 2010, 20:52
crypted crypted is offline
Senior Member
 
Join Date: Dec 2006
Location: Oklahoma, USA
Posts: 429
Thanks: 3
Thanked 14 Times in 6 Posts
Default

Yeah, I'm referring to http://www.howtoforge.com/forums/sho...94&postcount=8 so yeah I meant "postgrey_stats.sh."

My apology. really busy today.
__________________
ISPC3 on Debian! It's great!
Reply With Quote
The Following User Says Thank You to crypted For This Useful Post:
edge (1st October 2010)
  #48  
Old 2nd October 2010, 00:17
primal23 primal23 is offline
Member
 
Join Date: Aug 2009
Posts: 78
Thanks: 13
Thanked 1 Time in 1 Post
Default

Just wanted to give an example of what I am trying to get(if at all possible lol)
Quote:
postfix/cleanup[30778]: 7BC4C280A0A8: message-id=<4CA65AE3.1070404@*****.com>
Oct 1 15:04:21
postfix/cleanup[30778]: 7BC4C280A0A8: redirect: body f**k from pop1-levy.****.net[216.229.186.150];
from=<***@***.com> to=<***@*****.com> proto=ESMTP helo=<mail.****.net>: profanity@****.com
Oct 1 15:04:21 postfix/qmgr[10855]: 7BC4C280A0A8: from=<***@****.com>, size=985, nrcpt=1 (queue active)
Oct 1 15:04:21 postfix/pipe[30784]: 7BC4C280A0A8: to=<profanity@****.com>, orig_to=<****@******.com>, relay=maildrop, delay=0.16, delays=0.14/0/0/0.02, dsn=2.0.0, status=sent (delivered via maildrop service)
Oct 1 15:04:21 postfix/qmgr[10855]: 7BC4C280A0A8: removed
Sometimes with false "flags" emails get stopped and I need to pass them on, but since the log viewer wont hold on a position, I have to resend emails and switch to the viewer to try and catch what needs to be changed briefly to allow the email to pass.

I have been trying to work on a script that would send an email when a "flag" is hit, but haven't had a lot of success as of yet.
Reply With Quote
  #49  
Old 2nd October 2010, 00:28
crypted crypted is offline
Senior Member
 
Join Date: Dec 2006
Location: Oklahoma, USA
Posts: 429
Thanks: 3
Thanked 14 Times in 6 Posts
Default

On the fly suggestion for viewing and getting the necessary address from the logs to setup whitelists:

Use "nano" in terminal. I.E.: nano /var/log/mail.log

That won't change positions as new data is added. However, it doesn't refresh as new data is logged. But, pretty simple and good to use.
__________________
ISPC3 on Debian! It's great!
Reply With Quote
  #50  
Old 5th October 2010, 06:25
crypted crypted is offline
Senior Member
 
Join Date: Dec 2006
Location: Oklahoma, USA
Posts: 429
Thanks: 3
Thanked 14 Times in 6 Posts
 
Default

Quote:
Originally Posted by primal23 View Post
Just wanted to give an example of what I am trying to get(if at all possible lol)

Sometimes with false "flags" emails get stopped and I need to pass them on, but since the log viewer wont hold on a position, I have to resend emails and switch to the viewer to try and catch what needs to be changed briefly to allow the email to pass.

I have been trying to work on a script that would send an email when a "flag" is hit, but haven't had a lot of success as of yet.
Did my NANO suggestion help with your efforts?

Also, how are the general measures of my HOWTO working for you?

False positives happen, part of the game... But, I'm proud to say the HOWTO has already saved admins from worrying about over 200,000 spam emails.
__________________
ISPC3 on Debian! It's great!
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Spamfilter policy - question about spam actions prisfeo Installation/Configuration 4 2nd February 2010 16:17
Ubuntu 8.04 Spamsnake - all SA scores 0.00 Thomas_Powers HOWTO-Related Questions 23 24th June 2008 17:37
complete spam protection with postfix - howto alexnz Server Operation 1 22nd June 2006 14:06
Howto let procmail move spam to folder? oversight HOWTO-Related Questions 9 1st May 2006 15:39
Webmin docs missing namit Server Operation 11 5th January 2006 09:51


All times are GMT +2. The time now is 04:48.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.