Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #61  
Old 11th October 2010, 22:46
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,033
Thanks: 261
Thanked 150 Times in 130 Posts
Default

Quote:
Originally Posted by crypted View Post
And you're getting it many times? Both of them many times, daily? Or, just one?

You could remove the scripts from the rsyslog and put them as crontabs around 530am. Rsyslog rotates around 6am I think, check timestamps in your log dir for gz's and stuff.

If the cronjob only sends it once, then at least it's narrowed down to rsyslog or a multiple mail.log entry elsewhere causing a loop or something.

If cronjob sends it multiple times, there's an error in the script..
Okay I've changed Rsyslog to it's original state. If I want to setup a cronjob, what scripts do I need to run?
Only the two scripts?

Quote:
/usr/local/sbin/postgrey_stats.sh > /dev/null
/usr/local/sbin/postfix_report.sh > /dev/null
__________________
Never execute code written on a Friday or a Monday.
Reply With Quote
Sponsored Links
  #62  
Old 11th October 2010, 23:37
crypted crypted is offline
Senior Member
 
Join Date: Dec 2006
Location: Oklahoma, USA
Posts: 429
Thanks: 3
Thanked 14 Times in 6 Posts
Default

Just those two scripts, yes.

Actually, the postgrey script isn't extremely necessary unless you're just wanting to see what it's doing/has done over the past day specifically. The other script will mention greylisting as well as other methods and their rates.

I quit using both scripts after about two weeks because it was so successful. Didn't need mailbox clutter showing me how well it was cleaning up other clutter!
__________________
ISPC3 on Debian! It's great!
Reply With Quote
  #63  
Old 14th October 2010, 04:21
crypted crypted is offline
Senior Member
 
Join Date: Dec 2006
Location: Oklahoma, USA
Posts: 429
Thanks: 3
Thanked 14 Times in 6 Posts
Default

I would recommend removing ", reject_rbl_client multihop.dsbl.org" from your Postfix main.cf. It has been fully deactivated and will cause a second delay (not much) right now. Should its DNS be dropped entirely, might be a big staller.

__________________
ISPC3 on Debian! It's great!
Reply With Quote
  #64  
Old 28th October 2010, 10:39
Rupert Rupert is offline
Junior Member
 
Join Date: Feb 2008
Posts: 26
Thanks: 1
Thanked 1 Time in 1 Post
Default

HI,

is there any chance to enbable/disable greylisting for each mailbox/domain?

I guess it would work by adding each mailbox to the postgrey whitelist file,
but is there a plugin for ispconfig to do this.?


greetings

Last edited by Rupert; 28th October 2010 at 12:25.
Reply With Quote
  #65  
Old 28th October 2010, 16:31
crypted crypted is offline
Senior Member
 
Join Date: Dec 2006
Location: Oklahoma, USA
Posts: 429
Thanks: 3
Thanked 14 Times in 6 Posts
Default

No plugin for ISPC3 is available at this point.

But, just edit "/etc/postgrey/whitelist_recipients" and add the mailboxes you wish to exclude.

For example, if you want to exclude "abuse@domain.com" add that exact email address. Or, if you want to exclude all abuse emails on every domain, just add "abuse@" to the file.

It's one email address per line.
__________________
ISPC3 on Debian! It's great!
Reply With Quote
  #66  
Old 9th November 2010, 17:04
Turbanator Turbanator is offline
Senior Member
 
Join Date: Jun 2008
Posts: 217
Thanks: 21
Thanked 16 Times in 16 Posts
Default

crypted:

Have you seen the following and what do you think of implementing in addition?

http://www.wbitt.com/my-howtos/150-t...ig-server.html

http://www.howtoforge.com/postfix_spf
Reply With Quote
  #67  
Old 9th November 2010, 17:22
crypted crypted is offline
Senior Member
 
Join Date: Dec 2006
Location: Oklahoma, USA
Posts: 429
Thanks: 3
Thanked 14 Times in 6 Posts
Default

Before I give much of a response, are you still having SPAM issues?

I literally have 99.8% spam filtration.

The reason for asking is that the more things we stick into our spam filtering plan, the more load the server will have in handling all incoming mail and the increased risk of delivery delays for time sensitive traffic on production systems.
__________________
ISPC3 on Debian! It's great!
Reply With Quote
  #68  
Old 9th November 2010, 17:30
Turbanator Turbanator is offline
Senior Member
 
Join Date: Jun 2008
Posts: 217
Thanks: 21
Thanked 16 Times in 16 Posts
Default

I do have a lot of spam still but much less than before.

One note though...I never implemented your spam email honey pot trick which I think is an excellent idea...and I as you can see from my signature, I'm starting it now.

All the bulk spam coming through now seems to come in waves to people on a list somewhere...so if I can get my honeypot email on the same list, it should take care of it.
Reply With Quote
  #69  
Old 9th November 2010, 18:05
crypted crypted is offline
Senior Member
 
Join Date: Dec 2006
Location: Oklahoma, USA
Posts: 429
Thanks: 3
Thanked 14 Times in 6 Posts
Default

If the normal measures don't work, or aren't stopping the spam entirely to your liking, then SPF could be useful.

Also, SPF is being adopted globally by many tech companies and governments. So, that's a cool deal. Remember SPF does use DNS entries to assist in validity checks.

I'll make a reminder to write a new HOWTO including SPF in the near future.
__________________
ISPC3 on Debian! It's great!
Reply With Quote
  #70  
Old 11th November 2010, 16:34
drewb0y drewb0y is offline
Senior Member
 
Join Date: Sep 2010
Posts: 103
Thanks: 10
Thanked 14 Times in 7 Posts
 
Default Possibility of blocking IP's or ranges using IPTables

I have implemented the spam blocking you have suggested here and it is doing a great job so far. One thing I am thinking it would be nice to do is to somehow have an automated process that takes the IP addresses of offending spam senders and then adds it to an iptables filter.

For example, I have seen thousands of messages coming through from a several IPs in the Ukraine all from ukrtel.net. (Dictionary spamming) They are all getting caught by either greylisting or the blacklists.

What I want to know is if there is an easy way to block these major offenders at the firewall level, so that their mail never even makes it to postfix to be rejected.

There are a few I have identified that I wouldn't mind blocking the ISPs whole netblocks, if I could figure out what ranges they own.

My server at the moment is actually handling it all at the moment, but I also only have about 1/3 of the domains on it that it will eventually host for email. I'd like to reduce the load of what it has now as much as possible before I add more to it.

Thanks in advance for any ideas.
__________________
ISPConfig 3.0.5.4p1 - The Perfect Server - Debian Wheezy (nginx, BIND, Dovecot, ISPConfig 3)
Installed on Debian 7.6 on a KVM VPS
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Spamfilter policy - question about spam actions prisfeo Installation/Configuration 4 2nd February 2010 16:17
Ubuntu 8.04 Spamsnake - all SA scores 0.00 Thomas_Powers HOWTO-Related Questions 23 24th June 2008 17:37
complete spam protection with postfix - howto alexnz Server Operation 1 22nd June 2006 14:06
Howto let procmail move spam to folder? oversight HOWTO-Related Questions 9 1st May 2006 15:39
Webmin docs missing namit Server Operation 11 5th January 2006 09:51


All times are GMT +2. The time now is 11:58.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.