HOWTO: Spam control for POSTFIX

Discussion in 'Tips/Tricks/Mods' started by crypted, Sep 8, 2010.

  1. Turbanator

    Turbanator Member HowtoForge Supporter

    It's working great for me. I've set whitelisted domains within whitelist_clients and set my delay to =180. My only problem is determining what emails are being blocked vs jus greylisted but I think you said you're working on that solution. I whitelisted people who were popping up on the greylist without actually knowing if they were being blocked.

    I haven't implemented the spamtrap email yet, mainly because I didn't understand the purpose the first time around. I think I get it now and will do that as well, as I think it could aso be very beneficial.

    I truly believe the final setup should be within ISPC3->emails->global filters->content filter. After spamassisin/amavisd-new, this would be the final block, right? Lately it seems a simple block is to block anything from a .info domain.
     
  2. crypted

    crypted New Member

    An updated HOWTO has been posted. I recommend hashing that out. Best of luck my friends!

    For all of you who THANKED that last HOWTO post, your names no longer show up. I would have personally notified you that it changed. Sorry!!!
     
  3. crypted

    crypted New Member

    I see a lot of new views since the last update to the HOWTO. Has anyone ran into problems with it? Is it working okay?

    Imma send it over to Falko to have it placed in the permanent HOWTOFORGE repository. Don't want many errors existing on it if I mistyped something!!!

    :)
     
  4. primal23

    primal23 New Member

    I got the postgrey stats working just fine, and love it, thank you! But the problem I am having is with the postfix_report.sh, I get the following error message

    /usr/local/sbin/postfix_report.sh: line 3: formail: command not found

    I am running Ubuntu 10.04.

    Thanks!
     
  5. crypted

    crypted New Member

    Type "locate formail" and see where formail is located at. And post back.

    Assuming formail is installed, you might need to change the script to the actual path:
    pflogsumm /var/log/mail.log | formail -c -I"Subject: Mail Statist ...........
    to
    pflogsumm /var/log/mail.log | /usr/bin/formail -c -I"Subject: Mail Statist ...........
    assuming formail is in /usr/bin/.
     
  6. primal23

    primal23 New Member

    Here is what I got

    locate formail
    /usr/bin/reformail
    /usr/share/doc/maildrop/html/reformail.html
    /usr/share/man/man1/reformail.1.gz

    Should I change the .sh to reformail?
     
  7. crypted

    crypted New Member

    No, those different things.

    I guess Ubuntu uses apt-get?

    "apt-get install formail" to install it.

    Then, it should work.
     
  8. primal23

    primal23 New Member

    Can't seem to find it, with both apt-get install formail or through the synaptic package manager.... :(
     
  9. crypted

    crypted New Member

    Sorry, I was being dumb. I meant to say:
    apt-get install procmail

    formail is part of that package. Give that a go.
     
  10. primal23

    primal23 New Member

    Okay, thanks got procmail installed now, and did a locate formail and got the same result as before, is the a problem?

    And thanks for the help!
     
  11. crypted

    crypted New Member

    Try executing that script. See if it errors on you.
     
  12. primal23

    primal23 New Member

    Sweet! Works wonderfully! Thanks again SO much!!!
     
  13. Turbanator

    Turbanator Member HowtoForge Supporter

    crypted:
    Regarding the uribl addition to SA.
    Why don't you implement the grey list along with black list as they show on uribl.com?

    Code:
    urirhssub       URIBL_GREY  multi.uribl.com.        A   4
    body            URIBL_GREY  eval:check_uridnsbl('URIBL_GREY')
    describe        URIBL_GREY  Contains an URL listed in the URIBL greylist
    tflags          URIBL_GREY  net
    score           URIBL_GREY  0.25
    
    
     
  14. crypted

    crypted New Member

    Well, there were a couple of reasons why I skipped their greylisting.
    1) Their greylisting is a bit different, and would prove to be redundant most of the time. In otherwords, the method I provided already blocks almost all spam. It would add to the delivery time and would have less than a 1% additional success rate.

    2) Their greylisting technique isn't the greatest. There have been a lot of mixed reviews and some of their own developers mentioned that it's a hit and miss, at your own risk endeavor.

    So, I figured with those two reasons (and some minor things), it's not worth adding to the email delay and using additional resources vital for other server tasks for no more than a 1% gain in most instances.

    If you have a robust server and don't care about delays or possibly having extra misfires, then it would be fine to use IMO.

    That answer it decently enough?
     
  15. Turbanator

    Turbanator Member HowtoForge Supporter

    Absolutely! My spam has been greatly reduced that people are actually somewhat happy. I have yet to implement the spamtrap email address. I added a content_filter to ISPC3 global filters that blocks all email from .info addresses (thanks to Till for fixing my problem) and that has helped remove a bunch that seem to get through.

    Great work!
     
  16. edge

    edge Active Member Moderator

    Will this also work with email accounts that have "Email Catchall" enabled?
     
  17. crypted

    crypted New Member

    It works with all email addresses on the system unless you disable it on a specific email address using the whitelists.
     
  18. primal23

    primal23 New Member

    Is it possible to add emailing the mail.log at the end of the day, or should that be in a separate cronjob?
     
  19. crypted

    crypted New Member

    Many production servers will have mail.logs that are well over 50MB so that wouldn't be advisable.
     
  20. edge

    edge Active Member Moderator

    If I setup the "Spamtrap" file with a real working email address on the system, should all spam go to that account?
     

Share This Page