more crazy spam

Discussion in 'General' started by crypted, Aug 30, 2010.

  1. crypted

    crypted New Member

    I run it twice a day.
     
  2. Turbanator

    Turbanator Member HowtoForge Supporter

    crypted: the postfix tag for smtpd that ends with ,permit is the full line I have in my config.


    I think it would be good to have some sort of place for users to post their antispam setups. I know it would help me, I too have a ton of spam that hits my servers (4000+ daily) and plenty get through. The URIBL is something new to me so that was helpful. Also, maybe people posting their header/content filters would also be helpful. I'm getting pressure from the bosses to get spam under control like gmail or else....in my opinion we have all the tools built in with ispc3 so there is no reason why it cannot be done (maybe go a step further like spamsnake??).

    I can't really help any further than what I've provided other than make sure you're running as-update as Till suggest but also telling it to learn from junk mail folders.
     
  3. crypted

    crypted New Member

    Turbanator: Do you have a lot of email disregarded that wasn't spam at all? Those flags don't alter the XSPAM scores do they? It appears to be a direct deletion at upon incoming to the system...

    I agree it would be useful to work together to post information to come up with a better spam solution comprised of all the thirdparty lists and what not...
     
  4. Turbanator

    Turbanator Member HowtoForge Supporter

    By putting your tag 1 level to -1000 as you have, every email gets tagged.

    The smptd restrictions, I believe, block the emails from coming into the system at all.

    I'm at the point of reading more about the uribl (or others for use within spamassasin) and setting up content filters which is probably the best solution since we get a lot of "spam" that comes through with low tags, but are clearly unwanted emails.
     
  5. crypted

    crypted New Member

    Post your findings here, please....once you've come up with more SA solutions.
     
  6. crypted

    crypted New Member

    Still receiving spam. I don't see anything about HELO in the main.cf for postfix. Anyone else setup/modify the configuration to add that?

    Some say that most spam emails do not say HELLO to the postfix server when sending it to you. Whereas all normal email will have a HELLO initiation.

    Thoughts?

    Here is my MAIN.CF showing my restrictions and all. It's filtering out about 20+ extra a day that would have made it to INBOX. No telling how many its filtering that would have been caught by SA and sent to Junk.

    Code:
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    readme_directory = /usr/share/doc/postfix
    
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    
    myhostname = my.derekgordon.com
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = my.derekgordon.com, localhost, localhost.localdomain
    relayhost = 
    mynetworks = 127.0.0.0/8 [::1]/128
    mailbox_command = procmail -a "$EXTENSION"
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains = 
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    # smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination,reject_rbl_client zen.spamhaus.org,reject_rbl_client dnsbl.sorbs.net,reject_rbl_client bl.spamcop.net, reject_rbl_client combined.rbl.msrbl.net, reject_rbl_client multihop.dsbl.org, permit
    smtpd_tls_security_level = may
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    virtual_create_maildirsize = yes
    virtual_maildir_extended = yes
    virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
    virtual_mailbox_limit_override = yes
    virtual_maildir_limit_message = "The user you are trying to reach is over quota."
    virtual_overquota_bounce = yes
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = maildrop
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
    message_size_limit = 0
    Opinions welcome.
     
  7. crypted

    crypted New Member

Share This Page