paul Posted November 22, 2006 Report Share Posted November 22, 2006 ianw1974 and I started a brief on dealing with spam, thought others my like to listen in our discussion . .or perhaps contribute :) with greylisting (sqlgrey, although I'm not sure about postgrey) you should see an extra header X-Greylist: delayed 00:17:41.4068 by SQLgrey-1.7.4 I've got dspam running on loudas.com 2.8g intel with 3gb ram .. seems to be alright .. hosting a bunch of domains loudas.com terminaladdict mandrivauser*.* etc pretty easy to get running, althought permission was my biggest head ache chmod 77 this directory, and that directory etc etc the dspam.conf is pretty straight forward reading I created an extra mail box (spam@loudas.com) and have changed amavis to quarantine method spam\@loudas.com (or what ever the syntax is) this is so I can catch false positives, and store them in a ham folder for later learning. install dspam, get the thing started, working through log files etc for errors. then once your happy with it, just add it into amavisd I assume you have postfix listening on a different port for amavis in master.conf? ignore all the stuff about dspam creating ports and crap. Just get it so it runs from the command line without errors. then you add it to amavisd.conf like this $dspam = 'dspam' then in /etc/spamassassin/local.conf I've added this: ### Place more weight on DSPAM's opinion header DSPAM_SPAM X-DSPAM-Result =~ /^Spam$/ score DSPAM_SPAM 6.0 header DSPAM_HAM X-DSPAM-Result =~ /^Innocent$/ score DSPAM_HAM -0.5 that's it .. sit back and watch it kill spam eventually if you start with an empty db then it will take a while to learn. my current db is around about 1.6gb :shock: Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted November 22, 2006 Report Share Posted November 22, 2006 My additional extra is sender verification. Checks the sender exists, and if not, bounce that email :P This is what I'm gonna add next in the next couple of days, before I attempt dspam ;) Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted November 22, 2006 Report Share Posted November 22, 2006 Ah, just realised why my spamming wasn't working, was because I didn't enable razor2 and dcc in the /etc/mail/spamassassin/local.cf file. Done this now, and also emerged pyzor as well and enabled this in aforesaid file. Still not done sender verification or dspam yet, will see how this all works out now before I do the rest. Quote Link to comment Share on other sites More sharing options...
paul Posted November 22, 2006 Author Report Share Posted November 22, 2006 initial results from greylisting is good. although mails are now delayed some mail servers have taken 30 minutes to retry :| Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted November 23, 2006 Report Share Posted November 23, 2006 Yeah I found this. I set them to retry in like five mins, but I was sitting and waiting and waiting, some maybe even an hour later. Ah well, if it works eventually it's all good. It's only the first time they email that it's a problem. And I also thought that once the system recognised me, it would be fine for all addresses. Nope, it greylists for each and every email address you send to the very first time. Was surprised! Quote Link to comment Share on other sites More sharing options...
paul Posted November 23, 2006 Author Report Share Posted November 23, 2006 I've got my "boy" (up and coming sys admin) adding stuff into the whitelist :D Quote Link to comment Share on other sites More sharing options...
tyme Posted November 27, 2006 Report Share Posted November 27, 2006 to kill spam, delete any e-mail accounts you have. :D Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted November 28, 2006 Report Share Posted November 28, 2006 Not sure mine is working, still getting a load through. Looks like I need dspam and sender verification. Quote Link to comment Share on other sites More sharing options...
paul Posted November 28, 2006 Author Report Share Posted November 28, 2006 I'm having an issue or 2 trying to get dspam trained from a cyrus mailbox .. which is a bummer .. courier-imap presents no problems at all. Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted November 29, 2006 Report Share Posted November 29, 2006 I've just set up some RBL lists in postfix, which seem to be working for 40% reduction. I mean that usually by the morning I've received 10 spam emails, and this morning I had 6. So not bad going :P Quote Link to comment Share on other sites More sharing options...
paul Posted November 29, 2006 Author Report Share Posted November 29, 2006 here's mine smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,reject_non_fqdn_recipient, check_client_access hash:/etc/postfix/pop-before-smtp, reject_unauth_destination, reject_rbl_client zombie.dnsbl.sorbs.net, reject_rbl_client relays.ordb.org, reject_rbl_client opm.blitzed.org, reject_rbl_client list.dsbl.org, reject_rbl_client sbl.spamhaus.org, check_policy_service unix:private/policy-spf, check_policy_service inet:127.0.0.1:2501 Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted November 30, 2006 Report Share Posted November 30, 2006 I only used three rbl's, the ordb, dsbl and spamhaus. I might add more, maybe is a good idea in case some are missing from the three I'm using. My amavisd is now working in detecting spam using razor, which is good. Did some changes last night that did the trick, just can't remember right now what they were :P Got them from here: http://gentoo-wiki.com/HOWTO_Email:_A_Comp...nd_SpamAssassin Quote Link to comment Share on other sites More sharing options...
Guest Rok Posted April 9, 2007 Report Share Posted April 9, 2007 Hello, I use Mandrake/driva for a couple of years since 8.0. For SPAM filtering I use following: POSTFIX + AMAVISD-NEW + CLAMAV + SpamAssassin + RAZOR + DCC Postfix does the dirty work at first: - HELO & VRFY restrictions - smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, # reject_rhsbl_sender dsn.rfc-ignorant.org, # reject_rhsbl_sender bogusmx.rfc-ignorant.org, reject_rbl_client zombie.dnsbl.sorbs.net, reject_rbl_client opm.blitzed.org, reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dul.dnsbl.sorbs.net, permit_auth_destination, reject - RBL checks in Postfix (sorbs, spamhaus, spamcop,blitzed,dsbl,abuseat) This filters out about 70% of all SPAM. rfc-ignorant.org got me too many false-positives so I had to disable it. I don't allow users to relay e-mails through this box, I have another box for it. (I always recommend to separate SMTP gateway from POP3/IMAP servers. SASL AUTH is good but ... u know) - Then AMAVISD-NEW takes place with CLAMAV antivirus scan, RAZOR, and DCC checks, followed by SpamAssassin (whitelist enabled, auto-learn enabled, I trained bayes classifier with about 8000 SPAMs and 5000 HAMs at start then I turned on auto-learn). I'm satisfied with te efficiency of this setup, however more SPAMs happened to pass thru recently. I guess we have to wait for Spamassassin team to upgrade SA to 3.1.9 :-) This is a sample of recent SPAM that passes thru. Bayes gives it too low score. It's a plain text, without any GIFs. YOU'VE SEEN IT BEFORE YOU SAY?!! Campaign for: CDYV - Price: $0.089, 5 Day Target price: $0.425!!! 500%+ profit (short term)!! CDYV have released very hot news. Check this out, nic and call to your brocker right now. Just a few numbers valid for sunday, double them for weekdays: 6033 e-mail reached the server 4723 rejected (542 by spamcop, 3 by abuseat, 677 by sorbs, 321 by dsbl, 1359 by spamhaus, 1148 by HELP_NEED_FQDN, 183 by UNKNOWN_SENDER_DOMAIN, 454 by UNKNOWN_RECIPIENT, rest are timeouts) 1310 e-mails delivered to AMAVIS 403 classified as SPAM by SpamAssassin c.a. 200 SPAMs containing GIF were filtered out by CLAMAV The rest were delivered to user mailboxes. I guess 50% of it was spam anyway, but I can live with that, considering the user base counts 950 now. Fighting SPAM is neverending war. Good luck. Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted April 10, 2007 Report Share Posted April 10, 2007 I've got 94% of spam blocked so far from my server :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.