Jump to content

kill spam - discussion


paul
 Share

Recommended Posts

ianw1974 and I started a brief on dealing with spam, thought others my like to listen in our discussion . .or perhaps contribute :)

 

with greylisting (sqlgrey, although I'm not sure about postgrey) you should see an extra header

X-Greylist: delayed 00:17:41.4068 by SQLgrey-1.7.4

 

I've got dspam running on loudas.com 2.8g intel with 3gb ram .. seems to be alright .. hosting a bunch of domains loudas.com terminaladdict mandrivauser*.* etc

 

pretty easy to get running, althought permission was my biggest head ache

chmod 77 this directory, and that directory etc etc

 

the dspam.conf is pretty straight forward reading

 

I created an extra mail box (spam@loudas.com) and have changed amavis to quarantine method spam\@loudas.com (or what ever the syntax is)

this is so I can catch false positives, and store them in a ham folder for later learning.

 

install dspam, get the thing started, working through log files etc for errors.

then once your happy with it, just add it into amavisd

I assume you have postfix listening on a different port for amavis in master.conf?

 

ignore all the stuff about dspam creating ports and crap.

Just get it so it runs from the command line without errors.

then you add it to amavisd.conf like this

$dspam = 'dspam'

 

then in /etc/spamassassin/local.conf I've added this:

### Place more weight on DSPAM's opinion

header DSPAM_SPAM X-DSPAM-Result =~ /^Spam$/

score DSPAM_SPAM 6.0

 

header DSPAM_HAM X-DSPAM-Result =~ /^Innocent$/

score DSPAM_HAM -0.5

 

that's it .. sit back and watch it kill spam eventually

if you start with an empty db then it will take a while to learn.

 

my current db is around about 1.6gb :shock:

Link to comment
Share on other sites

My additional extra is sender verification. Checks the sender exists, and if not, bounce that email :P

 

This is what I'm gonna add next in the next couple of days, before I attempt dspam ;)

Link to comment
Share on other sites

Ah, just realised why my spamming wasn't working, was because I didn't enable razor2 and dcc in the /etc/mail/spamassassin/local.cf file. Done this now, and also emerged pyzor as well and enabled this in aforesaid file.

 

Still not done sender verification or dspam yet, will see how this all works out now before I do the rest.

Link to comment
Share on other sites

Yeah I found this. I set them to retry in like five mins, but I was sitting and waiting and waiting, some maybe even an hour later. Ah well, if it works eventually it's all good. It's only the first time they email that it's a problem.

 

And I also thought that once the system recognised me, it would be fine for all addresses. Nope, it greylists for each and every email address you send to the very first time. Was surprised!

Link to comment
Share on other sites

I've just set up some RBL lists in postfix, which seem to be working for 40% reduction. I mean that usually by the morning I've received 10 spam emails, and this morning I had 6. So not bad going :P

Link to comment
Share on other sites

here's mine

smtpd_recipient_restrictions = 
	permit_sasl_authenticated,
	permit_mynetworks,reject_non_fqdn_recipient,
	check_client_access hash:/etc/postfix/pop-before-smtp,
	reject_unauth_destination,
	reject_rbl_client zombie.dnsbl.sorbs.net,
	reject_rbl_client relays.ordb.org,
	reject_rbl_client opm.blitzed.org,
	reject_rbl_client list.dsbl.org,
	reject_rbl_client sbl.spamhaus.org,
	check_policy_service unix:private/policy-spf,
	check_policy_service inet:127.0.0.1:2501

Link to comment
Share on other sites

I only used three rbl's, the ordb, dsbl and spamhaus. I might add more, maybe is a good idea in case some are missing from the three I'm using.

 

My amavisd is now working in detecting spam using razor, which is good. Did some changes last night that did the trick, just can't remember right now what they were :P

 

Got them from here: http://gentoo-wiki.com/HOWTO_Email:_A_Comp...nd_SpamAssassin

Link to comment
Share on other sites

  • 4 months later...

Hello,

 

I use Mandrake/driva for a couple of years since 8.0. For SPAM filtering I use following:

POSTFIX + AMAVISD-NEW + CLAMAV + SpamAssassin + RAZOR + DCC

 

Postfix does the dirty work at first:

- HELO & VRFY restrictions

- smtpd_recipient_restrictions =

reject_invalid_hostname,

reject_non_fqdn_sender,

reject_non_fqdn_recipient,

reject_unknown_sender_domain,

reject_unknown_recipient_domain,

permit_mynetworks,

reject_unauth_destination,

# reject_rhsbl_sender dsn.rfc-ignorant.org,

# reject_rhsbl_sender bogusmx.rfc-ignorant.org,

reject_rbl_client zombie.dnsbl.sorbs.net,

reject_rbl_client opm.blitzed.org,

reject_rbl_client list.dsbl.org,

reject_rbl_client sbl-xbl.spamhaus.org,

reject_rbl_client cbl.abuseat.org,

reject_rbl_client bl.spamcop.net,

reject_rbl_client dul.dnsbl.sorbs.net,

permit_auth_destination,

reject

 

- RBL checks in Postfix (sorbs, spamhaus, spamcop,blitzed,dsbl,abuseat)

This filters out about 70% of all SPAM. rfc-ignorant.org got me too many false-positives so I had to disable it. I don't allow users to relay e-mails through this box, I have another box for it. (I always recommend to separate SMTP gateway from POP3/IMAP servers. SASL AUTH is good but ... u know)

 

- Then AMAVISD-NEW takes place with CLAMAV antivirus scan, RAZOR, and DCC checks, followed by SpamAssassin (whitelist enabled, auto-learn enabled, I trained bayes classifier with about 8000 SPAMs and 5000 HAMs at start then I turned on auto-learn).

 

I'm satisfied with te efficiency of this setup, however more SPAMs happened to pass thru recently. I guess we have to wait for Spamassassin team to upgrade SA to 3.1.9 :-)

 

This is a sample of recent SPAM that passes thru. Bayes gives it too low score. It's a plain text, without any GIFs.

 

YOU'VE SEEN IT BEFORE YOU SAY?!!

 

Campaign for: CDYV - Price: $0.089, 5 Day Target price: $0.425!!!

 

500%+ profit (short term)!!

 

CDYV have released very hot news. Check this out, nic and call to your brocker right now.

 

 

Just a few numbers valid for sunday, double them for weekdays:

6033 e-mail reached the server

 

4723 rejected (542 by spamcop, 3 by abuseat, 677 by sorbs, 321 by dsbl, 1359 by spamhaus, 1148 by HELP_NEED_FQDN, 183 by UNKNOWN_SENDER_DOMAIN, 454 by UNKNOWN_RECIPIENT, rest are timeouts)

 

1310 e-mails delivered to AMAVIS

 

403 classified as SPAM by SpamAssassin

c.a. 200 SPAMs containing GIF were filtered out by CLAMAV

 

The rest were delivered to user mailboxes. I guess 50% of it was spam anyway, but I can live with that, considering the user base counts 950 now.

Fighting SPAM is neverending war. Good luck.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...