Spam filtering
in [Postfix]
|
From: "Steffan A. Cline" on 22 Jun 2010 21:01 I am using postfix with Virtualmin and am trying to follow numerous tutorials on spam prevention/handling. I have tried to apply the following to the postfix main.cf file. smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit #check_helo_access hash:/usr/local/etc/postfix/helo_access, smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_destination, permit smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, permit #check_policy_service unix:postgrey/socket, #check_policy_service unix:private/spfpolicy #check_policy_service inet:127.0.0.1:10023 #reject_rbl_client relays.ordb.org, #reject_rbl_client list.dsbl.org, #reject_rbl_client sbl-xbl.spamhaus.org, #check_sender_access hash:/etc/postfix/sender_access, #check_recipient_access hash:/etc/postfix/recipient_access, smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.sorbs.net, permit The items that are commented out are of concern. I cannot figure out how to set them right. I have the rbl in the client_restrictions but online the examples show in the recipient. Which is it? client or recipient? Also, is there a good tutorial on configuring the HELO access file? I am migrating from Eudora Internet Mail Server and have some nice HELO rules set up there to catch a bunch of spam. I'd like to incorporate them into the postfix setup. For the HELO: does not contain . starts with [ contains .dynamic. contains .adsl. ends with .airtelbroadband.in is speedtouch.lan is gmail.com contains .pool. starts with adsl- is dsldevice.lan contains .dsl. Expressions for a few of the top expressions: Typical names for household connections contain a name followed by an ip (dashed or dotted) [a-zA-Z_-][0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}. [a-zA-Z_-][0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}. Plain IP number without [ ]: [0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3} With the spf handling, I keep seeing mention of a file that I am supposed to have but it was not included in the install of CentOS 5. smtpd-policy.pl is the file that everyone mentions I need for the SPF but it's no where to be found and I did not see anywhere online to download this. In one spot, I saw mention that it is not needed. Which is it? Is it worth it? I have postgrey installed via yum. Does anyone know how to make all this work? It seems it would be optimal setup for spam prevention. It's a long post. Sorry. Thanks Steffan --------------------------------------------------------------- T E L 6 0 2 . 7 9 3 . 0 0 1 4 | F A X 6 0 2 . 9 7 1 . 1 6 9 4 Steffan A. Cline Steffan(a)ExecuChoice.net Phoenix, Az http://www.ExecuChoice.net USA AIM : SteffanC ICQ : 57234309 YAHOO : Steffan_Cline MSN : steffan(a)hldns.com GOOGLE: Steffan.Cline Lasso Partner Alliance Member ---------------------------------------------------------------
From: Stan Hoeppner on 23 Jun 2010 00:34 Steffan A. Cline put forth on 6/22/2010 8:01 PM: > It's a long post. Sorry. Yeah, it was long, and probably overly ambitious for a single thread topic. Instead of addressing your questions about individual main.cf parameter settings and policy services, I'm going to make a few suggestions which should give you a good start on rejecting most spam. 1. Keep your configuration as streamlined and simple as possible 2. Put all your restrictions under smtpd_recipient_restrictions 3. Use the regexp table I'm providing at the link far below 4. Use dnsbl queries selectively (why they're at the bottom) 5. Use only selective greylisting with postgrey (why it's last) Here's a sample smtpd_recipient_restrictions section you could start with, good with IIRC Postfix 2.3 and later. But first: smtpd_delay_reject = yes (unneeded as it's the default behavior) smtpd_helo_required = yes (you need this) smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination permit_sasl_authenticated reject_unknown_reverse_client_hostname reject_non_fqdn_sender reject_non_fqdn_helo_hostname reject_invalid_helo_hostname reject_unknown_helo_hostname reject_unlisted_recipient check_client_access regexp:/etc/postfix/fqrdns.regexp reject_rbl_client zen.spamhaus.org reject_rhsbl_client dbl.spamhaus.org reject_rhsbl_sender dbl.spamhaus.org reject_rhsbl_helo dbl.spamhaus.org check_policy_service inet:127.0.0.1:60000 This should be all you need for now. You will improve this configuration over time. It appears in your example that you're querying postgrey twice, once via UNIX socket and once via inet. Pick one method, don't use both. I use the inet method (last line in main.cf above). You will need to configure that one method per the postgrey instructions. The Postgrey daemon config file on Debian is at the following location. On CentOS it may be located in a different directory. I don't use any Red Hat products so I'm unsure. You'll have to find it. cat /etc/default/postgrey # postgrey startup options, created for Debian # (c)2004 Adrian von Bidder <avbidder(a)fortytwo.ch> # Distribute and/or modify at will. # you may want to set # --delay=N how long to greylist, seconds (default: 300) # --max-age=N delete old entries after N days (default: 35) # see also the postgrey(8) manpage POSTGREY_OPTS="--inet=127.0.0.1:60000" # the --greylist-text commandline argument can not be easily passed through # POSTGREY_OPTS when it contains spaces. So, insert your text here: #POSTGREY_TEXT="Your customized rejection message here" If you run into problems, "man 8 postgrey" SPF and DKIM checks are pretty much useless for killing spam. You will already kill bot spam with other methods. Many snowshoe spammers are keen on using SPF records and to a lesser extent DKIM sigs. There really aren't any other large classes of spammers than bot and snowshoe, so again, trying to kill spam with SPF and DKIM checks is mostly an exercise in futility, and it adds unneeded complexity to your configuration. This has been discussed ad naseam on many spam fighting lists over the years. Regarding helo checks, it seems you're merely wanting to save effort expended on a previous mail server platform on which they worked well. Wrong logic. Helo checks won't kill much more spam than other checks, and the helo checks above are typically sufficient without getting into table checks against them. Don't worry about dragging the old helo stuff over to Postfix, as it will be wasted effort for the most part. Maybe keep them around for a rainy day down the road and convert them over _IF_ you find you _need_ them. Again, think "streamline". Try to keep the configuration _simple_. The more complicated you make main.cf now the harder to troubleshoot is becomes later. Notice how short and simple my restriction list is? And don't think for a minute I created that overnight. I've been using Postfix since 2005 and have been refining it for 5 years. It became really streamlines after I took the advice of members of this list. Noel, mouss, and many others have helped me tremendously in streamlining my Postfix config, along with the excellent documentation, which can at times be a bit intimidating to the novice. This magic regexp table will kill a lot of bot and other spam coming from various ISPs' mostly dynamic space and will do it quicker than a dnsbl lookup. Another advantage is that it cuts down on your lookup queries, so if you're on that 300k Spamhaus borderline limit between paid and free service, this should drop those queries to the point you could likely use the free service. Even if you're not borderline, it's always better to kill spam with local filters before querying any outside service, dnsbl or otherwise. Download this http://www.hardwarefreak.com/fqrdns.regexp and save it in /etc/postfix/fqrdns.regexp as root. Make sure the permissions are the same as your other lookup tables. Hope this gives you a good start with Postfix spam fighting. Please continue to ask questions if you need more pointers. Also, make use of the extensive documentation and how to's on the Postfix website: http://www.postfix.org/documentation.html http://www.postfix.org/docs.html -- Stan
From: Charles Marcus on 23 Jun 2010 08:57 On 2010-06-23 12:34 AM, Stan Hoeppner wrote: > smtpd_recipient_restrictions = > permit_mynetworks > reject_unauth_destination > permit_sasl_authenticated Under most circumstances, reject_unauth_destination should go *after* permit_sasl_authenticated, or your sasl authenticated users will not be able to relay. So... > smtpd_recipient_restrictions = > permit_mynetworks > permit_sasl_authenticated > reject_unauth_destination > etc -- Best regards, Charles
From: "Steffan A. Cline" on 23 Jun 2010 09:39 Stan, Thanks for the quick reply. All I can say is WOW. I did poke around on this CentOS install and am not seeing a config file like you have but perhaps this is it: [root(a)hosting1 ~]# find / -name postgrey /usr/sbin/postgrey /etc/rc.d/init.d/postgrey /var/spool/postfix/postgrey ________________________________________________________ [root(a)hosting1 ~]# cat /etc/rc.d/init.d/postgrey #!/bin/sh # # chkconfig: - 79 31 # description: Postfix Greylisting Policy Server # # processname: postgrey # # Source function library. .. /etc/rc.d/init.d/functions # Source networking configuration. .. /etc/sysconfig/network # Check that networking is up. [ ${NETWORKING} = "no" ] && exit 0 prog=postgrey postgrey=/usr/sbin/$prog DBPATH=/var/spool/postfix/postgrey SOCKET=$DBPATH/socket OPTIONS="--unix=$SOCKET" # Source an auxiliary options file if we have one, and pick up OPTIONS, if [ -r /etc/sysconfig/$prog ]; then . /etc/sysconfig/$prog fi [ -x $postgrey -a -d $DBPATH ] || exit 0 RETVAL=0 start() { echo -n $"Starting $prog: " daemon $postgrey -d $OPTIONS RETVAL=$? echo [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog } stop() { echo -n $"Stopping $prog: " killproc $postgrey RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog } restart() { stop start } reload() { echo -n $"Reloading $prog: " killproc $postgrey -HUP RETVAL=$? echo } # See how we were called. case "$1" in start) start ;; stop) stop ;; restart) restart ;; reload) reload ;; condrestart) [ -f /var/lock/subsys/$prog ] && restart ;; status) status $postgrey ;; *) echo $"Usage: $0 {start|stop|restart|condrestart|reload|status}" exit 1 esac exit $RETVAL ________________________________________________________ I am assuming from your conf file you have: > POSTGREY_OPTS="--inet=127.0.0.1:60000" From the options I see, I could put that into the startup file above by changing: OPTIONS="--unix=$SOCKET" To OPTIONS="--inet=127.0.0.1:60000" My question now lies in do I need to add any any additional config to master.cf file to take advantage of this service? Thanks Steffan --------------------------------------------------------------- T E L 6 0 2 . 7 9 3 . 0 0 1 4 | F A X 6 0 2 . 9 7 1 . 1 6 9 4 Steffan A. Cline Steffan(a)ExecuChoice.net Phoenix, Az http://www.ExecuChoice.net USA AIM : SteffanC ICQ : 57234309 YAHOO : Steffan_Cline MSN : steffan(a)hldns.com GOOGLE: Steffan.Cline Lasso Partner Alliance Member --------------------------------------------------------------- > From: Stan Hoeppner <stan(a)hardwarefreak.com> > Date: Tue, 22 Jun 2010 23:34:09 -0500 > To: <postfix-users(a)postfix.org> > Subject: Re: Spam filtering > > Steffan A. Cline put forth on 6/22/2010 8:01 PM: > >> It's a long post. Sorry. > > Yeah, it was long, and probably overly ambitious for a single thread topic. > Instead of addressing your questions about individual main.cf parameter > settings and policy services, I'm going to make a few suggestions which should > give you a good start on rejecting most spam. > > 1. Keep your configuration as streamlined and simple as possible > 2. Put all your restrictions under smtpd_recipient_restrictions > 3. Use the regexp table I'm providing at the link far below > 4. Use dnsbl queries selectively (why they're at the bottom) > 5. Use only selective greylisting with postgrey (why it's last) > > Here's a sample smtpd_recipient_restrictions section you could start with, > good with IIRC Postfix 2.3 and later. But first: > > smtpd_delay_reject = yes (unneeded as it's the default behavior) > smtpd_helo_required = yes (you need this) > > smtpd_recipient_restrictions = > permit_mynetworks > reject_unauth_destination > permit_sasl_authenticated > reject_unknown_reverse_client_hostname > reject_non_fqdn_sender > reject_non_fqdn_helo_hostname > reject_invalid_helo_hostname > reject_unknown_helo_hostname > reject_unlisted_recipient > check_client_access regexp:/etc/postfix/fqrdns.regexp > reject_rbl_client zen.spamhaus.org > reject_rhsbl_client dbl.spamhaus.org > reject_rhsbl_sender dbl.spamhaus.org > reject_rhsbl_helo dbl.spamhaus.org > check_policy_service inet:127.0.0.1:60000 > > This should be all you need for now. You will improve this configuration over > time. > > It appears in your example that you're querying postgrey twice, once via UNIX > socket and once via inet. Pick one method, don't use both. I use the inet > method (last line in main.cf above). You will need to configure that one > method per the postgrey instructions. > > The Postgrey daemon config file on Debian is at the following location. On > CentOS it may be located in a different directory. I don't use any Red Hat > products so I'm unsure. You'll have to find it. > > cat /etc/default/postgrey > # postgrey startup options, created for Debian > # (c)2004 Adrian von Bidder <avbidder(a)fortytwo.ch> > # Distribute and/or modify at will. > > # you may want to set > # --delay=N how long to greylist, seconds (default: 300) > # --max-age=N delete old entries after N days (default: 35) > # see also the postgrey(8) manpage > > POSTGREY_OPTS="--inet=127.0.0.1:60000" > > # the --greylist-text commandline argument can not be easily passed through > # POSTGREY_OPTS when it contains spaces. So, insert your text here: > #POSTGREY_TEXT="Your customized rejection message here" > > If you run into problems, "man 8 postgrey" > > > SPF and DKIM checks are pretty much useless for killing spam. You will > already kill bot spam with other methods. Many snowshoe spammers are keen on > using SPF records and to a lesser extent DKIM sigs. There really aren't any > other large classes of spammers than bot and snowshoe, so again, trying to > kill spam with SPF and DKIM checks is mostly an exercise in futility, and it > adds unneeded complexity to your configuration. This has been discussed ad > naseam on many spam fighting lists over the years. > > Regarding helo checks, it seems you're merely wanting to save effort expended > on a previous mail server platform on which they worked well. Wrong logic. > Helo checks won't kill much more spam than other checks, and the helo checks > above are typically sufficient without getting into table checks against them. > Don't worry about dragging the old helo stuff over to Postfix, as it will be > wasted effort for the most part. Maybe keep them around for a rainy day down > the road and convert them over _IF_ you find you _need_ them. > > Again, think "streamline". Try to keep the configuration _simple_. The more > complicated you make main.cf now the harder to troubleshoot is becomes later. > Notice how short and simple my restriction list is? And don't think for a > minute I created that overnight. I've been using Postfix since 2005 and have > been refining it for 5 years. It became really streamlines after I took the > advice of members of this list. Noel, mouss, and many others have helped me > tremendously in streamlining my Postfix config, along with the excellent > documentation, which can at times be a bit intimidating to the novice. > > This magic regexp table will kill a lot of bot and other spam coming from > various ISPs' mostly dynamic space and will do it quicker than a dnsbl lookup. > Another advantage is that it cuts down on your lookup queries, so if you're > on that 300k Spamhaus borderline limit between paid and free service, this > should drop those queries to the point you could likely use the free service. > Even if you're not borderline, it's always better to kill spam with local > filters before querying any outside service, dnsbl or otherwise. > > Download this http://www.hardwarefreak.com/fqrdns.regexp and save it in > /etc/postfix/fqrdns.regexp as root. Make sure the permissions are the same as > your other lookup tables. > > > Hope this gives you a good start with Postfix spam fighting. Please continue > to ask questions if you need more pointers. Also, make use of the extensive > documentation and how to's on the Postfix website: > > http://www.postfix.org/documentation.html > http://www.postfix.org/docs.html > > -- > Stan >
From: "Steffan A. Cline" on 23 Jun 2010 09:51
Stan, Ok.. I did find where CentOS would store the config file. It appears that it puts it in /etc/sysconfig/postgrey I should have read the init script a little closer. So, I copied yours and pasted it into that file and should be ready there but my question still stands about whether or not a config has to be added to the master.cf file for this purpose. Thanks Steffan --------------------------------------------------------------- T E L 6 0 2 . 7 9 3 . 0 0 1 4 | F A X 6 0 2 . 9 7 1 . 1 6 9 4 Steffan A. Cline Steffan(a)ExecuChoice.net Phoenix, Az http://www.ExecuChoice.net USA AIM : SteffanC ICQ : 57234309 YAHOO : Steffan_Cline MSN : steffan(a)hldns.com GOOGLE: Steffan.Cline Lasso Partner Alliance Member --------------------------------------------------------------- > From: Steffan Cline <steffan(a)hldns.com> > Date: Wed, 23 Jun 2010 06:39:04 -0700 > To: <postfix-users(a)postfix.org> > Subject: Re: Spam filtering > > Stan, > > Thanks for the quick reply. All I can say is WOW. > > I did poke around on this CentOS install and am not seeing a config file > like you have but perhaps this is it: > > [root(a)hosting1 ~]# find / -name postgrey > /usr/sbin/postgrey > /etc/rc.d/init.d/postgrey > /var/spool/postfix/postgrey > > ________________________________________________________ > [root(a)hosting1 ~]# cat /etc/rc.d/init.d/postgrey > #!/bin/sh > # > # chkconfig: - 79 31 > # description: Postfix Greylisting Policy Server > # > # processname: postgrey > # > > # Source function library. > . /etc/rc.d/init.d/functions > > # Source networking configuration. > . /etc/sysconfig/network > > # Check that networking is up. > [ ${NETWORKING} = "no" ] && exit 0 > > prog=postgrey > postgrey=/usr/sbin/$prog > DBPATH=/var/spool/postfix/postgrey > SOCKET=$DBPATH/socket > OPTIONS="--unix=$SOCKET" > > # Source an auxiliary options file if we have one, and pick up OPTIONS, > if [ -r /etc/sysconfig/$prog ]; then > . /etc/sysconfig/$prog > fi > > [ -x $postgrey -a -d $DBPATH ] || exit 0 > > RETVAL=0 > > start() { > echo -n $"Starting $prog: " > daemon $postgrey -d $OPTIONS > RETVAL=$? > echo > [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog > } > stop() { > echo -n $"Stopping $prog: " > killproc $postgrey > RETVAL=$? > echo > [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog > } > > restart() { > stop > start > } > > reload() { > echo -n $"Reloading $prog: " > killproc $postgrey -HUP > RETVAL=$? > echo > } > > # See how we were called. > case "$1" in > start) > start > ;; > stop) > stop > ;; > restart) > restart > ;; > reload) > reload > ;; > condrestart) > [ -f /var/lock/subsys/$prog ] && restart > ;; > status) > status $postgrey > ;; > *) > echo $"Usage: $0 {start|stop|restart|condrestart|reload|status}" > exit 1 > esac > > exit $RETVAL > > > ________________________________________________________ > > I am assuming from your conf file you have: >> POSTGREY_OPTS="--inet=127.0.0.1:60000" > From the options I see, I could put that into the startup file above by > changing: > OPTIONS="--unix=$SOCKET" > To > OPTIONS="--inet=127.0.0.1:60000" > > My question now lies in do I need to add any any additional config to > master.cf file to take advantage of this service? > > > > > Thanks > > Steffan > > --------------------------------------------------------------- > T E L 6 0 2 . 7 9 3 . 0 0 1 4 | F A X 6 0 2 . 9 7 1 . 1 6 9 4 > Steffan A. Cline > Steffan(a)ExecuChoice.net Phoenix, Az > http://www.ExecuChoice.net USA > AIM : SteffanC ICQ : 57234309 > YAHOO : Steffan_Cline MSN : steffan(a)hldns.com > GOOGLE: Steffan.Cline Lasso Partner Alliance Member > --------------------------------------------------------------- > > > >> From: Stan Hoeppner <stan(a)hardwarefreak.com> >> Date: Tue, 22 Jun 2010 23:34:09 -0500 >> To: <postfix-users(a)postfix.org> >> Subject: Re: Spam filtering >> >> Steffan A. Cline put forth on 6/22/2010 8:01 PM: >> >>> It's a long post. Sorry. >> >> Yeah, it was long, and probably overly ambitious for a single thread topic. >> Instead of addressing your questions about individual main.cf parameter >> settings and policy services, I'm going to make a few suggestions which >> should >> give you a good start on rejecting most spam. >> >> 1. Keep your configuration as streamlined and simple as possible >> 2. Put all your restrictions under smtpd_recipient_restrictions >> 3. Use the regexp table I'm providing at the link far below >> 4. Use dnsbl queries selectively (why they're at the bottom) >> 5. Use only selective greylisting with postgrey (why it's last) >> >> Here's a sample smtpd_recipient_restrictions section you could start with, >> good with IIRC Postfix 2.3 and later. But first: >> >> smtpd_delay_reject = yes (unneeded as it's the default behavior) >> smtpd_helo_required = yes (you need this) >> >> smtpd_recipient_restrictions = >> permit_mynetworks >> reject_unauth_destination >> permit_sasl_authenticated >> reject_unknown_reverse_client_hostname >> reject_non_fqdn_sender >> reject_non_fqdn_helo_hostname >> reject_invalid_helo_hostname >> reject_unknown_helo_hostname >> reject_unlisted_recipient >> check_client_access regexp:/etc/postfix/fqrdns.regexp >> reject_rbl_client zen.spamhaus.org >> reject_rhsbl_client dbl.spamhaus.org >> reject_rhsbl_sender dbl.spamhaus.org >> reject_rhsbl_helo dbl.spamhaus.org >> check_policy_service inet:127.0.0.1:60000 >> >> This should be all you need for now. You will improve this configuration >> over >> time. >> >> It appears in your example that you're querying postgrey twice, once via UNIX >> socket and once via inet. Pick one method, don't use both. I use the inet >> method (last line in main.cf above). You will need to configure that one >> method per the postgrey instructions. >> >> The Postgrey daemon config file on Debian is at the following location. On >> CentOS it may be located in a different directory. I don't use any Red Hat >> products so I'm unsure. You'll have to find it. >> >> cat /etc/default/postgrey >> # postgrey startup options, created for Debian >> # (c)2004 Adrian von Bidder <avbidder(a)fortytwo.ch> >> # Distribute and/or modify at will. >> >> # you may want to set >> # --delay=N how long to greylist, seconds (default: 300) >> # --max-age=N delete old entries after N days (default: 35) >> # see also the postgrey(8) manpage >> >> POSTGREY_OPTS="--inet=127.0.0.1:60000" >> >> # the --greylist-text commandline argument can not be easily passed through >> # POSTGREY_OPTS when it contains spaces. So, insert your text here: >> #POSTGREY_TEXT="Your customized rejection message here" >> >> If you run into problems, "man 8 postgrey" >> >> >> SPF and DKIM checks are pretty much useless for killing spam. You will >> already kill bot spam with other methods. Many snowshoe spammers are keen on >> using SPF records and to a lesser extent DKIM sigs. There really aren't any >> other large classes of spammers than bot and snowshoe, so again, trying to >> kill spam with SPF and DKIM checks is mostly an exercise in futility, and it >> adds unneeded complexity to your configuration. This has been discussed ad >> naseam on many spam fighting lists over the years. >> >> Regarding helo checks, it seems you're merely wanting to save effort expended >> on a previous mail server platform on which they worked well. Wrong logic. >> Helo checks won't kill much more spam than other checks, and the helo checks >> above are typically sufficient without getting into table checks against >> them. >> Don't worry about dragging the old helo stuff over to Postfix, as it will be >> wasted effort for the most part. Maybe keep them around for a rainy day down >> the road and convert them over _IF_ you find you _need_ them. >> >> Again, think "streamline". Try to keep the configuration _simple_. The more >> complicated you make main.cf now the harder to troubleshoot is becomes later. >> Notice how short and simple my restriction list is? And don't think for a >> minute I created that overnight. I've been using Postfix since 2005 and have >> been refining it for 5 years. It became really streamlines after I took the >> advice of members of this list. Noel, mouss, and many others have helped me >> tremendously in streamlining my Postfix config, along with the excellent >> documentation, which can at times be a bit intimidating to the novice. >> >> This magic regexp table will kill a lot of bot and other spam coming from >> various ISPs' mostly dynamic space and will do it quicker than a dnsbl >> lookup. >> Another advantage is that it cuts down on your lookup queries, so if you're >> on that 300k Spamhaus borderline limit between paid and free service, this >> should drop those queries to the point you could likely use the free service. >> Even if you're not borderline, it's always better to kill spam with local >> filters before querying any outside service, dnsbl or otherwise. >> >> Download this http://www.hardwarefreak.com/fqrdns.regexp and save it in >> /etc/postfix/fqrdns.regexp as root. Make sure the permissions are the same >> as >> your other lookup tables. >> >> >> Hope this gives you a good start with Postfix spam fighting. Please continue >> to ask questions if you need more pointers. Also, make use of the extensive >> documentation and how to's on the Postfix website: >> >> http://www.postfix.org/documentation.html >> http://www.postfix.org/docs.html >> >> -- >> Stan >> > > |