anti spam measures
in [Postfix]
|
Prev: Quotes with Dovecot+Ldap
Next: 3000 recipients
From: Roman Gelfand on 3 Jan 2010 16:36 On Sun, Jan 3, 2010 at 2:59 PM, Kenneth Marshall <ktm(a)rice.edu> wrote: > On Sun, Jan 03, 2010 at 10:02:32AM -0500, Roman Gelfand wrote: >> I am running postfix with anti spam filter (policyd-weight, sqlgrey, >> grossd, dkim, senderid-milter, dspam) . With this configuration, I am >> down to under 10 spams a day. Looking at my backend server which is >> exchange 2007, I find that all of the remaining spam messages have >> spam confidence level of 7 or greater, which implies this is blatant >> spam. Is there spam filter software software that works with postfix >> that can perform checks similar to that of exchange 2007 spam >> confidence level? >> >> Thanks in advance >> > Hi Roman, > > To truly check how the Exchange 2007 spam confidence level works, > try passing all of the mail from postfix to the Exchange server. I > would be almost certain that more than 10 messages will make it > through a day. If not, then just use the Exchange processing and > you are done. If you do try the test, I would be interested in > the results so please post them. No question, exchange 2007 leaves a lot to be desired compared to postfix, dspam and other filtering features. Believe me I have tried both. Without the edge server, I was getting in access of 400 spams a day. With the current setup I was getting at most 10 spams a day. Out of those ten spams, the spam confidence level ranged between 7-9 which tells exchange, without a doubt, this is spam. My thoughts are, it can't be that exchange caught it and postfix and friends didn't. Therefore, it must something to do with my postfix configuration and/or additional filtering servers and their configurations. I just saw one spam email where the policyd-weight is -8.5, as this ip is not blacklised, and SPF is PASS, but exchange's spam confidence level is 8. BTW.. Just for the features alone it is worth switching to postfix. I think it is light years ahead and without all the fluff. Thanks> > Regards, > Ken >
From: Roman Gelfand on 3 Jan 2010 16:44 On Sun, Jan 3, 2010 at 3:37 PM, Steve <steeeeeveee(a)gmx.net> wrote: > > -------- Original-Nachricht -------- >> Datum: Sun, 3 Jan 2010 12:50:26 -0500 >> Von: Roman Gelfand <rgelfand2(a)gmail.com> >> An: Steve <steeeeeveee(a)gmx.net> >> CC: postfix-users(a)postfix.org >> Betreff: Re: anti spam measures > >> On Sun, Jan 3, 2010 at 10:13 AM, Steve <steeeeeveee(a)gmx.net> wrote: >> > >> > -------- Original-Nachricht -------- >> >> Datum: Sun, 3 Jan 2010 10:02:32 -0500 >> >> Von: Roman Gelfand <rgelfand2(a)gmail.com> >> >> An: postfix users list <postfix-users(a)postfix.org> >> >> Betreff: anti spam measures >> > >> >> I am running postfix with anti spam filter (policyd-weight, sqlgrey, >> >> grossd, dkim, senderid-milter, dspam) . With this configuration, I am >> >> down to under 10 spams a day. Looking at my backend server which is >> >> exchange 2007, I find that all of the remaining spam messages have >> >> spam confidence level of 7 or greater, which implies this is blatant >> >> spam. >> >> >> > And your current Anti-Spam solution did not tag them as Spam? >> > >> No. >> > Since DSPAM is the Anti-Spam engine you are using, you should train DSPAM to catch those Spam mails. I do train DSPAM and it works great. However, if I could block it before it gets to DSPAM, why not. I wouldn't feel bad if exchange told me this is perfectly good email. I am, looking, to do away with exchange server altogether. Thanks > > >> Since, I posted this message, I saw your discussion about s25r. >> I am trying it now. My first impression is that it is making a dent. >> > It's a cheep (in terms of resources) way to block a lot of unwanted mails.. > > >> You were, at one point, trying out geoip patched policyd-weight where >> you added points to a total score based on distance between servers. >> > Yes. I implemented that into policyd-weight after reading about SNARE (Spatio-temporal Network-level Automatic Reputation Engine). > > >> If so, would you mind sharing the patched script along with >> configuration file? >> > I have no problem sharing this code but to be honest: The discussion does not belong here in the Postfix mailing list. > > >> > >> >> Is there spam filter software software that works with postfix >> >> that can perform checks similar to that of exchange 2007 spam >> >> confidence level? >> >> >> >> Thanks in advance >> > >> > -- >> > Preisknaller: GMX DSL Flatrate für nur 16,99 Euro/mtl.! >> > http://portal.gmx.net/de/go/dsl02 >> > >> >> Thanks again >> > Please let's move that discussion out of the Postfix mailing list since it really does not belong here. Okay? Understood. > -- > GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! > Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 >
From: mouss on 3 Jan 2010 17:37 Roman Gelfand a �crit : > I am running postfix with anti spam filter (policyd-weight, sqlgrey, > grossd, dkim, senderid-milter, dspam) . With this configuration, I am > down to under 10 spams a day. Looking at my backend server which is > exchange 2007, I find that all of the remaining spam messages have > spam confidence level of 7 or greater, which implies this is blatant > spam. Is there spam filter software software that works with postfix > that can perform checks similar to that of exchange 2007 spam > confidence level? > we can't really tell since we didn't see the messages that made it through postfix+friends. if the messages contained a URI listed at uribl or surbl, then you could try using uribl/surbl via milter-link or via spamassassin (via amavisd-new). anyway, You can add spamassassin (via amavisd-new) to your chain and see if it improves your filtering. at one time, the question becomes: is the additional effort worth the pain?
From: "Steve" on 3 Jan 2010 17:55 -------- Original-Nachricht -------- > Datum: Sun, 03 Jan 2010 23:37:18 +0100 > Von: mouss <mouss(a)ml.netoyen.net> > An: postfix users list <postfix-users(a)postfix.org> > Betreff: Re: anti spam measures > Roman Gelfand a �crit : > > I am running postfix with anti spam filter (policyd-weight, sqlgrey, > > grossd, dkim, senderid-milter, dspam) . With this configuration, I am > > down to under 10 spams a day. Looking at my backend server which is > > exchange 2007, I find that all of the remaining spam messages have > > spam confidence level of 7 or greater, which implies this is blatant > > spam. Is there spam filter software software that works with postfix > > that can perform checks similar to that of exchange 2007 spam > > confidence level? > > > > we can't really tell since we didn't see the messages that made it > through postfix+friends. > > if the messages contained a URI listed at uribl or surbl, then you could > try using uribl/surbl via milter-link or via spamassassin (via > amavisd-new). > > anyway, You can add spamassassin (via amavisd-new) to your chain and see > if it improves your filtering. > I am for sure one of the people that should keep his mouth shut since I have a to strong bias but SpamAssassin? Why? He is using DSPAM and if I would purpose him another free solution then only something like CMR114 or OSBF-Lua. > at one time, the question becomes: is the additional effort worth the > pain? > Good question. -- Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3.5 - sicherer, schneller und einfacher! http://portal.gmx.net/de/go/chbrowser
From: Stan Hoeppner on 3 Jan 2010 21:44
Roman Gelfand put forth on 1/3/2010 3:44 PM: > I do train DSPAM and it works great. However, if I could block it > before it gets to DSPAM, why not. I wouldn't feel bad if exchange > told me this is perfectly good email. I am, looking, to do away with > exchange server altogether. Is managing local block lists above your "effort threshold"? If the answer is no... I've been building some local lists for about 1.5+ years now and it has pretty much completely clobbered my snowshoe problem. I get one to two spams a day in the inbox these days, if that. I go many days in a row with none. Every few weeks or so I'll see 5-10 spams in the inbox due to a run from a previously unknown snowshoe spammer IP or /27 or /24 range. I block it and sail mostly spam free again for another few weeks. I don't use any content filtering software, period, only smtpd checks, postgrey daemon, and zen.spamhaus.org. I filter about 10 countries and all of Africa using ipdeny.com cidr blocks and I do some rdns name regex rejections. Interestingly, I've not had a rejection from spamhaus in months. Heck, I don't even know if Postfix is querying zen anymore. I've nothing of zen in my logs since Sept 25, 2009. Postfix only logs zen rejections, not unsuccessful lookups (at my default logging level anyway). Anyway, I'm almost entirely spam free, whilst making use of no content filtering or dnsbls (although I do have on dnsbl configured, as mentioned previously). I run a small vanity server so YMMV. It's a pretty simple A/S setup but very effective. ~/spammer is my main anti-snowshoe file, mostly US IP space. It currently has 789 netblocks listed from /29s to a /12. I heard your gasp "Uahh! You block a /12? OMG! OMG!. This /12 happens to belong to a cable ISP: OrgName: Mediacom Communications Corp CIDR: 173.16.0.0/12 NetName: MEDIACOM-RESIDENTIAL-CUST It was not in spamhaus PBL or any other "dynamic IP" dnsbls at the time I blocked it. It's entirely residential and should be policy blocked. Anyway, here's my config in case you may any of it useful. I can provide static block lists in off list email or on a web page if you like. header_checks = pcre:/etc/postfix/header_checks mime_header_checks = pcre:/etc/postfix/mime_header_checks smtpd_helo_required = yes cidr=cidr:/etc/postfix/cidr_files smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination check_recipient_access hash:/etc/postfix/whitelist check_sender_access hash:/etc/postfix/whitelist check_client_access hash:/etc/postfix/whitelist check_client_access hash:/etc/postfix/blacklist check_client_access regexp:/etc/postfix/fqrdns.regexp check_client_access pcre:/etc/postfix/ptr-tld.pcre check_client_access ${cidr}/countries check_client_access ${cidr}/spammer check_client_access ${cidr}/misc-spam-srcs reject_unknown_client_hostname reject_non_fqdn_sender reject_non_fqdn_helo_hostname reject_invalid_helo_hostname reject_unknown_helo_hostname reject_unlisted_recipient reject_rbl_client zen.spamhaus.org check_policy_service inet:127.0.0.1:60000 -- Stan |