On 07/06/2012 04:42 PM, Lucio Crusca wrote:
> Hello *,
>
> I'd like to add antispam features to my courier-mta setup. Historically I've
> been using spamassassin at other sites (postfix), and going further back in
> history, some DSN blacklists with an ancient version of courier (back in 2005
> or so).
>
> Now I wish to use both things, a "false negative"-inclined DSN blacklist
> backed by some spam filter. However I'm not up-to-date with recent DNSBL and
> their features, and I feel like spamassassin is sort of dead (but please
> correct me if I'm wrong).
>
> Could you please give me advice about what there is out there that works well
> with courier?
>
> Thanks in advance,
> Lucio.
Hi Lucio,
Two minor config items that help.
1- in $confdir/esmtpd I set
TCPDOPTS="-stderrlogger=/usr/sbin/courierlogger -noidentlookup"
You may remove the -noidentlookup which delays the HELO session just
past 30 seconds or so. That's a tripping point for endless numbers of
BOTS out there. In that case, setup users to use 587/message submission
port for sending emails so they don't become annoyed with the delay....
Also:
BOFHCHECKDNS=1
BOFHNOEXPN=1
BOFHNOVRFY=1
all help out in the long run.
Two "attack vectors" against spam. Yes, spamassassin works decently if
populated/configured well.
1- RBL's. spaumhaus is arguably the best/cleanest 'freebee' out there
my own RBL list, YOUR MILEAGE MAY VARY and I'm pretty lazy about
updating as long as it works....yes, there are nicer ways to get this
done, but I get maybe 2-5 spams per week and 500+ hams (real email) on a
15 year old email address, so it works darned well for me anyway. Each
is worth checking what various responses indicate, and vary in intensity
of positive marking.
BLACKLISTS="-block=sbl-zen.spamhaus.org,BLOCK \
-block=multi.surbl.org,BLOCK,127.0.0.2 \
-block=multi.surbl.org,BLOCK,127.0.0.4 \
-block=multi.surbl.org,BLOCK,127.0.0.8 \
-block=multi.surbl.org,BLOCK,127.0.0.16 \
-block=multi.surbl.org,BLOCK,127.0.0.32 \
-block=multi.surbl.org,BLOCK,127.0.0.64 \
-block=dnsbl.njabl.org,BLOCK,127.0.0.2 \
-block=dnsbl.njabl.org,BLOCK,127.0.0.3 \
-block=dnsbl.njabl.org,BLOCK,127.0.0.6 \
-block=cbl.abuseat.org,BLOCK \
-block=blackholes.five-ten-sg.com,BLOCK,127.0.0.2 \
-block=blackholes.five-ten-sg.com,BLOCK,127.0.0.3 \
-block=psbl.surriel.com,BLOCK,127.0.0.2 \
-block=dnsbl.njabl.org,BLOCK,127.0.0.8"
(some of these RBL's may no longer be effective....but this is entirely
your policy choice)
Now I fall really "off" the courier list, but I find it useful, hope you
do as well!
For spamassassin, go through the trouble of following the setup in
detail, and yes, install all the optional perl modules. (this is the
biggest memory/cpu hog on my server, but I handle 15k attempts, and 2k+
daily email messages on an old dual PIII 1Gbyte server "ok"; recently
upgraded them just due to risk/age of machines....).
setup DCC and RAZOR. DCC really does work, and it's fast.
I also import via sa-update like so from openprotect.com
sa-update --allowplugins --gpgkey \
D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel \
saupdates.openprotect.com
although the massive sare lists are no longer modified, there are items
which help. http://www.stearns.org/sa-blacklist/
has lists you can convert (loads of badfrom email addresses and
domains). last time i looked, bofh file had >400k listings. no
performance problems at all.
Also, go through the trouble of feeding/teaching (sa-learn) spamassassin
about 5000 hams (good) and 5000 spams (bad) emails. Helps a lot.
Unfortunately, there are a few [big company] places that are endless
spam sources. Used to be AOL, but yahoo's fall from grace (i.e. HELO,
domain name, and reverse DNS lookup never match....) seems to be my
largest source of spam from someone who knows better.
Hope that helps!!!
andy
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
