On Thu, 16 Jan 2003 09:26:58 -0800 Ric Tibbetts <[EMAIL PROTECTED]> wrote:
[snip] > I've been using the logs you referenced. They're coming out in > /var/log/mail/info. It references all the mail. I weed through it, and, > like you, use the info to stop good mail from getting filtered, and > catching the bad stuff that sneaks through. Eventually, it should go > into low maintenance mode. But since it's new, I'm watching it very > closely. Over time it becomes a simple "there's that jerk again", or "another A**hole that needs 'drop <IP_addr> 25|all'...", etc... 2nd nature in no time, then it slows down... I hardly get any spam nowawadays and my only tools are postfix and iptables for the obnoxious -- I've been thinking about automating much of what I've learned -- just gotta find time... > I'm really pleased that postfix has the ability to do this. It's a great > feature, that I didn't know existed. I've been using for quite some time and prefer to stop spam before it gets in than have it waste my resources and filter later. > One thing I did change from the bit posted above: > I took out "reject_unknown_hostname". It was rejecting way too much > mail! Even a lot of good mail. Seems that a lot of mail originates from > within an intranet where the hostname is not known to the internet at > large. Removing that, only allowed a small amount of spam to leak > through, and I've been able to either filter that locally, or report it, > so it's not a big deal. Actually, the "unknown" host that gets rejected is the one that establishes the connection with yours... doesn't matter where it originated or how many intervening hosts. Most of these are just DNS problems or the mailhost claiming to be foo.abc.com while their DNS claims it's bar.abc.com -- a quick e-mail to the postmaster often clears it up -- the worst offenders that just won't fix their problems are usually the largest organizations... > I just re-read your message, and checked my main.cf. YOu're talking > about it actively mailing you for each rejection? Yup... I get just a few of those a day -- sending you copy of yesterday's summary report offline. > I've added that stanza, we'll see what happens. Right now, I'm just > relying on the logs. > > Thanks for the note, and the web site! It helped. Gotta find time to update my pages... > Ric HTH, Pierre PS: Let me know what you've added -- I'm not averse to learning more... :^) PPS: Postfix 2 is available; but I've only had a quick peek at it -- some interesting changes that should help even more...
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
