I'm not sure that I understand your question exactly, but the IMGate machine
rejects any unauthorized relays OR mail to non-existent domains and/or
accounts. It's incredibly simple to add a list of what domain names you will
allow relaying to. Adding a list of allowed users is a bit trickier though.
You can allegedly use LDAP, but for right now I am just periodically
generating a text list from Imail of the legit users for each domain and
adding them to the gateway box as needed.
With a local list of "authorized recipients", you never have ANY dictionary
attacks or bogus addresses hitting your main (Imail) server. This feature
alone makes using an IMGate/Postfix gateway all worth it. Eventually, I will
automate the "allowed" list of users. It is not a real pressing need at the
moment for me though.
FYI, I have made some rather extensive modifications to Len's scripts, along
with tweaking the reporting tools as well. Here is a snapshot of today's
traffic on the primary IMGate box. My log rolls-over at 6:30 a.m., so this
is only about 13 hours or so worth of results. Below is a brief description
of some of the more difficult to understand filters.
1 ACL 57 PUMP AND DUMP STOCK OFFER
1 SMTP unauthorized pipelining
1 SMTP Exceeded Hard Error Limit after END-OF-MESSAGE
1 ACL 92 OBFUSCATED WORD IN SUBJECT
1 ACL SAV: new verification in progress
1 SMTP Exceeded Hard Error Limit after MAIL
2 ACL 52 SPAMMER MAILING ADDRESS IN BODY
2 RBL dnsbl.ahbl.org
2 RBL blackhole.securitysage.com
2 ACL 96 SPAM PHRASE IN SUBJECT
3 SMTP invalid [EMAIL PROTECTED]
3 ACL to_local_recipients unknown recipient
3 ACL 91 BLACKLISTED FROM ADDRESS
3 ACL 50 SPAM PHRASE IN BODY
5 ACL 51 SPAMHAUS NAME IN BODY
5 RBL block.rhs.mailpolice.com
6 RBL list.dsbl.org
6 RBL psbl.surriel.com
7 ACL 85 MASS MAILER SPAMWARE
8 ACL header checks
9 RBL bl.spamcop.net
12 ACL 89 SPAMHAUS NETWORK (Headers)
13 RBL all.rbl.kropka.net
14 ACL to_relay_recipients unknown recipient
19 ACL unauthorized relay
21 RBL rhsbl.ahbl.org
22 RBL combined.njabl.org
26 ACL SAV: undeliverable sender address
29 ACL from_senders_regexp
35 DNS no A/MX for @sender.domain
40 DNS nxdomain for MTA PTR hostname (forged @sender.domain)
40 ACL SAV: unverifiable sender address
52 RBL dynamic.rhs.mailpolice.com
82 ACL helo_hostnames
92 ACL 55 SPAM DOMAIN IN BODY
106 RBL sbl-xbl.spamhaus.org
307 SMTP Exceeded Hard Error Limit after RCPT
373 SMTP Exceeded Hard Error Limit after DATA
614 ACL RAV: undeliverable recipient address
1221 Other
3190 TOTAL (Does not count legit traffic actually passed through)
OTHER = Almost all of the "other" messages blocked were a result of
Greylisting. By far, the most effective anti-spam tool there is.
ACL RAV: undeliverable recipient address = Dictionary attacks, e-mail sent
to non-existant addresses. The "Anvil" feature of Postfix helps to tarpit
dictionary attacks.
ACL 55 SPAM DOMAIN IN BODY - A list of blacklisted domains that I personally
compile. Can be used in Imail, or converted for use in Postfix. Se
http://www.vantekcommunications.com/spam/ for the list. Updated regularly.
Usually daily.
Most of the rest of the above use standard Postfix scrips, with the addition
of Len's basic IMGate scripts. If you want access to a bunch of more scripts
that will stop even more spam, see Postfix.Org. If you want a great book
that details exactly how to set up Postfix on any Linux/FreeBSD/*Nix box to
act as a gateway for Exchange (works for Imail, too). I'd highly recommend
The Book of Postfix, by Ralf Hilderbrandt and Patrick Koetter. It will even
show you how to automatically update your Postfix/IMGate box, so that it is
updated with all of the legitimate addresses on your sysytem on a regular
basis. By far, the best book I have ever read on Postfix. Easy to read. Lots
of Examples. Very user-friendly. When you throw-in the ability of
AMASVID-NEW, Spamassassin and its endless number of antispam tests, you
should be able to reject far better than 99% of spam with a miniscule number
of false postives. Anything more than .01% is simply unacceptable. My FP
rate should be closer to .001% by the time I am done fine-tuning the
installation.
William Van Hefner
Network Administrator
Vantek Communications, Inc.
e-mail: [EMAIL PROTECTED]
-----Original Message-----
From: Keith Johnson [mailto:[EMAIL PROTECTED] On Behalf
Of Keith Johnson
Sent: Friday, September 16, 2005 7:45 PM
To: [email protected]
Subject: RE: [IMail Forum] User configurable spam filter
William,
Are you purely using Len's ImGate as a virtual domain checker or do
you also check on validating Gateway'd domains? Just wondering how this is
accomplished using Len's ImGate as there are no physical accounts on Imail
for a Gateway domain. Thanks for the aid.
Keith
From: [EMAIL PROTECTED] on behalf of William Van Hefner
Sent: Fri 9/16/2005 1:43 PM
To: [email protected]
Subject: RE: [IMail Forum] User configurable spam filter
It should be easy enough to set this up using Imail's rules (ver. 8.05+)
without the need of Declude. Exactly what your filtering parameters are for
identifying spam will dictate what rules you would be using. I concur with
the other poster though. Few people ever check spam folders. However, I do
not agree that sending all of the (tagged) spam through is the best way to
deal with things, either. That is a tremendous waste of bandwidth,
processing power, disk space, etc., and it just encourages spammers to send
more e-mail, since they (rightfully?) assume that such mail is actually
being delivered.
Personally, I would recommend setting something up like Len's Imgate in
front of your Imail box, and tie that in to your existing rules, along with
something like Spamassassin to REJECT mail that is obviously spam. Using a
web interface like Maya Mailguard will allow per user and per domain
blacklisting, whitelisting, antivirus control and the setting of individual
levels of spam filtration. You can flat-out reject high-scoring spam (the
infrequent legit sender gets a bounce message explaining why their message
was not delivered) and tag moderate-scoring spam on the Subject: line. SA
will run a variety of tests, including RBLs, RHSBLs, heuristics, Razor,
Pyzor, custom filters you create or can download off of the net, Bayesian
filtering, and a ton more. Len's basic scripts will at least block the stuff
that is so ridiculous as to not even be considered for delivery (spammers
that forge your IP address in the HELLO should never be allowed to send you
mail, and you will get hundreds of those a day).
Imail does some nice stuff, but I am starting to look at it more and more as
a POP3 and final destination server, rather than something I would use alone
to fight spam. If nothing else, why subject your main mail server to
dictionary attacks, viruses, DOS attacks, port scans, or have to expend its
CPU on chewing through an increasing number of rules, or store a bunch of
spam that no one really wants to see? Any old *nix box (or two) will improve
your server's performance markedly, and shave as much as 50% off of your
bandwidth costs. The cost is cheap. The software is free. It works
significantly better and is way more stable. You will need to get your
"hands dirty" an learn a little about Linux/FreeBSD and Postfix, but not
much. It's certainly been worth it to me.
William Van Hefner
Network Administrator
Vantek Communications, Inc.
e-mail: [EMAIL PROTECTED]
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Mike Odryna
> Sent: Friday, September 16, 2005 6:50 AM
> To: [email protected]
> Subject: [IMail Forum] User configurable spam filter
>
>
> I was looking through the archives for a solution where as
> SPAM is sent to the SPAM folder in the users account. The
> user then can periodically check that folder for false
> positives and have the ability to mark the mail as good or
> bad which ever the case may be.
>
> It was stated that Declude has this functionality already
> built in. Can someone confirm that? And it does, can you
> post some screen shots on how it looks when setup.
>
> Thanks in advance.
>
> Mike Odryna
> Owner
> LakeSpeed.Com
> http://www.lakespeed.com
> (603)635-8700
>
>
>
> To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
> List Archive:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
>
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
