Josel Joaquin wrote:
Thanks Ken,Yes, also have Spamassassin. Problem is the other day a lot of spam where getting through and queued messages reach as high as 20K on our server. Normally, queued messages on our server averages 100 and below. We also do have the auto-update of rules in spamassassin, getting updates every other day from rulesemporium.com <http://rulesemporium.com>. Please see attached local.cf <http://local.cf> config on our server.Thanks again,On 12/18/06, * Kenneth P. Oncinian* <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Josel, How much is "a lot"? Because imho, spam these days are becoming smarter and smarter. In my simple spamassassin setup which is just using auto-update sare rules, approximately 15K to 20K of spam mails are already being dropped on a monthly basis, although imho it's already a decent number, but still a lot of spam are getting through (using the animated gif technique). My point here is, you have to first monitor your anti-spam solution to have an idea on the ratio of it's effectiveness. And also, you are using postix's native anti-UCE technique, are you also using 3rd party solution like spamassassin or dspam? hth, Kenneth - -- PGP Public Key: http://m.1asphost.com/koncinian/koncinian.gnupg.key Josel Joaquin wrote: > > Kindly see below the Anti-UCE config in my Postfix main.cf <http://main.cf> > <http://main.cf> config settings, it is blocking some emails but > unfortunately lots of spam are getting through. Is there a way to make > it more effective? Thanks. > > smtpd_sender_restrictions = > check_sender_access hash:/etc/postfix/access, > permit_mynetworks, > reject_rhsbl_sender rhsbl.sorbs.net <http://rhsbl.sorbs.net> <http://rhsbl.sorbs.net>, > reject_rhsbl_sender sbl-xbl.spamhaus.org <http://sbl-xbl.spamhaus.org> > <http://sbl-xbl.spamhaus.org>, > reject_rhsbl_sender blackhole.securitysage.com <http://blackhole.securitysage.com> > <http://blackhole.securitysage.com>, > reject_maps_rbl > reject_non_fqdn_sender, > reject_unknown_sender_domain, > reject_rhsbl_sender dsn.rfc-ignorant.org <http://dsn.rfc-ignorant.org> > <http://dsn.rfc-ignorant.org>, > permit > smtpd_recipient_restrictions = > reject_unlisted_recipient > check_client_access hash:/etc/postfix/access > permit_mynetworks > permit_mx_backup > reject_rhsbl_client block.blars.org <http://block.blars.org> <http://block.blars.org>, > reject_rhsbl_sender blackhole.securitysage.com <http://blackhole.securitysage.com> > < http://blackhole.securitysage.com>, > reject_maps_rbl > reject_unauth_destination > check_sender_access hash:/etc/postfix/sender_access > check_policy_service unix:private/policy
http://jimsun.linxnet.com/misc/postfix-anti-UCE.txtThis link have been a great help. RBL checks are used as the very last resort as they are pretty expensive than local lookups. Another thing I noticed is that you're doing MX backup. How many domains are you receiving mail for? You will have to implement a lookup table to only receive mails for valid recipients. I know that this is a lot of work if you have lots of domains. But this is one of the best anti-spam method, it cuts down nearly 3/4 of of spam coming into the mailbox.
http://archives.neohapsis.com/archives/postfix/2004-07/0926.html Suggestions: 1. create a spamtrap address2. create a script to blacklist ips that frequently attempt to send mail to invalid invalid recipients. (bash scripting can be used for this)
3. create a script to temporarily blacklist ips that sends detected spam. -- Peter Santiago [EMAIL PROTECTED] My website: www.psinergybbs.com My spamtrap address: [EMAIL PROTECTED]
smime.p7s
Description: S/MIME Cryptographic Signature
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
