Yes Peter, currently we have around 30 domains which is hosted on our mail servers. All going thru our SMTP server for virus and spam filtering. How do you do lookups? And spamtraps, do i need separate application for these?
Thank you for your kind support. On 12/18/06, Peter Santiago <[EMAIL PROTECTED]> wrote:
Josel Joaquin wrote: > Thanks Ken, > > Yes, also have Spamassassin. Problem is the other day a lot of spam > where getting through and queued messages reach as high as 20K on our > server. Normally, queued messages on our server averages 100 and > below. We also do have the auto-update > of rules in spamassassin, getting updates every other day from > rulesemporium.com <http://rulesemporium.com>. Please see > attached local.cf <http://local.cf> config on our server. > > Thanks again, > > > On 12/18/06, * Kenneth P. Oncinian* <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Josel, > > How much is "a lot"? > Because imho, spam these days are becoming smarter and smarter. > In my simple spamassassin setup which is just using auto-update sare > rules, approximately 15K to 20K of spam mails are already being > dropped > on a monthly basis, although imho it's already a decent number, but > still a lot of spam are getting through (using the animated gif > technique). > > My point here is, you have to first monitor your anti-spam solution to > have an idea on the ratio of it's effectiveness. And also, you are > using > postix's native anti-UCE technique, are you also using 3rd party > solution like spamassassin or dspam? > > > > hth, > > Kenneth > - -- > PGP Public Key: http://m.1asphost.com/koncinian/koncinian.gnupg.key > > > Josel Joaquin wrote: > > > > Kindly see below the Anti-UCE config in my Postfix main.cf > <http://main.cf> > > <http://main.cf> config settings, it is blocking some emails but > > unfortunately lots of spam are getting through. Is there a way > to make > > it more effective? Thanks. > > > > smtpd_sender_restrictions = > > check_sender_access hash:/etc/postfix/access, > > permit_mynetworks, > > reject_rhsbl_sender rhsbl.sorbs.net > <http://rhsbl.sorbs.net> <http://rhsbl.sorbs.net>, > > reject_rhsbl_sender sbl-xbl.spamhaus.org > <http://sbl-xbl.spamhaus.org> > > <http://sbl-xbl.spamhaus.org>, > > reject_rhsbl_sender blackhole.securitysage.com > <http://blackhole.securitysage.com> > > <http://blackhole.securitysage.com>, > > reject_maps_rbl > > reject_non_fqdn_sender, > > reject_unknown_sender_domain, > > reject_rhsbl_sender dsn.rfc-ignorant.org > <http://dsn.rfc-ignorant.org> > > <http://dsn.rfc-ignorant.org>, > > permit > > smtpd_recipient_restrictions = > > reject_unlisted_recipient > > check_client_access hash:/etc/postfix/access > > permit_mynetworks > > permit_mx_backup > > reject_rhsbl_client block.blars.org > <http://block.blars.org> <http://block.blars.org>, > > reject_rhsbl_sender blackhole.securitysage.com > <http://blackhole.securitysage.com> > > < http://blackhole.securitysage.com>, > > reject_maps_rbl > > reject_unauth_destination > > check_sender_access hash:/etc/postfix/sender_access > > check_policy_service unix:private/policy > http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt This link have been a great help. RBL checks are used as the very last resort as they are pretty expensive than local lookups. Another thing I noticed is that you're doing MX backup. How many domains are you receiving mail for? You will have to implement a lookup table to only receive mails for valid recipients. I know that this is a lot of work if you have lots of domains. But this is one of the best anti-spam method, it cuts down nearly 3/4 of of spam coming into the mailbox. http://archives.neohapsis.com/archives/postfix/2004-07/0926.html Suggestions: 1. create a spamtrap address 2. create a script to blacklist ips that frequently attempt to send mail to invalid invalid recipients. (bash scripting can be used for this) 3. create a script to temporarily blacklist ips that sends detected spam. -- Peter Santiago [EMAIL PROTECTED] My website: www.psinergybbs.com My spamtrap address: [EMAIL PROTECTED] _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
