> On Aug 19, 2015, at 4:43 PM, L.P.H. van Belle <[email protected]> wrote: > > >> set postix server to check for rfc complaince and you see a spam drop of >> atleast 90% and
is that this setting strict_rfc821_envelopes = yese >> setup postscreen with it.. 98% less spam I think I’m using post screen maybe not to the full extent but that is where my zen.spamhaus.org setting is >> and in above just check for the helo compliance and not hostname checks, >> that will drop to many ok servers.. Is that in this setting. smtpd_helo_restrictions = reject_non_fqdn_helo_hostname reject_invalid_helo_hostname Thank you, Ben >> >> greetz >> >> Louis >> >> >> >> >> >> >> >>> Op 19 aug. 2015 om 22:23 heeft Alice Wonder <[email protected]> het >>> volgende geschreven: >>> >>> >>> >>>>> On 08/19/2015 01:14 PM, Ben Greenfield wrote: >>>>> >>>>> On Aug 19, 2015, at 4:08 PM, Viktor Dukhovni <[email protected]> >>>>> wrote: >>>>> >>>>> On Wed, Aug 19, 2015 at 04:07:27PM -0400, Ben Greenfield wrote: >>>>> >>>>>>>> /^Received:\b.*\.eu\b REJECT >>>>>>>> >>>>>>>> Is that correct or could someone point out what I'm doing wrong. >>>>>>> >>>>>>> What you're doing wrong deciding that all mail from a .eu domain >>>>>>> should be blocked and trying to block said mail by looking at >>>>>>> Received headers. >>>>>>> >>>>>>> Both the decision and the methodology are wrong. >>>>>> >>>>>> I'm open to suggestions. >>>>> >>>>> First explain the problem, rather than the solution. >>>> >>>> We receive a lot of spam that have very rare top level domains .site, >>>> .link, .website, .eu. >>>> >>>> I have been using the custom header checks which appeared to working for >>>> me until I started trying to reject the .eu mail. I was actually blocking >>>> all mail that had .eu somewhere in the name. >>>> >>>> I decided i needed a regex that would only match patterns at the end of >>>> the url. >>> >>> Do you have a honeypot address? >>> >>> I do that but still manually check them, as soon as I get 3 different >>> spammer IP addresses on same /24 I I block the /24 for two weeks. >>> >>> Are you using any of the dns blacklists? That cut down on my spam >>> tremendously. >>> >
