Re: spam issues
On 2012-01-15 Al Zick wrote: Here is where I am at: I had about 10 of RBLs at one time (including some of the ones you mentioned), but I slowly removed them. What do you do when people that you need to be in contact with everyday are being blocked? I guess that you can use them if you don't mind having an ever growing whitelist. Can they they be weighted somehow? policyd-weight does a weighted check on several RBLs. And even without that you can always add a whitelist before an RBL check. Regards Ansgar Wiechers -- Abstractions save us time working, but they don't save us time learning. --Joel Spolsky
Re: spam issues
On Sun, Jan 15, 2012 at 07:49:49PM -0600, Al Zick wrote: On Jan 13, 2012, at 5:52 PM, /dev/rob0 wrote: On Friday 13 January 2012 16:57:21 Al Zick wrote: On Jan 12, 2012, at 3:57 AM, Egoitz Aurrekoetxea Aurre wrote: Apart from this if you use some trustable RBL, perhaps ^ greylisting and you update Spamassassin rules regularly... you should be pretty fine.. I am not using spamassassin, or greylisting, and I just removed the RBL's because of waay too many false positives. This is absurd. It surely means you chose some overly-aggressive (not trustable) DNSBLs. To say that all DNSBLs cause loss of mail is ridiculous. Why didn't you even consider it worth mentioning what lists you were using I am not trying to start a flame war with anyone. Obviously you understand what effective spam filtering should look like. I do not consider it a flame, but I was annoyed at the implied point of your post, if you use DNSBLs, you are blocking real mail. That is simply not so. Here is where I am at: I had about 10 of RBLs at one time (including some of the ones you mentioned), but I slowly removed them. What do you do when people that you need to be in contact with everyday are being blocked? I guess that you can use them if you don't mind having an ever growing whitelist. Can they they be weighted somehow? I do not whitelist in general. I have in the past, but not at this time. I do use DNSWL.org whitelisting, but I do not think it makes any difference in what gets through. (I have not searched recently, but in the past I have found that nothing in DNSWL.org was also in Zen or BRBL.) As mentioned in part of my message that was trimmed from the quotes, I'm using postscreen, which does indeed have a scoring system. But either Zen or BRBL alone is enough evidence that it's spam. Perhaps you need to focus on the ACTUAL problem. What non-spam were you blocking? Bring those up here on the list, including logs of it being blocked, and we can find a solution. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
Re: spam issues
On 2012-01-15 8:49 PM, Al Zick a...@familysafeinternet.com wrote: Here is where I am at: I had about 10 of RBLs at one time (including some of the ones you mentioned), but I slowly removed them. What do you do when people that you need to be in contact with everyday are being blocked? Don't use the list causing them to be blocked? A has already been pointed out to you, the fact that you were using *TEN* RBLs is prima facie evidence that you really don't know what you are doing with respect to using RBLs (no offense intended, ignorance is not a crime, but failure to acknowledge it can lead to poor results). -- Best regards, Charles
Re: spam issues
On 1/16/2012 7:15 AM, Charles Marcus wrote: On 2012-01-15 8:49 PM, Al Zick a...@familysafeinternet.com wrote: Here is where I am at: I had about 10 of RBLs at one time (including some of the ones you mentioned), but I slowly removed them. What do you do when people that you need to be in contact with everyday are being blocked? Don't use the list causing them to be blocked? A has already been pointed out to you, the fact that you were using *TEN* RBLs is prima facie evidence that you really don't know what you are doing with respect to using RBLs (no offense intended, ignorance is not a crime, but failure to acknowledge it can lead to poor results). Let me throw a caveat in here. There is no threshold of dnsbl count use that marks an admin as competent or not. It depends on the receiver site. I'm sure there are many large receivers who hit at least 10 dnsbl zones, either mirrored on a local rbldnsd server or directly via DNS, with a combination of scoring or outright rejection. Such sites will probably be querying at least: Spamhaus Zen Spamhaus DBL Barracuda Spamcop PSBL UCEPROTECT URIBL SURBL ivmSIP/24 ivmURI We're at 10 already and I'd guess some sites use more, especially if they score them all. No, not all of these are IP based dnsbls as in the case of the OP, but Postfix can be configured to 5xx reject based on hits in any of them, either directly, via policy daemon, or pre-queue content filter. So using 10 dnsbls isn't necessarily a sign, in isolation, of a lack of admin where-with-all. There is other information in this thread that suggests such may be so in this case. -- Stan
Re: spam issues
Hi, On Jan 13, 2012, at 5:52 PM, /dev/rob0 wrote: On Friday 13 January 2012 16:57:21 Al Zick wrote: On Jan 12, 2012, at 3:57 AM, Egoitz Aurrekoetxea Aurre wrote: Apart from this if you use some trustable RBL, perhaps ^ greylisting and you update Spamassassin rules regularly... you should be pretty fine.. I am not using spamassassin, or greylisting, and I just removed the RBL's because of waay too many false positives. This is absurd. It surely means you chose some overly-aggressive (not trustable) DNSBLs. To say that all DNSBLs cause loss of mail is ridiculous. Why didn't you even consider it worth mentioning what lists you were using I am not trying to start a flame war with anyone. Obviously you understand what effective spam filtering should look like. Here is where I am at: I had about 10 of RBLs at one time (including some of the ones you mentioned), but I slowly removed them. What do you do when people that you need to be in contact with everyday are being blocked? I guess that you can use them if you don't mind having an ever growing whitelist. Can they they be weighted somehow? Thanks, Al
Re: spam issues
Al Zick: I am not trying to start a flame war with anyone. Obviously you understand what effective spam filtering should look like. Here is where I am at: I had about 10 of RBLs at one time (including some of the ones you mentioned), but I slowly removed them. What do you do when people that you need to be in contact with everyday are being blocked? I guess that you can use them if you don't mind having an ever growing whitelist. Can they they be weighted somehow? Making a decision based on different attributes is better done with amavisd-new and spamassassin (the Postfix 2.8 postscreen daemon has support for DNSBL/WL weighting, but it does not allow other factors to speak in favor of a specific message). The Postfix features are best used for mail that you definitely don't want to receive. Wietse
Re: spam issues
Hi, On Jan 12, 2012, at 3:57 AM, Egoitz Aurrekoetxea Aurre wrote: On Thu, 12 Jan 2012, Stan Hoeppner wrote: On 1/11/2012 11:15 PM, Al Zick wrote: Hi, For a while we ran Qmail. Qmail would accept all emails regardless, creating a very serious backscatter problem. Of course, switching to Postfix with it configured to only accept emails for our recipients fixed this problem. Qmail can be properly patched for checking a valid rcpt list in a cdb database avoiding this problem. Just as a detail... and yes without breaking smtp-auth. This is something that I didn't know. Maybe I will take a look at the patch, although I am pretty happy with Postfix. Still we seem to be losing the war with spam. I whitelisted any server that has a .forward set to mine. Any email from a server that is whitelisted gets delivered. This is unacceptable, so I started using procmail with some rules so that email from servers that are whitelisted just get delivered without any filtering. Could someone recommend some low resource way of rejecting more spam. I am considering policyd. http://www.postfix.org/docs.html See section UCE/Virus This page is very helpful! I suppose there's no the situation... but if you have a mail scanning machine in front of a mailbox storage machine (where mailboxes are) and the mailbox machine has an smtpd instance accesible from the Internet it should not be accepting unathenticated mail not comming from the mail scanning machine. If I don't whitelist these servers, then if it bounces an email that has been sent because of a .forward, then the server with the .forward tries to redeliver the email for something like 5 days to my server. Is there another solution to this? I don't have control over the other servers that are whitelisted. Apart from this if you use some trustable RBL, perhaps greylisting and you update Spamassassin rules regularly... you should be pretty fine.. I am not using spamassassin, or greylisting, and I just removed the RBL's because of waay too many false positives. Right now most of my filtering is being done with a set of rules for procmail and with bogofilter, although I am considering using policyd and dovecot with sieve plugin. Policyd (or graylisting) should mean more email is rejected (like it should be) and a filtering during dovecot should mean that whitelisted servers still get their email filtered. I would imagine there is a better way, I just don't know it. However, I am open to suggestions. Thanks, Al -- Stan
Re: spam issues
On Friday 13 January 2012 16:57:21 Al Zick wrote: On Jan 12, 2012, at 3:57 AM, Egoitz Aurrekoetxea Aurre wrote: Apart from this if you use some trustable RBL, perhaps ^ greylisting and you update Spamassassin rules regularly... you should be pretty fine.. I am not using spamassassin, or greylisting, and I just removed the RBL's because of waay too many false positives. This is absurd. It surely means you chose some overly-aggressive (not trustable) DNSBLs. To say that all DNSBLs cause loss of mail is ridiculous. Why didn't you even consider it worth mentioning what lists you were using? Yes, if you followed some silly outdated howto written by someone who didn't even understand it way back then, you get what you deserve. For general use, both Spamhaus Zen and Barracuda BRBL are safe and effective. Spam-eating monkey is moving up into that list for me. Always ALWAYS know the policies of any DNSBL you are considering. http://www.postfix.org/postconf.5.html#warn_if_reject is your friend; you can take a DNSBL out for a trial run without risking anything. Right now most of my filtering is being done with a set of rules for procmail and with bogofilter, although I am considering using policyd and dovecot with sieve plugin. Policyd (or graylisting) should mean more email is rejected I do not recommend greylisting now, especially not if using a good DNSBL to catch the bots who retry. Greylisting will still take out quite a lot of the bot spam, but it's far less effective than it was before the ratware pushers adapted to it. All I can say is that I'm doing pretty well with my postscreen. Sometimes we see a few spams 419s from hotmail or gmail, but the direct-to-MX botnets are not getting through very often. (like it should be) and a filtering during dovecot should mean that whitelisted servers still get their email filtered. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
Re: spam issues
On 1/13/2012 4:57 PM, Al Zick wrote: If I don't whitelist these servers, then if it bounces an email that has been sent because of a .forward, then the server with the .forward tries to redeliver the email for something like 5 days to my server. Is there another solution to this? I don't have control over the other servers that are whitelisted. ... I am not using spamassassin, or greylisting, and I just removed the RBL's because of waay too many false positives. Right now most of my filtering is being done with a set of rules for procmail and with bogofilter, although I am considering using policyd and dovecot with sieve plugin. Policyd (or graylisting) should mean more email is rejected (like it should be) and a filtering during dovecot should mean that whitelisted servers still get their email filtered. I would imagine there is a better way, I just don't know it. However, I am open to suggestions. Many more people would probably jump in here with great suggestions if you would actually provide something we can understand. I for one am having severe difficulty comprehending what you're trying to tell us. whitelist these servers -- what servers? then if it bounces -- what bounces? Who is bouncing it? Why? because of a .forward-- why are .forward files on these servers relevant to bounces? You've typed this as if you're having a conversation with someone in the same room, who sees everything you're seeing, and knows everything you know. We're not in the same room and we're certainly not inside your head Al. Please provide us sufficient technical detail so we can help you. -- Stan
Re: spam issues
On Thu, 12 Jan 2012, Stan Hoeppner wrote: On 1/11/2012 11:15 PM, Al Zick wrote: Hi, For a while we ran Qmail. Qmail would accept all emails regardless, creating a very serious backscatter problem. Of course, switching to Postfix with it configured to only accept emails for our recipients fixed this problem. Qmail can be properly patched for checking a valid rcpt list in a cdb database avoiding this problem. Just as a detail... and yes without breaking smtp-auth. Still we seem to be losing the war with spam. I whitelisted any server that has a .forward set to mine. Any email from a server that is whitelisted gets delivered. This is unacceptable, so I started using procmail with some rules so that email from servers that are whitelisted just get delivered without any filtering. Could someone recommend some low resource way of rejecting more spam. I am considering policyd. http://www.postfix.org/docs.html See section UCE/Virus I suppose there's no the situation... but if you have a mail scanning machine in front of a mailbox storage machine (where mailboxes are) and the mailbox machine has an smtpd instance accesible from the Internet it should not be accepting unathenticated mail not comming from the mail scanning machine. Apart from this if you use some trustable RBL, perhaps greylisting and you update Spamassassin rules regularly... you should be pretty fine... -- Stan
spam issues
Hi, For a while we ran Qmail. Qmail would accept all emails regardless, creating a very serious backscatter problem. Of course, switching to Postfix with it configured to only accept emails for our recipients fixed this problem. Still we seem to be losing the war with spam. I whitelisted any server that has a .forward set to mine. Any email from a server that is whitelisted gets delivered. This is unacceptable, so I started using procmail with some rules so that email from servers that are whitelisted just get delivered without any filtering. Could someone recommend some low resource way of rejecting more spam. I am considering policyd. I recently setup dovcot to replace uw-imap. It seems to work fine when I am telneting from localhost, but even though it lets me log in from another system, it will not allow me to download the mail. I can't figure out why, does anyone have any ideas? Thanks, Al
Re: spam issues
Am 12.01.2012 06:15, schrieb Al Zick: Hi, For a while we ran Qmail. Qmail would accept all emails regardless, creating a very serious backscatter problem. Of course, switching to Postfix with it configured to only accept emails for our recipients fixed this problem. Still we seem to be losing the war with spam. I whitelisted any server that has a .forward set to mine. Any email from a server that is whitelisted gets delivered. This is unacceptable, so I started using procmail with some rules so that email from servers that are whitelisted just get delivered without any filtering. Could someone recommend some low resource way of rejecting more spam. I am considering policyd. I recently setup dovcot to replace uw-imap. It seems to work fine when I am telneting from localhost, but even though it lets me log in from another system, it will not allow me to download the mail. I can't figure out why, does anyone have any ideas? Thanks, Al Hi Al, we cannot help you until we dont see your postfix conf logs etc and try to formulate more konkret tec questions also you may cross ask on the dovecot list for dovecot relate questions consider hire somebody to help you ,if you are in a hurry, after all, with the right setup spam should get a to smaller problem in your place -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: spam issues
On 1/11/2012 11:15 PM, Al Zick wrote: Hi, For a while we ran Qmail. Qmail would accept all emails regardless, creating a very serious backscatter problem. Of course, switching to Postfix with it configured to only accept emails for our recipients fixed this problem. Still we seem to be losing the war with spam. I whitelisted any server that has a .forward set to mine. Any email from a server that is whitelisted gets delivered. This is unacceptable, so I started using procmail with some rules so that email from servers that are whitelisted just get delivered without any filtering. Could someone recommend some low resource way of rejecting more spam. I am considering policyd. http://www.postfix.org/docs.html See section UCE/Virus Apparently you missed the discussion Yesterday, Wednesday 12 Jan, of an anti spam tool called fqrdns.pcre. It will stop most bot spam. Postscreen will as well, requires Postfix 2.8+. I recently setup dovcot to replace uw-imap. It seems to work fine when I am telneting from localhost, but even though it lets me log in from another system, it will not allow me to download the mail. I can't figure out why, does anyone have any ideas? You need to inquire on the Dovecot mailing list, this is the Postfix list. -- Stan