Jump to content
Sign in to follow this  
HapplessUser

Small time sysadmin could use some help blocking spam

Recommended Posts

I'm using Ubuntu 12.04 LTS with postfix and amavis and have had so much spam over the past year that I've taken to blocking many many ip addresses manually. I've got several RBLs in play as well, but my smtpd_client_restrictions / check_client_access file is currently ~4500 lines and growing. Whenever I get snowshoe spam from the same hosting co a few times, I end up blocking their whole range of ip addresses. I'm also using header_checks and body_checks to feed my ip address list before certain spam gets through.

What I'm wondering is...am I the only one who feels like this is becoming a part time job? We've got fewere than 20 users and I easily spend an hour or more every day dealing with reporting spam that gets through the rbls and my ip blacklist. Is there a tutorial anywhere for tuning amavis, spamassassin and postfix to do a better job in a more automated way?

Also, a postfix question: When one of my header_checks or body_checks rules is matched, the mail is rejected, but upon testing I've discovered that the sender receives a clue as to what triggered the rejection: After the text following the "REJECT" is displayed in the bounce, on a new line, "[bODY]" is displayed if the rule matched was a body_check or "[HEADER]" if the rule was a header_check. Anyone know if there's a way to turn that off? I don't want to give the spammers any info about how we're blocking their never ending flood.

Share this post


Link to post
Share on other sites

Actually never mind the last question. Apparently regardless of whether a header_checks or body_checks rule is matched "[bODY]" seems to show up in the failure message.

Share this post


Link to post
Share on other sites

This may be an odd question but are your users addresses published or easily accessible on the web?

If your users aren't sitting targets it may be worth using obscure addresses, if I get too much spam to a mailbox I inform the associated address book entries of a new address and shut the mailbox down.

if they are sitting targets then maybe whitelisting on the basis of signing up on a webform before you will accept email from an unknown address, you could preload it from your users current address books and also collect from outgoing mail.

Share this post


Link to post
Share on other sites

Actually never mind the last question. Apparently regardless of whether a header_checks or body_checks rule is matched "[bODY]" seems to show up in the failure message.

Depends how small you are but Gmail offer to collect your domain name email

They so-far, accurately sort spam from HAM

Worth checking out IMO

One of many "How to" links around

http://www.coffeecup.com/help/articles/set-up-gmail-for-your-own-domain/

Share this post


Link to post
Share on other sites

I've heard good things about using Anti-spam SMTP Proxy (ASSP) to filter/block. I have a VPS with cPanel and my rbls + SpamAssassin just aren't doing the trick any more, so I'm looking at a third party who installs ASSP Deluxe onto cPanel/WHM setups to make my life easier. Here's the Wiki page on ASSP:

http://en.wikipedia.org/wiki/Anti-Spam_SMTP_Proxy

and the sourceforge link:

http://sourceforge.net/projects/assp/

DT

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×