HapplessUser Posted November 5, 2014 Share Posted November 5, 2014 I'm using Ubuntu 12.04 LTS with postfix and amavis and have had so much spam over the past year that I've taken to blocking many many ip addresses manually. I've got several RBLs in play as well, but my smtpd_client_restrictions / check_client_access file is currently ~4500 lines and growing. Whenever I get snowshoe spam from the same hosting co a few times, I end up blocking their whole range of ip addresses. I'm also using header_checks and body_checks to feed my ip address list before certain spam gets through. What I'm wondering is...am I the only one who feels like this is becoming a part time job? We've got fewere than 20 users and I easily spend an hour or more every day dealing with reporting spam that gets through the rbls and my ip blacklist. Is there a tutorial anywhere for tuning amavis, spamassassin and postfix to do a better job in a more automated way? Also, a postfix question: When one of my header_checks or body_checks rules is matched, the mail is rejected, but upon testing I've discovered that the sender receives a clue as to what triggered the rejection: After the text following the "REJECT" is displayed in the bounce, on a new line, "[bODY]" is displayed if the rule matched was a body_check or "[HEADER]" if the rule was a header_check. Anyone know if there's a way to turn that off? I don't want to give the spammers any info about how we're blocking their never ending flood. Link to comment Share on other sites More sharing options...
HapplessUser Posted November 5, 2014 Author Share Posted November 5, 2014 Actually never mind the last question. Apparently regardless of whether a header_checks or body_checks rule is matched "[bODY]" seems to show up in the failure message. Link to comment Share on other sites More sharing options...
spinner Posted November 5, 2014 Share Posted November 5, 2014 This may be an odd question but are your users addresses published or easily accessible on the web? If your users aren't sitting targets it may be worth using obscure addresses, if I get too much spam to a mailbox I inform the associated address book entries of a new address and shut the mailbox down. if they are sitting targets then maybe whitelisting on the basis of signing up on a webform before you will accept email from an unknown address, you could preload it from your users current address books and also collect from outgoing mail. Link to comment Share on other sites More sharing options...
petzl Posted November 6, 2014 Share Posted November 6, 2014 Actually never mind the last question. Apparently regardless of whether a header_checks or body_checks rule is matched "[bODY]" seems to show up in the failure message. Depends how small you are but Gmail offer to collect your domain name email They so-far, accurately sort spam from HAM Worth checking out IMO One of many "How to" links around http://www.coffeecup.com/help/articles/set-up-gmail-for-your-own-domain/ Link to comment Share on other sites More sharing options...
DavidT Posted November 10, 2014 Share Posted November 10, 2014 I've heard good things about using Anti-spam SMTP Proxy (ASSP) to filter/block. I have a VPS with cPanel and my rbls + SpamAssassin just aren't doing the trick any more, so I'm looking at a third party who installs ASSP Deluxe onto cPanel/WHM setups to make my life easier. Here's the Wiki page on ASSP: http://en.wikipedia.org/wiki/Anti-Spam_SMTP_Proxy and the sourceforge link: http://sourceforge.net/projects/assp/ DT Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.