[lug] Lots o' email bounces
Ben
bluey at iguanaworks.net
Thu Jun 26 10:04:47 MDT 2008
I find its best to reject as much spam as possible at the mail server
before filtering / spam assassin, etc. If its a legit sender, they will
get a bounce and know the e-mail didn't get through (as opposed to
having it sit in an SPAM folder). And this keeps spam-assassin from
getting flooded.I'm using Spamhaus (and spamcop) SBL lists and I find it
works great. I haven't caught a false-positive off it yet. All of my
false-positives come from a random company sending e-mails from a
machine with an IP that doesn't resolve to DNS (in violation of some
e-mail standard, I believe) or rarely someone sending with an invalid
HELO name (localhost being my favorite).
I use postfix and these rules:
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
check_helo_access hash:/etc/postfix/helo_access,
reject_non_fqdn_hostname,
reject_invalid_hostname,
permit
##reject anyone without a valid helo hostname. Must be full qualified
and not me (helo_access file)
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/sender_access
reject_non_fqdn_sender
permit_mynetworks
permit_sasl_authenticated
reject_rbl_client zen.spamhaus.org
reject_rbl_client bl.spamcop.net
reject_unknown_reverse_client_hostname
##sender_access is for whitelisting / blacklisting a few senders
#check against spamhaus and spamcop as a known spammer.
#make sure the connecting IP address has a dns resolution.
smtpd_recipient_restrictions =
permit_mynetworks
reject_non_fqdn_recipient
reject_unauth_destination
check_recipient_access hash:/etc/postfix/access
#access file stops e-mails coming in to proxy@ or postfix@ ,etc all
these internal "users" who shouldn't get e-mail.
I get a daily e-mail listing all the blocked e-mail so I can look for
false-positives. Of 10 e-mails that come in, ~6 get rejected, 4 come
through. I believe this ratio used to be higher, but my incoming spam
has gone down since I implemented this -- maybe some spammers got tired
of the constant rejects on the sends?
Ben
Ben Whaley wrote:
> Dave,
>
> Are you using the Spamhaus SBL/XBL lists? These are helping me block
> up to 75% of incoming mail before spamassassin even processes it,
> saving loads of CPU.
>
> - Ben
>
> On Wed, Jun 25, 2008 at 12:36 PM, Dave Pitts <dpitts at cozx.com
> <mailto:dpitts at cozx.com>> wrote:
>
> Hello:
>
> It seems that we have a new scourge, I'm getting hundreds of
> apparent bounced email messages. It seems that the spammers send
> stuff to the recipient systems with a forged return address that
> points to my system. I catch most of the stuff with Spamassassin;
> but it chews up so much CPU it is almost a denial of service
> attack. Has anyone else seen these types of errors? How do we get
> rid of this crap? I'm running CentOS 5 using the default sendmail
> and Spamassassin.
>
> Thanks.
>
> --
> Dave Pitts PULLMAN: Travel and sleep in safety and
> comfort.
> dpitts at cozx.com <mailto:dpitts at cozx.com> My other RV IS a
> Pullman (Colorado Pine).
> http://www.cozx.com
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us <http://lug.boulder.co.us>
> port=6667 channel=#colug
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
More information about the LUG
mailing list