Slashdot Mirror

← Back to Stories (view on slashdot.org)

How To Fight Spam Using Your Postfix Configuration

Posted by ryuzaki0 on from the not-welcome-here dept.

hausmasta writes, "In this guide you will learn how to tweak your virtual Postfix setup to better combat spam by stopping the mail before it hits SpamAssasin, using RBL (Realtime Blacklists) and RHBL (slightly different), greylistings, and Helo Checks." A clear, step-by-step guide to a complex subject.

8 of 158 comments (clear)

  1. Yeah, but... by cp.tar · · Score: 3, Insightful

    ... aren't blacklists still a bit... tricky?

    --
    Ignore this signature. By order.
  2. Re:RBLs and not getting your mail by Philosinfinity · · Score: 4, Insightful
    If you're running the mail servers for a business, how prudent is it to run a spam filter in the first place? While using something that relies on checking the content of the mail may be useful in getting rid of the most egregious spam, you don't want to block all items identified as spam. You can't run the risk of blocking your customers.
    The firm that I work for gets something like 160,000 emails from external sources a day. Roughly 10% of these are legitimate. How prudent is it to force users to sift through 90% crap in order to get to the legitimate 10%. Currently, we use Postini as our primary MX host. They forward legitimate messages directly to our Exchange server, filter out 100% guaranteed spam, and drop the remainder into a quarantine that we check every few hours. Basically, all I am getting at is that spam filtering is necessary for enterprise environments and that there are actually some good tools to acheive it.
  3. Re:RBLs and not getting your mail by Ed+Avis · · Score: 3, Insightful
    A good way to do it is to always send a rejection back to the sender with a reason why.
    Um, and the 'sender' is who exactly? Please don't tell me you're using the From: address...
    --
    -- Ed Avis ed@membled.com
  4. Re:Hard Filter by RBL -- A NoNo by repetty · · Score: 3, Insightful

    >> * Collateral damage. A shared server with 1000 users and
    >> 2000 domains might turn up in an RBL because one of those
    >> users had an inscecure formmail running a night long. And
    >> even after removal by the sysadmins in the morning, 1499
    >> users can't mail you the next 18 hours.

    Good point. On the other hand, I don't fucking care. I don't hear anyone knocking on my door, offering to help me filter out my spam. RBL's work GREAT on a tough problem, which is why they haven't gone away.

    And the collateral damage? If a user/subscriber abuses a service then the service provider SHOULD be held accountable and those other 1499 users are better off elsewhere.

    --Richard

  5. greylisting not all that useful. by nblender · · Score: 4, Insightful
    To all you greylisters, I don't know what part of the interweb you're from but when I survey my spam, I find that great tracts of it come from zombies via their ISP's mail server which means greylisting is no longer effective. It was effective last year but I think you folks missed the boat. I moderate a mailing list for a popular open source operating system project that uses greylisting and I still get about 100 spam per day as owner-listname...

    Spammers are having their zombies dig through the windows configurations to find the owners email relay and using that to send their spam. It's not that difficult and combats greylisting.

    1. Re:greylisting not all that useful. by Just+Some+Guy · · Score: 3, Insightful
      Spammers are having their zombies dig through the windows configurations to find the owners email relay and using that to send their spam.

      In other words, greylisting makes zombies relay spam through their ISP, forcing said ISPs to deal with the problem to keep their mailserver from being both overwhelmed and added to every DNS RBL in existence. In what possible way is this not a Good Thing?

      --
      Dewey, what part of this looks like authorities should be involved?
  6. Re:Hard Filter by RBL -- A NoNo by wayne · · Score: 3, Insightful
    * Spurious criterions for getting listed. Like "unsolicited bounces" or "sent mail to secret spamtrap"

    Neither sending bounces to forged email addresses (backscatter) nor sending email to spam traps is a "spurious criteria" for getting listed. If you are doing either of these, you are part of the spam problem and you deserver to have your email blocked.

    Configure your mail server to reject *during* the SMTP session, or only send bounces after the fact if the email passes something like SPF. Using SPF's "best guess" default record of "v=spf1 a mx ptr" when there isn't an SPF record may by safe, but you are still risking sending backscatter to innocent people. Domainkeys and DKIM validate the From: header, which isn't where you should send bounces to, so it can only be used when the Envelope-From and the From: header match. Really, the easiest thing to do is just to always reject during the SMTP session and not accept-then-bounce.

    --
    SPF support for most open source mail servers can be found at libspf2.
  7. Re:Hard Filter by RBL -- A NoNo by iangoldby · · Score: 3, Insightful

    I agree that ISPs should to some extent be held accountable, but to hold them 100% accountable ignores the fact that it is virtually impossible to pre-emptively stop all forms of email abuse.

    For example, SORBS have a policy that they will blacklist a server if they receive three or more emails to their spam trap addresses. These addresses are kept secret, so the ISP can't know what these spam trap addresses are. Suppose a malicious client of the ISP discovers (or guesses) one or more of these spam trap addresses. He can then send just three emails, the contents of which need not be 'spammy' in the least. The ISP's server will then be blacklisted for at least 48 hours, but usually much longer. An ISP has absolutely no defence against this kind of thing.

    You could easily think of other examples where the ISP has no possible way to recognise that malicious email is being sent until after it has gone out of the door.

    But the real issue is that the people who suffer are the other customers. They are completely disempowered, because they will just be ignored if they contact the RBL operator (since they are not the administrator of the blacklisted server). They could in principle find another ISP, but that is usually an unacceptable solution due to the disruption involved. If they don't have their own domain, they lose their email address, which means they will continue to lose emails. They can't win.

    ISPs should be fighting against spam, but not with RBLs. The only time it is justified to use an RBL as a single criterion for rejecting email is when the administrator of the filter is also the only consumer of the filtered email. (Or perhaps if you have the explicit approval of all consumers that missing some non-spam emails is acceptable.)