[Gllug] Re: Asking to be spammed?

[Benjamin Donnachie]

Craig Millar wrote:
> I've been wondering much the same of late. Does the list have any comments on
> dspam?

I've been using dspam for years but recently it has been struggling with
the stock image spam, even with greylisting.  Alhough some people on the
dspam list have reported otherwise.

However, I've slashed the levels of spam on my server by tightening up
the HELO checks and using rbls, and dspam is now doing an excellent job
of mopping up any spam that's left.  (With clamav in the middle eating
phishing emails).

If you're interested, here's the section from my postfix config:

smtpd_recipient_restrictions =
		# If domain doesn't exist refuse.
                reject_unknown_sender_domain,
                reject_unknown_recipient_domain,
		# If doesn't exist on this system refuse.
                reject_unlisted_recipient,
		# Let localhost through.
                permit_mynetworks,
		# Reject badly formed addresses.
                reject_non_fqdn_sender,
                reject_non_fqdn_recipient,
		# Permit if authenticated user.
                permit_sasl_authenticated,
                reject_unauth_destination,
		# Most spam software tries to pipeline, badly.
                reject_unauth_pipelining,
		# Reject bad HELOs.
                reject_invalid_helo_hostname,
                reject_non_fqdn_helo_hostname,
		# Extra paranoia - ensure friend, localhost are rejected
                check_helo_access hash:/etc/postfix/helo_checks,
		# Greylisting.  Some prefer to put if after RBLs.
                check_policy_service
unix:/var/spool/postfix/postgrey/socket,
		# Reject if listed with spamhaus.
                reject_rbl_client sbl-xbl.spamhaus.org,
		# Reject if listed as dul - they can use their ISP.
		# (May move to rblpolicyd with high weight).
                reject_rbl_client dul.dnsbl.sorbs.net,
		# Use rbl policy service.
                check_policy_service
unix:/var/spool/postfix/tmp/rblpolicyd.sock,
		# Only allow access to support email if registered user.
                check_recipient_access hash:/etc/postfix/support_addresses,
		# Permit if survives that lot...
                permit_auth_destination,
		# Just to make it clear...
                reject

I had some false positives until I started using rblpolicyd - it queries
a list of rbls giving each a score and it only rejects if it exceeds a
certain figure.  Much better for more aggressive rbls! :-)

My levels of accepted spam are now back into low single figures per day,
rather than triple figures, so I'm happy! :-)

Take care,

Ben
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug