LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 12-28-2007, 03:58 PM   #1
gnirtS
LQ Newbie
 
Registered: Jan 2005
Distribution: Debian (usually testing)
Posts: 26

Rep: Reputation: 15
SMTP Spam reduction restrictions


Im in the process of setting up a SMTP server for a few of my domains and obviously trying to reduce the current huge amount of spam im getting through.

As well as running Spam Assassin i've put a lot of restrictions on the actual Postfix SMTP end along with greylisting.
Its had a big effect in reducing the spam getting into the network (and after SA just about 0% gets through untagged) but im a little nervous i may have gone too far and possibly harm normal mail.

As far as i can tell all the restrictions i've added comply with RFC guidelines for what a MX should have but wondering if someone can just confirm that or suggest extras to add ?

Im using Postfix & Postgrey and my config currently reads like:

Quote:
smtpd_sender_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unauth_pipelining

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
# reject_unknown_client_hostname, <-- i have seen one incidence of a genuine mail being rejected by this
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client list.dsbl.org,

reject_rbl_client combined.njabl.org
check_policy_service inet:127.0.0.1:60000, <--- This is postgrey
reject_non_fqdn_recipient,
reject_non_fqdn_hostname,
reject_unauth_destination,
reject_invalid_hostname
Are any of the lines in there likely to accidentally exclude a perfectly compliant mail server or alternatively, is there anything else i can add to help reduce spam whilst preserving genuine mails?

Would it help at all altering the order of those tests around?

Last edited by gnirtS; 12-28-2007 at 04:01 PM.
 
Old 12-28-2007, 04:41 PM   #2
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 49
The rbl lists are a great way to reject a ton of spam. You may also want to look into rejecting all SMTP traffic from dynamic addresses.

In terms of rejecting good email, that is entirely possible. One of the problems with a configuration such as yours is that there is no middle ground for messages that might be ok, you are outright rejecting them. The way I have my spamassassin set is not to reject but to simply label possible spam. All of my potential spam mail gets :SPAM: added to the beginning of the subject, and I have all the clients using my server dumping anything with that subject to a special folder. That way, nothing is turned away. If somebody expects a message, and it doesn't turn up in their inbox, odds are very good it is in the spam folder. The only way I can see around the problem you might encounter is to whitelist every domain that you expect mail from. That will become a huge job. Also, many businesses have several domains, like company.com, company.net, and almostthesamecompany.com.

Peace,
JimBass
 
Old 12-28-2007, 08:03 PM   #3
gnirtS
LQ Newbie
 
Registered: Jan 2005
Distribution: Debian (usually testing)
Posts: 26

Original Poster
Rep: Reputation: 15
Forgot to add SA here just tags and filters into a users "Spam" folder - it doesn't outright delete. My main worry was the SMTP server itself rejecting mail from genuine MXs. With just the SBLs and greylisting i get near 15x the amount of spam through than with the above setup and its still not great for the end user to get 100+ spam tagged mails per day to verify.
 
Old 12-28-2007, 11:18 PM   #4
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 49
Yeah, just tagging :SPAM: is much safer than auto-rejecting. The idea with the spam folder is that the users don't have to sort through it. The only reason they have to go into it is if they don't receive a message they are expecting it. When that happens, there should be some mechanism for the user to whitelist the domain it is sent from. If nothing is auto-rejected, nothing is lost. Realistically, you aren't going to get an unexpected email of any importance.

I've been using spamassassin for 2+ years, and it is good with greater than 99% of its tags. Receiving about 50,000 messages in any given day, I've seen less than 10 mislabeled messages. That is 10 out of probably 40,000,000 messages.

Peace,
JimBass
 
Old 12-28-2007, 11:23 PM   #5
gnirtS
LQ Newbie
 
Registered: Jan 2005
Distribution: Debian (usually testing)
Posts: 26

Original Poster
Rep: Reputation: 15
I've had a similar rate in 5 years+ or so of Spam assassin admittedly in a home/small domains environment, i can think of exactly 2 messages that got misflagged so it does work very well. The problem for me is twofold - tagging spam (which is excellent) or trying to reduce the overall amount of traffic by preventing dodgy clients connecting and getting a message past smtp in the first place.
Still undecided as to the balance to strike between the 2 though. RBL and greylisting seems to work fairly well, unsure just how effective my other settings are as yet though.
Finding out about 50% of all spam was directly attacking my backup MX helped (hence changed from isp managed to my own with greylist/rbl).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: 6 Simple & Safe Postfix Changes for Over 95% Spam Reduction LXer Syndicated Linux News 0 11-19-2007 10:11 AM
POP SMTP Virus and Spam detection firewall netguy2000 Fedora 1 08-25-2007 02:09 PM
POP SMTP Virus and Spam detection firewall netguy2000 Linux - Server 3 08-25-2007 11:18 AM
spam & smtp Ammad Linux - Networking 3 11-15-2006 09:43 PM
SMTP proxy for spam filtering todesengel Linux - Software 2 09-10-2003 11:05 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 10:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration