Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Im in the process of setting up a SMTP server for a few of my domains and obviously trying to reduce the current huge amount of spam im getting through.
As well as running Spam Assassin i've put a lot of restrictions on the actual Postfix SMTP end along with greylisting.
Its had a big effect in reducing the spam getting into the network (and after SA just about 0% gets through untagged) but im a little nervous i may have gone too far and possibly harm normal mail.
As far as i can tell all the restrictions i've added comply with RFC guidelines for what a MX should have but wondering if someone can just confirm that or suggest extras to add ?
Im using Postfix & Postgrey and my config currently reads like:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
# reject_unknown_client_hostname, <-- i have seen one incidence of a genuine mail being rejected by this
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client combined.njabl.org
check_policy_service inet:127.0.0.1:60000, <--- This is postgrey
reject_non_fqdn_recipient,
reject_non_fqdn_hostname,
reject_unauth_destination,
reject_invalid_hostname
Are any of the lines in there likely to accidentally exclude a perfectly compliant mail server or alternatively, is there anything else i can add to help reduce spam whilst preserving genuine mails?
Would it help at all altering the order of those tests around?
The rbl lists are a great way to reject a ton of spam. You may also want to look into rejecting all SMTP traffic from dynamic addresses.
In terms of rejecting good email, that is entirely possible. One of the problems with a configuration such as yours is that there is no middle ground for messages that might be ok, you are outright rejecting them. The way I have my spamassassin set is not to reject but to simply label possible spam. All of my potential spam mail gets :SPAM: added to the beginning of the subject, and I have all the clients using my server dumping anything with that subject to a special folder. That way, nothing is turned away. If somebody expects a message, and it doesn't turn up in their inbox, odds are very good it is in the spam folder. The only way I can see around the problem you might encounter is to whitelist every domain that you expect mail from. That will become a huge job. Also, many businesses have several domains, like company.com, company.net, and almostthesamecompany.com.
Forgot to add SA here just tags and filters into a users "Spam" folder - it doesn't outright delete. My main worry was the SMTP server itself rejecting mail from genuine MXs. With just the SBLs and greylisting i get near 15x the amount of spam through than with the above setup and its still not great for the end user to get 100+ spam tagged mails per day to verify.
Yeah, just tagging :SPAM: is much safer than auto-rejecting. The idea with the spam folder is that the users don't have to sort through it. The only reason they have to go into it is if they don't receive a message they are expecting it. When that happens, there should be some mechanism for the user to whitelist the domain it is sent from. If nothing is auto-rejected, nothing is lost. Realistically, you aren't going to get an unexpected email of any importance.
I've been using spamassassin for 2+ years, and it is good with greater than 99% of its tags. Receiving about 50,000 messages in any given day, I've seen less than 10 mislabeled messages. That is 10 out of probably 40,000,000 messages.
I've had a similar rate in 5 years+ or so of Spam assassin admittedly in a home/small domains environment, i can think of exactly 2 messages that got misflagged so it does work very well. The problem for me is twofold - tagging spam (which is excellent) or trying to reduce the overall amount of traffic by preventing dodgy clients connecting and getting a message past smtp in the first place.
Still undecided as to the balance to strike between the 2 though. RBL and greylisting seems to work fairly well, unsure just how effective my other settings are as yet though.
Finding out about 50% of all spam was directly attacking my backup MX helped (hence changed from isp managed to my own with greylist/rbl).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.