I am running a Ubuntu mail server with Postfix, Courier, and Squirrel Mail. I have Postfix setup with Postgrey, Spamassassin, and a couple of RBLs.

My problem is spam. I get 100 spam messages an hour to just my account alone. Postgrey and Spamassassin drop thousands an hour but I still get hammered with junk that makes it through the filtering.

Is there a way to reject all but white-listed mail for a single user? I would like to have the system drop all mail to my account unless the sending domain (or account) is white-listed in a access control list.

The spam I'm getting comes from random domains 3 at a time. There will be three from blahblah@gmail.com and then three from xxx@standardfuel.com and then three from yada@yahoo.com. when I look down the list I have several of the same emails from different senders.

I tried blocking the senders but since I only get three emails and then it starts using another account the blocking became a task unto itself.

When I google for an answer I find that most of the answers are rather old. I'm hoping you guys can help me out.

Suggestions?

Thanks,
Tony T

Filtering on sender email address is unreliable. Are you seeing a pool of IP addresses as sources? Are you seeing consistent string patterns in the spam itself?

You're correct... filtering on sender is unreliable. The email "From" address with be something like "Dr Oz Diet" but it's actually from some random address that changes every third email.

I'm not seeing any consistent ip addresses. Everything is very random.

I send all my mail through a set of checks before they get processed. I check and reject for invalid_hostname, non_fqdn, unknown_sender_domain, unauth_pipelining, unauth_destination and stuff like that. The I process it through Postgrey, Spamassassin and Amavis. Then it hits my RBL list:
reject_rbl_client multi.uribl.com,
reject_rbl_client dsn.rfc-ignorant.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client combined.rbl.msrbl.net,

After it's passed all those checks I accept the mail.

If I could find a way I feel like it's better to just reject all mail that is not specifically white-listed per user. Not all of my users have this problem.

I wish I could find a way to handle it like I do the RBL checks. When the mail hits the server it looks to see who the mail is destined for then looks in a white-list ACL and if the sending domain is not listed drop it in a black hole or append the sending domain to a text file that can be checked periodically. Effectively all mail to a specific user would be rejected except known good addresses in the ACL.

Thanks,
Tony

Add????

reject_rbl_client b.barracudacentral.org,
reject_rbl_client zen.spamhaus.org



You can also try to tarpit (google: postfix tarpit) the SMTP connections to slow down the flow, many spam engines seem to give up when they are tarpitted..

You can also look into fail2ban to use some connection throttling (if there was more consistency to IP)

I already use Fail2Ban. The tarpit looks a lot like what Postgrey is doing. I'll add the 2 RBLs you suggested and see if that helps. I'd still like to find a way to white-list by user.

Thedaver,
Those two RBLs have helped considerably. The volume of spam has been reduced to about a third of what it was.... thanks!

I'm still looking for a solution that will allow me to ban all except what I have white-listed.

Thanks,
Tony

I'm still looking for a solution. Ideas anyone???

Tony

to white list I used a sender_access file i created under my postfix folder.

create sender_access

use this format:
myfriend@example.com OK

ensure under smtpd_recipient_restrictions you have an entry for check_sender_access hash:/location/of/sender_access (mine is /etc/postfix/sender_access

then run sudo postmap sender_access and it will create a sender_access.db file. Anyone I have in this file is delivered immediately, no greylisting (which i just turned off)

Hope that might help you some.

Thanks... I use the same method to white and blacklist on my server. I wrote a little script called "addblacklist" and "addwhitelist" that automatically adds the correct entry in the sender_access file then it runs postmap on the file. One command addblacklist person@baddoamin.com does it all.... it's pretty neat.

Thanks for your reply,
Tony