How To Fight Spam Using Your Postfix Configuration 158
hausmasta writes, "In this guide you will learn how to tweak your virtual Postfix setup to better combat spam by stopping the mail before it hits SpamAssasin, using RBL (Realtime Blacklists) and RHBL (slightly different), greylistings, and Helo Checks." A clear, step-by-step guide to a complex subject.
Re:RBLs and not getting your mail (Score:2, Interesting)
I'll Do It One Better... (Score:2, Interesting)
I not only am I the President, I'm a user.
http://www.freespamfilter.org/ [freespamfilter.org]
Enjoy...I love it...
Greylisting + a bit more (Score:2, Interesting)
Re:RBLs and not getting your mail (Score:4, Interesting)
Monitor the results of your blacklists! (Score:2, Interesting)
So if you do set up RBL rejection, make sure you pay attention to what it's rejecting. Skim through the log file a few times in the week or two after doing it, otherwise you'll never no that it's being rejected.
Re:RBLs and not getting your mail (Score:4, Interesting)
But I don't like it because once you check the boxes, set the sliders and press OK, that's it. Unless you then get into scripting or third party products or any other solutions I can't think of you don't get to customize it any further. In other words, at that point, if you want more, it's just like Unix. I've never worked with any but can't you buy Sendmail or OpenExchange and get a lot of the point and click stuff for free too? And for a lot less then the dragon's horde a small business spends on MS Exchange?
One last thing to mention, we feel the same way as you about losing a customer's mail. So our users don't get anywhere near the spam they used to but the IT Admin that works for me spends anywhere from an hour to two a day checking the spam filter to see what gets tagged. Whitelisting? So far we found a few half ass solutions in forums that for various reasons don't do exactly what we need.
All in all, like most Window's based solutions in my experience, Exchange is easy to set up, hard to customize. We're working on a OpenBSD solution [flakshack.com] as a front end in our spare time. Hopefully we can get it to get the worst of the spam and then set Exchange to be a lot more lax when it gets in... Anything that keeps us from checking the spam filter all day.
Re:Yeah, but... (Score:3, Interesting)
The problem with those black lists is that is quite easy to get in one of those and is near impossible to get out. The number of false positives that those RBL produce is huge, and this means a huge number of people not receiving emails. I had a friend that almost could not get into an international congress because she did not got any replys from the congress email because it's university was in one of those black lists.
I do not advise anyone to use black lists. There are many good ways to get rid of spam that do not have false positives, like gray listing. Check this out [acme.com], this guy has a very good analisys of the problem and the solutions he used.
Re:Yeah, but... (Score:4, Interesting)
http://www.openbsd.org/spamd/ [openbsd.org]
Re:sendmail tweaks (Score:3, Interesting)
The previously-referenced Acme [acme.com] page mentions it.
Re:Yeah, but... (Score:3, Interesting)
The RBL's all have different policies. Some are very explicit & limited, some are personal toys (I recall one that blocked all of MCI/UUnet). I start with the most restrictive, falling through about 4-5 total whose policies seem reasonable. Anything banned gets an email back explaining why and is logged, I pull daily reports with the IP's, RBL, Subject lines, etc from the logs (with a nice summarization header) so I can easily spot check their effectiveness. All client domains are whitelisted by default, most "leads" come in via webforms. Any list that blocks something I want gets scrutinized and removed, thans to the summaries I know RBL #4 is only blocking 150 spams a day anyway, so I can delete it (it might have caught more, but RBL #1 blocks 14k a day before #4 ever gets a shot at it). Another handy trick, use tighter controls on your lower priority servers, real mail almost never goes there, but spammers like to use them because they are less monitored, sometimes poorly configured, and less loaded.
Worked wonders. But implying all RBL's have low false positive rates in irresponsible.
Re:Yeah, but... (Score:3, Interesting)
Oh, we don't care if our email is unreliable, we're BLOCKING SPAM. RBLs are largely counter productive in that regard-- avoid them.
Email reliability essentially *means* that some spam will get through. GET USED TO IT. Do not trade reliability away to be spam free. False positives are unacceptable, PERIOD. If a filtering system is subject to false positives, it's worse than the problem it is trying to solve.
Those who would sacrifice a little email reliability for spam security deserve neither.
Re:Yeah, but... (Score:3, Interesting)
My server is sending out lots of spam but it is not misconfigured or insecure and I don't believe my policies are bad.
I have set up forwarding addresses for some people and some of them are receiving lots of spam. This means that my server is sending out lots of spam and I think it has already been blacklisted by at least one other provider.
The best place to put spam filtering is at the endpoint - that's where the most information is available to make the decision and the end user can intervene and provider feedback to the classifier (e.g. gmail). If I start filtering spam, in the hope of reducing the chances of being blacklisted, I will be doing a disservice for my users.