Re: postfix and spam, I am impressed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 03/13/2012 07:02 AM, m.roth@xxxxxxxxx wrote:
> Ross Walker wrote:
>> On Mar 12, 2012, at 5:25 PM, m.roth@xxxxxxxxx wrote:
>>
>>> Here's a question: is there any way to inspect an email's headers, and
>>> reject it if the alleged FWDN in the From:" doesn't match the oldest
>>> "Received: "?
>> That would be problematic with dual homed mail gateways that received on
>> internal interface and delivered on external interface that had different
>> host names on each.
>>
> I'm just trying to think of ways around a blacklist... *esp* the way
> dnsorb does, where they'll blacklist an entire block that belongs to a
> hosting provider, who provides one external delivery address.
>
>        mark "why, yes, that has happened to me several times"
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos

Ok, so it wouldn't work to just use the oldest received, but a smarter
inspection could check to see weather it actually passed through a
server owned by the claimed domain.  The reality is that what is need is
to input this into a scoring system weighted with other spam evaluation
mechanisms, something like spamassassin.  The downside of spamassasin is
that it is costly to run and must be run after the message is accepted
by the smtp server.

There already exist so many different spam control methods, many of them
can run at the smtp level and reject mail prior to accepting.  I get
pretty decent rejection from greylisting.  Postscreen is supposed to be
quite good for detecting any kind of bot attacks.  I'm currently using
other techniques for bot attacks, but plan on switching to postscreen.

I also run fail2ban and block IP addresses when I get repeated smtp
errors from an IP, this substantially reduces any kind of bulk spam
attack which attempts to guess valid mail recipients.

I would look at the milter that Les mentioned.  I haven't had a a chance
yet.

Nataraj

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux