From owner-freebsd-questions@FreeBSD.ORG Fri Dec 14 21:44:42 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 46CF616A418 for ; Fri, 14 Dec 2007 21:44:42 +0000 (UTC) (envelope-from prestonh@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.188]) by mx1.freebsd.org (Postfix) with ESMTP id 8B1AB13C4E1 for ; Fri, 14 Dec 2007 21:44:41 +0000 (UTC) (envelope-from prestonh@gmail.com) Received: by nf-out-0910.google.com with SMTP id b2so1163790nfb.33 for ; Fri, 14 Dec 2007 13:44:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=grWq+UJ0VyKe8dMcQPP+tpAt/opYT+NDXlAmR/BBQN4=; b=kdRZx4xlMS4MjvjPVSEylfS5F7QmHQCshkMDs7L9upQK7LfXc31XBAL7ssO3o1dvv0yDfEK1kXxqP3MymlVUteIfCt32YExcYPYK2f8NrT0N8XGgkILDQcwizXC6Xddd8J54kl4ETSg8UF1h6zmxuOnlIBq3G/XQ/n4PzWn5oXo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=SX6eb8qFhSBuShiskv+cbWcHCPnR5/0C/JelBhS61bEgZW7XHXo12FiHgDlx1gKH8rd+rWFOgiEdLRkgc254hMH8ksu3MWf8FUjHw8X9XVqHbcIY6h+5i8EW9YUuT9okuwPPZyuvc9UmnPi3/qIV/UmKbo3fywItvsp5iJ/pU18= Received: by 10.78.200.20 with SMTP id x20mr4919911huf.43.1197667148412; Fri, 14 Dec 2007 13:19:08 -0800 (PST) Received: by 10.78.196.19 with HTTP; Fri, 14 Dec 2007 13:19:08 -0800 (PST) Message-ID: <8f5897560712141319r780ddafo3b64e855ad44d6d1@mail.gmail.com> Date: Fri, 14 Dec 2007 15:19:08 -0600 From: "Preston Hagar" To: "Sten Daniel Soersdal" , freebsd-questions@freebsd.org In-Reply-To: <4761A597.8060901@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <476086E2.5030402@gmail.com> <4760CFC3.7060904@ibctech.ca> <4760D5C8.2010804@monkeybrains.net> <4761A597.8060901@gmail.com> Cc: Subject: Re: (postfix) SPAM filter? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Dec 2007 21:44:42 -0000 > > I have found spam assassin with nightly updates of the helpful (there > > are other people developing new regexs daily). > > > > 48 5 * * * /usr/local/bin/sa-update --channel updates.spamassassin.org > > && /usr/local/etc/rc.d/sa-spamd restart > > > > There are other channels you can subscribe to. > > > > Another super helpful bocker is to block all inbound connections from > > IPs without reverse DNS. Don't forget to virus check your email while > > you are at it -- there are several packages (clamav is one). And > > finally, a couple of RBLs added into the mix are helpful. > > Awesome, i didn't see the subscriptions on their website. > This is exactly what i need. > > -- > Sten Daniel Soersdal > Something else I would recommend if you end up going the spamassassin route is to look at rules emporium and rules du jour http://www.rulesemporium.com/rules.htm Rules Du Jour is a nice bash script that can automatically download and update the latest rules emporium rules for several different categories of spam. You just choose which rule lists you want to use (there are a lot of categories and then different levels of spam caught vs false positives within rule sets) and then set rules du jour as a nightly cron job to update your rule sets automatically. As some one else said, this lets you have other people keep your regexs up to date. I also added these lines to the top of the Rules Du Jour script to download a couple of other nice clamAV spam signatures: #update extra clam spam defs if [[ -d /var/lib/clamav/ ]]; then cd /var/lib/clamav/ && wget --timestamping http://download.mirror.msrbl.com/MSRBL-SPAM.ndb cd /var/lib/clamav/ && wget --timestamping http://www.sanesecurity.co.uk/clamav/scamsigs/scam.ndb.gz gunzip -cdf scam.ndb.gz > scam.ndb fi #end update extra clam spam defs I also use these smtpd restrictions in main.cf: smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/etc/postfix/helo_access, reject_non_fqdn_hostname, reject_invalid_hostname, permit smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/client_restrictions, permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unknown_sender_domain, check_sender_access hash:/etc/postfix/client_restrictions, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client list.dsbl.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.njabl.org, permit Most of that came from here: http://www.freesoftwaremagazine.com/articles/focus_spam_postfix/ Greylisting is great, and usually doesn't delay mail more than 5 minutes, but in some rare cases it can lead to mail delays of sometimes up to 4 or 5 hours (which is within RFC specs for resending after a 302 message). For my personal server, that is no problem, so I have implemented postgrey (with the stuff above) and get almost no spam ever. For a few businesses I run mail servers for, they expect email to be instant (I know it doesn't have to be technically, but that is what a lot of people expect now a days). For them 20 extra spam a day by not doing grey listing is an okay trade off so that one contact from the new client shows up in time, instead of 3 hours too late. Anyway, I hope this helps. I am always trying to find new great spam solutions (using postfix), so I will continue watching this tread with great interest. Most of the companies I setup mail servers for would rather have 30 spam delivered per user per day than have even 1 false positive or 1 significantly delayed mail, so it is always a tricky line to walk (at least for me) to block as much spam as I can, without ever delaying or blocking a ham message, so I am always looking for new ideas and solutions. Preston