From owner-freebsd-questions Wed Jun 26 4:11:32 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mgw1-out.MEIway.com (mgw1.meiway.com [212.73.210.75]) by hub.freebsd.org (Postfix) with ESMTP id 479A237B400 for ; Wed, 26 Jun 2002 04:11:20 -0700 (PDT) Received: from VirusGate.MEIway.com (virus-gate.meiway.com [212.73.210.91]) by mgw1-out.MEIway.com (Postfix Relay Hub) with ESMTP id 54C5DEF6A4 for ; Wed, 26 Jun 2002 13:10:51 +0200 (CEST) Received: from localhost (localhost.meiway.com [127.0.0.1]) by VirusGate.MEIway.com (Postfix) with SMTP id 434005D00F for ; Wed, 26 Jun 2002 13:13:23 +0200 (CEST) Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73]) by VirusGate.MEIway.com (Postfix) with ESMTP id DEFCB5D008 for ; Wed, 26 Jun 2002 13:13:17 +0200 (CEST) Received: from LenConrad.Go2France.com [66.64.14.18] by mail.Go2France.com with ESMTP (SMTPD32-6.06) id A1F816200A0; Wed, 26 Jun 2002 13:14:00 +0200 Message-Id: <5.1.0.14.2.20020626054311.02d89ca8@mail.Go2France.com> X-Sender: LConrad@Go2France.com@mail.Go2France.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 26 Jun 2002 06:11:05 -0500 To: freebsd-questions@freebsd.org From: Len Conrad Subject: Re: I hate to bring it up again (spamming) In-Reply-To: References: <20020626101156585.AAA781@empty1.ekahuna.com> <200206260922.34870.mark.rowlands@minmail.net> <20020626101156585.AAA781@empty1.ekahuna.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG >No idea if it's even possible but how about stripping attachments just >from the digest? > >True it wouldn't eradicate the problem but surely that would at least >reduce the load for digest users who can't filter spam. IMGate is postfix configured as anti-abuse relay. Several 100 ISP's and other orgs find it extremely effective at reducing spam at the edge. I don't bother to filter the crumbs that make it to my desktop. here are the postfix main.cf that reduce spam. maps_rbl_domains = blackholes.wirehub.net, dynablock.wirehub.net, sbl.spamhaus.org, relays.ordb.org, spews.relays.osirusoft.com, formmail.relays.monkeys.com, proxies.relays.monkeys.com, socks.relays.osirusoft.com, bl.spamcop.net, orbs.dorkslayers.com, dialups.relays.osirusoft.com, spamsites.relays.osirusoft.com, spamhaus.relays.osirusoft.com, korea.services.net, ipwhois.rfc-ignorant.org smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, hash:/etc/postfix/to_recipients.map, check_sender_access hash:/etc/postfix/from_senders.map, check_sender_access hash:/etc/postfix/spamlist-extended.txt, check_sender_access hash:/etc/postfix/bogus_from_senders.map, check_hostname_access hash:/etc/postfix/helo_hostnames.map, reject_unknown_hostname, reject_invalid_hostname, reject_non_fqdn_hostname, check_client_access hash:/etc/postfix/mta_clients.map, reject_maps_rbl, permit header_checks = regexp:/etc/postfix/header_checks.regexp body_checks = regexp:/etc/postfix/body_checks.regexp smtpd_helo_required = yes strict_rfc821_envelopes = yes # disable_vrfy_command = yes smtp_always_send_ehlo = yes biff = no In the the various "hostname" checks are pretty useless since they produce too many false positives. New restrictions that have added a significant increment in rejects are check_sender_access hash:/etc/postfix/spamlist-extended.txt, ... is a frequently updated list from http://basic.wirehub.nl/spamlist-extended.txt of envelope senders used by spammers. check_sender_access hash:/etc/postfix/bogus_from_senders.map ... is a list of 4000+ @sender.domains, frequently forged by spammers. The list is at http://www.monkeys.com/anti-spam/filtering/sender-domain-validate.in When these enevlope @sender.domains are alleged in the envelope, postfix will require that the ip of the sending MTA have PTR and A records that exist + match. For an ISP in LA with about 25k msgs/day, here are his rejects for one day last week: 11 ACL header checks 13 SMTP invalid sender@sender.domain 25 RBL socks.relays.osirusoft.com 38 RBL dynablock.wirehub.net 51 RBL orbs.dorkslayers.com 64 SMTP unauthorized pipelining 79 RBL relays.visi.com 97 RBL blackholes.wirehub.net 104 ACL unauthorized relay 293 RBL relays.ordb.org 496 RBL proxies.relays.monkeys.com 506 ACL body checks 704 DNS no A/MX for @recipient.domain 1441 ACL sender@sender.domain 1453 DNS nxdomain for MTA PTR hostname 2230 DNS no A/MX for @sender.domain 2441 DNS timeout for MTA PTR hostname 10046 TOTAL The "MTR PTR" lines are produced by the bogus_from_senders check. The problem with the spam in the FreeBSD lists is that FreeBSD's outbound MTA's don't trigger any filters at the gateway level, so the FreeBSD list members are pretty much stuck with fighting it on their desktop, since the gateways let it through. So the key is for FreeBSD.org to try to keep it out of their MX's. I hope some of the rules above, if used by FreeBSD.org, would provide an large increment of rejections. The list-subscription requirement is useless, since the spammers can easily harvest list members names for use as forged envelope senders. Len www.menandmice.com/DNS-training : DNS Training BIND8NT.MEIway.com : ISC BIND for NT4 & W2K IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message