Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Two things. Firstly to anyone running an incoming mail server, I strongly recommend using mail blacklists. I filter my mail using blacklists and strict rfc and the result is about 3-5 spams a week combined on all the accounts on my mail server. I used dnsstuff.com as a guide to finding the right combination of blacklists. I found the best way to find a blacklist was to handpick spam on your server, check the ip addresses against dnsstuff.com and check some legitimate emails. You should get an idea of which blacklists are reliable. When you find the right blacklist, go read the black lists terms and conditions first.
Anyway, for my question. I would like to block more spam. I have noticed there are certain addresses on my server that have never existed that are often spammed. Two of these addresses are info@mydomain and contact@mydomain. Is there a plugin for postfix where I can specify spamtraps on my server, any mail entering a spam trap will cause the IP to be blocked. 4 hours first time, 8 hours second time etc...? Also having rules saying that the first few times an ip is blocked, it is block with 4xx errors. As the IP spams more and more it should do 5xx.
I want all this to be done before the data command is issued.
The last line is for greylisting. It basically checks the connecting IP, from address, and to address and if it's hasn't seen that triplet before, it will temporarily block the email. This forces the sending server to resend the email. If it resends the email, then it goes through.
Most spammers don't resend email automatically. This will also stop a significant amount. Just install Postgrey.
Just the helo restrictions blocks about 40% of the spam coming into my server. I use check_helo_access to block mailers I would consider spammers but strickly speaking aren't. This list includes: tickle-corp.com,ringo.com,getitfree.net,hi5.com.
As for 'reject_unknown_sender_domain' this is also effective, but it gives me false positives. There are still a lot of legitimate sites that don't send from real domains. Without this directive and all the above between my home server and work server we have had 3 false positives in 8 months.
The reason I haven't yet implemented greylisting is for the same reason I dislike hotmail's spam filters.
My server uses the above mentioned filters before the data command is issued. That being considered, ANY message that is rejected will be sent back to the sender immediatly. The sender will know whether or not the message was recieved. It adds a certain level of confidence to the users of my server.
I have amavis that blocks any emails that are confirmed viruses and sends warnings for suspected viruses.
I don't have any spam folders or anything. This prevents people from missing important emails and saying 'oops it was in my spam folder'.
Trouble with greylisting is emails can be delayed up to 24 hours which may cause user frustration because the users are not aware of what is happening with their messages.
Mail servers should be configured to resend temporarily blocked email within a few minutes. I'm a System Admin for an ISP of about 40,000 customers and we use it. The block time we have set is 60 seconds. Very rarely do we see mail being delayed more than 5 minutes.
Mail servers should be configured to resend temporarily blocked email within a few minutes. I'm a System Admin for an ISP of about 40,000 customers and we use it. The block time we have set is 60 seconds. Very rarely do we see mail being delayed more than 5 minutes.
Is it possible to exclude certain addresses from the greylisting?
I have one specific address, support@domain.tld, can't risk having delays on that one.
You could add the address to a file (call it postgrey_sender_whitelist or anything you want) with an OK and include it in smtpd_recipient_restrictions. Then that address would skip all the remaining checks in smtpd_recipient_restrictions. Just make sure check_sender_access comes before check_policy_service inet:127.0.0.1:60000.
Code:
/etc/postfix/main.cf
smtpd_recipient_restrictions =
<all your other recipient checks .....>
check_sender_access hash:/etc/postfix/postgrey_sender_whitelist
check_policy_service inet:127.0.0.1:60000
Code:
/etc/postfix/postgrey_sender_whitelist
support@domain.tld OK
postmap /etc/postfix/postgrey_sender_whitelist
Restart Postfix and off you go.
Last edited by Child of Wonder; 08-16-2006 at 04:06 PM.
If you have Postfix version 2.3 or greater, include this line in your smtpd_client_restrictions.
reject_unknown_client_hostname
If you have a version below 2.3 use: reject_unknown_client.
This rule will take the connecting server IP address and do a reverse DNS lookup (PTR record) on it. If it does not return a hostname, the mail is rejected. If the reverse DNS lookup does produce a hostname, then Postfix does a forward lookup on that hostname. If that lookup does not produce the original connecting IP or the lookup fails, the mail is rejected.
If you have a version below 2.3 use: reject_unknown_client.
I did this, and spam was still getting through. So I checked, turned out I had setup a mail relay (for my domain and a coulpe of others) a while ago I had forgotten about. It was by the relay that all the extra spam was getting through.
I disabled the relay, I'll see if it works. I'll post my results here.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.