Re: Spam Attack on Postmaster

From: Stan Hoeppner (no email)
Date: Mon Mar 01 2010 - 08:05:23 EST

  • Next message: Ralf Hildebrandt: "Re: Spam Attack on Postmaster"

    Carlos Williams put forth on 2/28/2010 10:02 PM:
    > On Sun, Feb 28, 2010 at 5:27 PM, Stan Hoeppner <> wrote:
    >> Carlos, I think it's time you join spam-l and learn all the tricks to
    >> fighting spam. http://spam-l.com/mailman/listinfo/spam-l
    >
    > Thanks. I will research this and see what I can learn from that list.

    If you sub the list, ask Rich K about ipdeny. I learned about it from him.
     He's been a spam fighter since 1994 (maybe earlier). He's old school. As
    is Chris Lewis. Pay close attention to his posts. He's head of network
    security at Nortel networks, as well as the creator/maintainer of a major
    dnsbl, although I can't say which, lest I be shot. ;) The creator of
    Enemies List, Steven Champeon, is also a member, very sharp guy. Lots of
    experience on spam-l going waaay back. Many of the folks on the list
    predate SMTP.

    >> You could have blocked this spam with any number of methods, the simplest
    >> being adding the following to main.cf:
    >>
    >> smtpd_recipient_restrictions =
    >> reject_rbl_client zen.spamhaus.org
    >
    > I do have this in my main.cf. I don't know why it didn't reject it if
    > I have zen.spamhaus.org in my config unless it was added after the
    > spam was sent to me. Do you know? I have attached my output of
    > 'postconf -n' below.

    Look at the date/time stamp on the email transaction in your log, then check
    it against the CBL. If you reported it here the same day you received it,
    then CBL already had it listed. The CBL is incorporated into Spamhaus ZEN,
    but it's easier to check if an IP is listed using the CBL website than the
    Spamhaus website.

    > Is the a guide on how I can build a cidr table and block ALL mail from
    > Russia? I don't ever want / need mail from Russia and don't know how
    > to build this table and how to force Postfix to use the list.

    You don't need a guide. Just download the country files you want to block
    from ipdeny.com and add "REJECT" to the end of each line in the file so
    Postfix can use it, something like this:

    sed 's/$/ REJECT Russian email not welcome/g' ru.zone > russia.cidr

    Stick russia.cidr in /etc/postfix/ and to smtpd_recipient_restrictions,
    close to the top, add:

    check_client_access cidr:/etc/postfix/russia.cidr

    This will block all smtp connections originating from Russian IP space.

    Using ipdeny country listings is a simple and very effective way to stop a
    lot of spam. If you are sure you'll never need to receive email from a
    given country, using ipdeny cidr listings is the single most effective way
    to block spam from those countries. It's cheap on resources too, compared
    to dnsbl lookups.

    -- 
    Stan
    

  • Next message: Ralf Hildebrandt: "Re: Spam Attack on Postmaster"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD