[NTLUG:Discuss] Postfix Spam Blocking
Victor Brilon
victor at victorland.com
Fri Feb 4 10:54:18 CST 2005
Paul Ingendorf wrote:
> I'm looking for some pointers here. I am currently running a postfix setup
> with spam assassin. I have run into the problem of recieving more than
> 900MB of spam a month. This has gotten to the point where is just peeves me
> off. I have examined a few options but I'm left with a simple ip blacklist
> as being the best way to deal with the problem. So here is my question what
> is the best way to impliment something like this and are there any
> apps/scripts available that will parse my current collection of spam
> messages to add only the ips from where the spam originated or will I have
> to go through and dig those out for each mesage myself. I'm looking into a
> rbl for blocking known bad ips but I want to catch as many as possible from
> past spam as well.
Blocking IPs is pretty much pointless as the majority of the spam
nowadays is sent from zombies -- i.e. PCs taken over by trojans. By the
time you get around to adding them to your own list, chances are they'll
be offline. Even worse, depending on how you are parsing headers, you
risk blacklisting an innocent mailserver. Third party RBLs are *much*
more reliable and accurate at doing this for you.
I run SpamAssassin as well and I find that having Postfix reject spam at
the MTA level via RBLs (I use relays.ordb.org, sbl.spamhaus.org,
opm.blitzed.org, and cbl.abuseat.org), and then having SA tag anything
past that using its rules (including Bayesian learning), catches 95%+ of
all my spam. Your mileage will obviously vary.
You might also consider using Postfix's address verification
functionality to block even more mail at the MTA level. More info is at:
http://www.postfix.org/ADDRESS_VERIFICATION_README.html
Victor
More information about the Discuss
mailing list