[NTLUG:Discuss] Postfix Spam Blocking

Paul Ingendorf pauldy at wantek.net
Fri Feb 4 12:27:09 CST 2005 

Currently running version 2.64 of spam assassin and version 2.0.18 of
postifx I forgot to include for virus protection I use a script called
anomy.  It reforms html e-mail and removes all potentially dangerous
attachments.  Each of these does its job but when you have traffic exceeding
900MB a month being processed constantly all day it really effects the load
of the server not to mention the back and forth equates to more than 1.8GB
of data.  While an easy 99.x percent of the spam messages are caught by spam
assassin the traffic still remains.  This is what I am really looking at
eliminating.  I have considered a rbl for stopping the messages based of ip
addresses and given the recommendations here this will more than likely be
the approach I take.  The other part of my question was with regards to
gleaning the ip addresses of the machines that connect to me sending spam
and blocking them permanently.  I have a spam folder full of spam messages,
65535 to be exact, I want to block every ip in this folder that has ever
sent me an e-mail.  I was given an iptables solution that looks like it
would probably offer me much of what I would need I would prefer to do it at
the mta itself so as not to be forced to create odd rules that will
ultimately slow down the throughput of my machine and potentially cause
problems as the listing of ip addresses grows towards any unforeseen limits.
What prompted the question initially was today was not the first time my
outlook inbox was broken by the 16 bit indexing limit of an outlook folder.
As for the zombies I don't care if person xyz can't send me e-mail directly
from his machine more than likely if he is sending me an e-mail it will be
forwarded through his mail server first anyway.  Thanks for all the
responses I already have a few direction to pursue but if anyone has
solutions for grabbing the ips of machines that connected directly to my
machine to send the spam I would appreciate it.

-----Original Message-----
From: discuss-bounces at ntlug.org [mailto:discuss-bounces at ntlug.org]On
Behalf Of Victor Brilon
Sent: Friday, February 04, 2005 11:29 AM
To: Brian; NTLUG Discussion List
Subject: Re: [NTLUG:Discuss] Postfix Spam Blocking




Brian wrote:
> Paul, I'm looking forward to the answers you get.  I've been using SA
> for two years, and have been sorely disappointed.  I believe my
> current SA database has learned from 2000 spams and hams, and I still
> see the same spams make it through SA, with no change in the bayes
> score.  Maybe it's the type of spam/ham I train with, but if that's
> the case, then SA is probably not the tool I should be using.

That sounds like your SA isn't configured optimally. Which version of SA
are you running and are you using Bayesian training? Do you have network
  tests enabled? Are you using pyzor and/or dcc?

My experience with SA has been 180 degrees from yours. With a good base
of training and semi-irregular feeding of more spam and ham, it's
catching well over 95% of my spam.

Victor

_______________________________________________
https://ntlug.org/mailman/listinfo/discuss

More information about the Discuss mailing list