On 21 March 2013 11:22, ndungu stephen <ndungustephen@gmail.com> wrote:

Hi gurus;

I am new to Postfix,Amavis,SpamAssassin ; spam mail have been filling up our server - filling up the hardisk, and queues with useless mail that seem to be from self spawning domains and email addresses.

This is preventing genuine email from functioning properly.

However, I followed instructions on the net to do "soft blacklisting" and "hard blacklisting" - but it does not seem to work.

I am assuming soft blacklisting gives an email a maximum number of hits before the address is given low priority and eventually blocked out.
I also assumed hard blacklisting totally prevents a domain from sending email and filling up the queues.

What to do to stop these domains from sending emails permanently ?

----------
LOGS
----------

Blacklisting Rules: on /etc/mail/spamassassin/local.cf

blacklist_from t.co hotmail.com jhdgsndhj.com sgnbxhfghd.com hjsnbfg.com snybfhf.com 265kt.com 10t1v.com q9cho.com d10vx_.com jhdgsn

dhj.com snybfhf.com djsnhdh.com hjndgsycfs.com jhgsnvdgh.com dhjgnsghfs.com sgnghfsg.com sgnhscgfs.com ucidgsnhcvds.com jhcgsngfdgh.

com hydgsnhcvdsngh.com jhgsnhsxffg.com hycgndsgjfdg.com eungfyuds.com 2udfwnw.com

blacklist_to t.co hotmail.com jhdgsndhj.com snybfhf.com sgnbxhfghd.com hjsnbfg.com djsnhdh.com hjndgsycfs.com jhgsnvdgh.com dhjgnsgh

fs.com sgnghfsg.com sgnhscgfs.com ucidgsnhcvds.com jhcgsngfdgh.com hydgsnhcvdsngh.com jhgsnhsxffg.com hycgndsgjfdg.com eungfyuds.com

2udfwnw.com

Blacklisting Rules Global: /etc/amavisd/amavisd.conf

@score_sender_maps = ({ # a by-recipient hash lookup table,

[ # the _first_ matching sender determines the score boost

new_RE( # regexp-type lookup table, just happens to be all soft-blacklist

[qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0],
[qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i => 5.0],
[qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i => 5.0],

[qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0],
[qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0],
[qr'^(your_friend|greatoffers)@'i => 5.0],

[qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0],
[qr'^(sex|fck)\d*@'i => -5.0],

[qr'.*@\.*\.hotmail\.com$'i => -10.0],
[qr'.*@\.*\.yahoo\.com$'i => -10.0],

),

This does not seem to work (see active queues) - always close to 20000 (saturation) with useless domains.

T 5 10 20 40 80 160 320 640 1280 1280+
TOTAL 19979 0 4 890 3237 3470 2085 140 51 5110 4992

yahoo.com 6803 0 0 222 925 536 942 37 0 2308 1833
eungfyuds.com 467 0 0 52 186 227 0 0 0 0 2

coldthree.ru 422 0 0 0 0 0 0 0 0 0 422
top10new.ru 371 0 0 0 0 0 0 0 0 0 371

hjsgvnbfcgf.com 336 0 0 36 123 177 0 0 0 0 0
jhgvsnghsvg.com 313 0 1 30 117 164 0 0 0 0 1

dhgnvdbcfgf.com 302 0 1 37 111 153 0 0 0 0 0
suynghjfsngf.com 295 0 0 34 120 139 0 0 0 0 2

hygtjdfsfds.com 275 0 1 40 109 119 0 0 0 1 5
uysdgnhjgfh.com 274 0 0 30 110 128 0 0 0 0 6

wehjnsvcghfdg.com 262 0 0 39 102 119 0 0 0 0 2
jgswnhd.com 223 0 0 24 102 97 0 0 0 0 0

jdgsngdfgh.com 215 0 1 19 91 102 0 0 0 0 2
jdsgngyd.com 213 0 0 21 99 90 0 0 0 0 3

uficdgsnjgdg.com 190 0 0 25 74 91 0 0 0 0 0
dugnhdff.com 185 0 0 26 80 79 0 0 0 0 0

judgsyfdg.com 184 0 0 19 96 69 0 0 0 0 0
jdegngdfgh.com 184 0 0 23 80 79 0 0 0 0 2

cauen.com 174 0 0 0 0 0 172 2 0 0 0

_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke