Postfix and SpamAssassin - SPAM mail filling server queues despite blacklisting rules
Hi gurus; I am new to Postfix,Amavis,SpamAssassin ; spam mail have been filling up our server - filling up the hardisk, and queues with useless mail that seem to be from self spawning domains and email addresses. This is preventing genuine email from functioning properly. However, I followed instructions on the net to do "soft blacklisting" and "hard blacklisting" - but it does not seem to work. I am assuming soft blacklisting gives an email a maximum number of hits before the address is given low priority and eventually blocked out. I also assumed hard blacklisting totally prevents a domain from sending email and filling up the queues. What to do to stop these domains from sending emails permanently ? ---------- LOGS ---------- *Blacklisting Rules: *on /etc/mail/spamassassin/local.cf blacklist_from t.co hotmail.com jhdgsndhj.com sgnbxhfghd.com hjsnbfg.com snybfhf.com 265kt.com 10t1v.com q9cho.com d10vx_.com jhdgsn dhj.com snybfhf.com djsnhdh.com hjndgsycfs.com jhgsnvdgh.com dhjgnsghfs.com sgnghfsg.com sgnhscgfs.com ucidgsnhcvds.com jhcgsngfdgh. com hydgsnhcvdsngh.com jhgsnhsxffg.com hycgndsgjfdg.com eungfyuds.com 2udfwnw.com blacklist_to t.co hotmail.com jhdgsndhj.com snybfhf.com sgnbxhfghd.com hjsnbfg.com djsnhdh.com hjndgsycfs.com jhgsnvdgh.com dhjgnsgh fs.com sgnghfsg.com sgnhscgfs.com ucidgsnhcvds.com jhcgsngfdgh.com hydgsnhcvdsngh.com jhgsnhsxffg.com hycgndsgjfdg.com eungfyuds.com 2udfwnw.com *Blacklisting Rules Global:* /etc/amavisd/amavisd.conf @score_sender_maps = ({ # a by-recipient hash lookup table, [ # the _first_ matching sender determines the score boost new_RE( # regexp-type lookup table, just happens to be all soft-blacklist [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0], [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i => 5.0], [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i => 5.0], [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0], [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0], [qr'^(your_friend|greatoffers)@'i => 5.0], [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0], [qr'^(sex|fck)\d*@'i => -5.0], [qr'.*@\.*\.hotmail\.com$'i => -10.0], [qr'.*@\.*\.yahoo\.com$'i => -10.0], ), This does not seem to work (see active queues) - always close to 20000 (saturation) with useless domains. T 5 10 20 40 80 160 320 640 1280 1280+ TOTAL 19979 0 4 890 3237 3470 2085 140 51 5110 4992 yahoo.com 6803 0 0 222 925 536 942 37 0 2308 1833 eungfyuds.com 467 0 0 52 186 227 0 0 0 0 2 coldthree.ru 422 0 0 0 0 0 0 0 0 0 422 top10new.ru 371 0 0 0 0 0 0 0 0 0 371 hjsgvnbfcgf.com 336 0 0 36 123 177 0 0 0 0 0 jhgvsnghsvg.com 313 0 1 30 117 164 0 0 0 0 1 dhgnvdbcfgf.com 302 0 1 37 111 153 0 0 0 0 0 suynghjfsngf.com 295 0 0 34 120 139 0 0 0 0 2 hygtjdfsfds.com 275 0 1 40 109 119 0 0 0 1 5 uysdgnhjgfh.com 274 0 0 30 110 128 0 0 0 0 6 wehjnsvcghfdg.com 262 0 0 39 102 119 0 0 0 0 2 jgswnhd.com 223 0 0 24 102 97 0 0 0 0 0 jdgsngdfgh.com 215 0 1 19 91 102 0 0 0 0 2 jdsgngyd.com 213 0 0 21 99 90 0 0 0 0 3 uficdgsnjgdg.com 190 0 0 25 74 91 0 0 0 0 0 dugnhdff.com 185 0 0 26 80 79 0 0 0 0 0 judgsyfdg.com 184 0 0 19 96 69 0 0 0 0 0 jdegngdfgh.com 184 0 0 23 80 79 0 0 0 0 2 cauen.com 174 0 0 0 0 0 172 2 0 0 0
Wrong Forum ?
i use postfix found spamassain not as effective therefore i have an independent spam filter like dansguardian or any other web filter or squidguard On Thu, Mar 21, 2013 at 8:56 PM, ndungu stephen <ndungustephen@gmail.com> wrote:
Wrong Forum ? _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- carol........ Make a habit of raising your standards so that you work towards them...........it will always keep you on your toes.
I am an Exim guy so not the best advisor when it comes to Postfix, but what I suggest is finding a system to integrate into Postfix to enable it reject mail at SMTP time, not accepting it. The name of that system is left as an exercise for you. On 21 March 2013 11:22, ndungu stephen <ndungustephen@gmail.com> wrote:
Hi gurus;
I am new to Postfix,Amavis,SpamAssassin ; spam mail have been filling up our server - filling up the hardisk, and queues with useless mail that seem to be from self spawning domains and email addresses.
This is preventing genuine email from functioning properly.
However, I followed instructions on the net to do "soft blacklisting" and "hard blacklisting" - but it does not seem to work.
I am assuming soft blacklisting gives an email a maximum number of hits before the address is given low priority and eventually blocked out. I also assumed hard blacklisting totally prevents a domain from sending email and filling up the queues.
What to do to stop these domains from sending emails permanently ?
---------- LOGS ----------
*Blacklisting Rules: *on /etc/mail/spamassassin/local.cf
blacklist_from t.co hotmail.com jhdgsndhj.com sgnbxhfghd.com hjsnbfg.com snybfhf.com 265kt.com 10t1v.com q9cho.com d10vx_.com jhdgsn dhj.com snybfhf.com djsnhdh.com hjndgsycfs.com jhgsnvdgh.com dhjgnsghfs.com sgnghfsg.com sgnhscgfs.com ucidgsnhcvds.com jhcgsngfdgh. com hydgsnhcvdsngh.com jhgsnhsxffg.com hycgndsgjfdg.com eungfyuds.com 2udfwnw.com
blacklist_to t.co hotmail.com jhdgsndhj.com snybfhf.com sgnbxhfghd.com hjsnbfg.com djsnhdh.com hjndgsycfs.com jhgsnvdgh.com dhjgnsgh fs.com sgnghfsg.com sgnhscgfs.com ucidgsnhcvds.com jhcgsngfdgh.com hydgsnhcvdsngh.com jhgsnhsxffg.com hycgndsgjfdg.com eungfyuds.com 2udfwnw.com
*Blacklisting Rules Global:* /etc/amavisd/amavisd.conf
@score_sender_maps = ({ # a by-recipient hash lookup table,
[ # the _first_ matching sender determines the score boost
new_RE( # regexp-type lookup table, just happens to be all soft-blacklist [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0], [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i => 5.0], [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i => 5.0], [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0], [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0], [qr'^(your_friend|greatoffers)@'i => 5.0], [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0], [qr'^(sex|fck)\d*@'i => -5.0], [qr'.*@\.*\.hotmail\.com$'i => -10.0], [qr'.*@\.*\.yahoo\.com$'i => -10.0], ),
This does not seem to work (see active queues) - always close to 20000 (saturation) with useless domains.
T 5 10 20 40 80 160 320 640 1280 1280+ TOTAL 19979 0 4 890 3237 3470 2085 140 51 5110 4992 yahoo.com 6803 0 0 222 925 536 942 37 0 2308 1833 eungfyuds.com 467 0 0 52 186 227 0 0 0 0 2 coldthree.ru 422 0 0 0 0 0 0 0 0 0 422 top10new.ru 371 0 0 0 0 0 0 0 0 0 371 hjsgvnbfcgf.com 336 0 0 36 123 177 0 0 0 0 0 jhgvsnghsvg.com 313 0 1 30 117 164 0 0 0 0 1 dhgnvdbcfgf.com 302 0 1 37 111 153 0 0 0 0 0 suynghjfsngf.com 295 0 0 34 120 139 0 0 0 0 2 hygtjdfsfds.com 275 0 1 40 109 119 0 0 0 1 5 uysdgnhjgfh.com 274 0 0 30 110 128 0 0 0 0 6 wehjnsvcghfdg.com 262 0 0 39 102 119 0 0 0 0 2 jgswnhd.com 223 0 0 24 102 97 0 0 0 0 0 jdgsngdfgh.com 215 0 1 19 91 102 0 0 0 0 2 jdsgngyd.com 213 0 0 21 99 90 0 0 0 0 3 uficdgsnjgdg.com 190 0 0 25 74 91 0 0 0 0 0 dugnhdff.com 185 0 0 26 80 79 0 0 0 0 0 judgsyfdg.com 184 0 0 19 96 69 0 0 0 0 0 jdegngdfgh.com 184 0 0 23 80 79 0 0 0 0 2 cauen.com 174 0 0 0 0 0 172 2 0 0 0
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
In my opinion, get a good service provider who can be your primary MX so that they can do the scanning on their end before forwarding to you, I am assuming your postfix receives directly from the Internet. Otherwise you can use spamassassin + mailscanner and numerous trials and errors. If you don't have the time, just pass it on to someone else who can do it better, it lets you work on your key competences. Sqyidguard and dansguardian are for web proxying, no? George On Mar 22, 2013 7:21 AM, "Odhiambo Washington" <odhiambo@gmail.com> wrote:
I am an Exim guy so not the best advisor when it comes to Postfix, but what I suggest is finding a system to integrate into Postfix to enable it reject mail at SMTP time, not accepting it. The name of that system is left as an exercise for you.
On 21 March 2013 11:22, ndungu stephen <ndungustephen@gmail.com> wrote:
Hi gurus;
I am new to Postfix,Amavis,SpamAssassin ; spam mail have been filling up our server - filling up the hardisk, and queues with useless mail that seem to be from self spawning domains and email addresses.
This is preventing genuine email from functioning properly.
However, I followed instructions on the net to do "soft blacklisting" and "hard blacklisting" - but it does not seem to work.
I am assuming soft blacklisting gives an email a maximum number of hits before the address is given low priority and eventually blocked out. I also assumed hard blacklisting totally prevents a domain from sending email and filling up the queues.
What to do to stop these domains from sending emails permanently ?
---------- LOGS ----------
*Blacklisting Rules: *on /etc/mail/spamassassin/local.cf
blacklist_from t.co hotmail.com jhdgsndhj.com sgnbxhfghd.com hjsnbfg.com snybfhf.com 265kt.com 10t1v.com q9cho.com d10vx_.com jhdgsn dhj.com snybfhf.com djsnhdh.com hjndgsycfs.com jhgsnvdgh.com dhjgnsghfs.com sgnghfsg.com sgnhscgfs.com ucidgsnhcvds.com jhcgsngfdgh. com hydgsnhcvdsngh.com jhgsnhsxffg.com hycgndsgjfdg.com eungfyuds.com 2udfwnw.com
blacklist_to t.co hotmail.com jhdgsndhj.com snybfhf.com sgnbxhfghd.com hjsnbfg.com djsnhdh.com hjndgsycfs.com jhgsnvdgh.com dhjgnsgh fs.com sgnghfsg.com sgnhscgfs.com ucidgsnhcvds.com jhcgsngfdgh.com hydgsnhcvdsngh.com jhgsnhsxffg.com hycgndsgjfdg.com eungfyuds.com 2udfwnw.com
*Blacklisting Rules Global:* /etc/amavisd/amavisd.conf
@score_sender_maps = ({ # a by-recipient hash lookup table,
[ # the _first_ matching sender determines the score boost
new_RE( # regexp-type lookup table, just happens to be all soft-blacklist [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0], [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i => 5.0], [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i => 5.0], [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0], [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0], [qr'^(your_friend|greatoffers)@'i => 5.0], [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0], [qr'^(sex|fck)\d*@'i => -5.0], [qr'.*@\.*\.hotmail\.com$'i => -10.0], [qr'.*@\.*\.yahoo\.com$'i => -10.0], ),
This does not seem to work (see active queues) - always close to 20000 (saturation) with useless domains.
T 5 10 20 40 80 160 320 640 1280 1280+ TOTAL 19979 0 4 890 3237 3470 2085 140 51 5110 4992 yahoo.com 6803 0 0 222 925 536 942 37 0 2308 1833 eungfyuds.com 467 0 0 52 186 227 0 0 0 0 2 coldthree.ru 422 0 0 0 0 0 0 0 0 0 422 top10new.ru 371 0 0 0 0 0 0 0 0 0 371 hjsgvnbfcgf.com 336 0 0 36 123 177 0 0 0 0 0 jhgvsnghsvg.com 313 0 1 30 117 164 0 0 0 0 1 dhgnvdbcfgf.com 302 0 1 37 111 153 0 0 0 0 0 suynghjfsngf.com 295 0 0 34 120 139 0 0 0 0 2 hygtjdfsfds.com 275 0 1 40 109 119 0 0 0 1 5 uysdgnhjgfh.com 274 0 0 30 110 128 0 0 0 0 6 wehjnsvcghfdg.com 262 0 0 39 102 119 0 0 0 0 2 jgswnhd.com 223 0 0 24 102 97 0 0 0 0 0 jdgsngdfgh.com 215 0 1 19 91 102 0 0 0 0 2 jdsgngyd.com 213 0 0 21 99 90 0 0 0 0 3 uficdgsnjgdg.com 190 0 0 25 74 91 0 0 0 0 0 dugnhdff.com 185 0 0 26 80 79 0 0 0 0 0 judgsyfdg.com 184 0 0 19 96 69 0 0 0 0 0 jdegngdfgh.com 184 0 0 23 80 79 0 0 0 0 2 cauen.com 174 0 0 0 0 0 172 2 0 0 0
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
A certain company in Thika is looking for a graphics designer who could be engauged on part time basis. If that's your line of career, send in your application, may be with some works that you in the past. Or better still, get intouch off the list. Patrick, 0722630969 Sent from my BlackBerry® -----Original Message----- From: george <theonlydamnedavailablename@gmail.com> Sender: skunkworks-bounces@lists.my.co.ke Date: Fri, 22 Mar 2013 08:24:26 To: Skunkworks Mailing List<skunkworks@lists.my.co.ke> Reply-To: Skunkworks Mailing List <skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] Postfix and SpamAssassin - SPAM mail filling server queues despite blacklisting rules _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://orion.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Are you using any RBL databases? They reduce the amount of spam your server recieves drastically. The good thing about RBL's is that the spam mails are rejected before processing. This saves the server alot of work. /Boniface On Fri, Mar 22, 2013 at 8:24 AM, george < theonlydamnedavailablename@gmail.com> wrote:
In my opinion, get a good service provider who can be your primary MX so that they can do the scanning on their end before forwarding to you, I am assuming your postfix receives directly from the Internet. Otherwise you can use spamassassin + mailscanner and numerous trials and errors. If you don't have the time, just pass it on to someone else who can do it better, it lets you work on your key competences. Sqyidguard and dansguardian are for web proxying, no?
George On Mar 22, 2013 7:21 AM, "Odhiambo Washington" <odhiambo@gmail.com> wrote:
I am an Exim guy so not the best advisor when it comes to Postfix, but what I suggest is finding a system to integrate into Postfix to enable it reject mail at SMTP time, not accepting it. The name of that system is left as an exercise for you.
On 21 March 2013 11:22, ndungu stephen <ndungustephen@gmail.com> wrote:
Hi gurus;
I am new to Postfix,Amavis,SpamAssassin ; spam mail have been filling up our server - filling up the hardisk, and queues with useless mail that seem to be from self spawning domains and email addresses.
This is preventing genuine email from functioning properly.
However, I followed instructions on the net to do "soft blacklisting" and "hard blacklisting" - but it does not seem to work.
I am assuming soft blacklisting gives an email a maximum number of hits before the address is given low priority and eventually blocked out. I also assumed hard blacklisting totally prevents a domain from sending email and filling up the queues.
What to do to stop these domains from sending emails permanently ?
---------- LOGS ----------
*Blacklisting Rules: *on /etc/mail/spamassassin/local.cf
blacklist_from t.co hotmail.com jhdgsndhj.com sgnbxhfghd.com hjsnbfg.com snybfhf.com 265kt.com 10t1v.com q9cho.com d10vx_.com jhdgsn dhj.com snybfhf.com djsnhdh.com hjndgsycfs.com jhgsnvdgh.com dhjgnsghfs.com sgnghfsg.com sgnhscgfs.com ucidgsnhcvds.com jhcgsngfdgh. com hydgsnhcvdsngh.com jhgsnhsxffg.com hycgndsgjfdg.com eungfyuds.com 2udfwnw.com
blacklist_to t.co hotmail.com jhdgsndhj.com snybfhf.com sgnbxhfghd.com hjsnbfg.com djsnhdh.com hjndgsycfs.com jhgsnvdgh.com dhjgnsgh fs.com sgnghfsg.com sgnhscgfs.com ucidgsnhcvds.com jhcgsngfdgh.com hydgsnhcvdsngh.com jhgsnhsxffg.com hycgndsgjfdg.com eungfyuds.com 2udfwnw.com
*Blacklisting Rules Global:* /etc/amavisd/amavisd.conf
@score_sender_maps = ({ # a by-recipient hash lookup table,
[ # the _first_ matching sender determines the score boost
new_RE( # regexp-type lookup table, just happens to be all soft-blacklist [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0], [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i => 5.0], [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i => 5.0], [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0], [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0], [qr'^(your_friend|greatoffers)@'i => 5.0], [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0], [qr'^(sex|fck)\d*@'i => -5.0], [qr'.*@\.*\.hotmail\.com$'i => -10.0], [qr'.*@\.*\.yahoo\.com$'i => -10.0], ),
This does not seem to work (see active queues) - always close to 20000 (saturation) with useless domains.
T 5 10 20 40 80 160 320 640 1280 1280+ TOTAL 19979 0 4 890 3237 3470 2085 140 51 5110 4992 yahoo.com 6803 0 0 222 925 536 942 37 0 2308 1833 eungfyuds.com 467 0 0 52 186 227 0 0 0 0 2 coldthree.ru 422 0 0 0 0 0 0 0 0 0 422 top10new.ru 371 0 0 0 0 0 0 0 0 0 371 hjsgvnbfcgf.com 336 0 0 36 123 177 0 0 0 0 0 jhgvsnghsvg.com 313 0 1 30 117 164 0 0 0 0 1 dhgnvdbcfgf.com 302 0 1 37 111 153 0 0 0 0 0 suynghjfsngf.com 295 0 0 34 120 139 0 0 0 0 2 hygtjdfsfds.com 275 0 1 40 109 119 0 0 0 1 5 uysdgnhjgfh.com 274 0 0 30 110 128 0 0 0 0 6 wehjnsvcghfdg.com 262 0 0 39 102 119 0 0 0 0 2 jgswnhd.com 223 0 0 24 102 97 0 0 0 0 0 jdgsngdfgh.com 215 0 1 19 91 102 0 0 0 0 2 jdsgngyd.com 213 0 0 21 99 90 0 0 0 0 3 uficdgsnjgdg.com 190 0 0 25 74 91 0 0 0 0 0 dugnhdff.com 185 0 0 26 80 79 0 0 0 0 0 judgsyfdg.com 184 0 0 19 96 69 0 0 0 0 0 jdegngdfgh.com 184 0 0 23 80 79 0 0 0 0 2 cauen.com 174 0 0 0 0 0 172 2 0 0 0
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
yeah, what Boniface said...if your mail traffic is considerable, then you'll want to use RBL's to filter mail. On Fri, Mar 22, 2013 at 11:14 AM, Boniface <mboteb@gmail.com> wrote:
Are you using any RBL databases? They reduce the amount of spam your server recieves drastically. The good thing about RBL's is that the spam mails are rejected before processing. This saves the server alot of work.
/Boniface
On Fri, Mar 22, 2013 at 8:24 AM, george < theonlydamnedavailablename@gmail.com> wrote:
In my opinion, get a good service provider who can be your primary MX so that they can do the scanning on their end before forwarding to you, I am assuming your postfix receives directly from the Internet. Otherwise you can use spamassassin + mailscanner and numerous trials and errors. If you don't have the time, just pass it on to someone else who can do it better, it lets you work on your key competences. Sqyidguard and dansguardian are for web proxying, no?
George On Mar 22, 2013 7:21 AM, "Odhiambo Washington" <odhiambo@gmail.com> wrote:
I am an Exim guy so not the best advisor when it comes to Postfix, but what I suggest is finding a system to integrate into Postfix to enable it reject mail at SMTP time, not accepting it. The name of that system is left as an exercise for you.
On 21 March 2013 11:22, ndungu stephen <ndungustephen@gmail.com> wrote:
Hi gurus;
I am new to Postfix,Amavis,SpamAssassin ; spam mail have been filling up our server - filling up the hardisk, and queues with useless mail that seem to be from self spawning domains and email addresses.
This is preventing genuine email from functioning properly.
However, I followed instructions on the net to do "soft blacklisting" and "hard blacklisting" - but it does not seem to work.
I am assuming soft blacklisting gives an email a maximum number of hits before the address is given low priority and eventually blocked out. I also assumed hard blacklisting totally prevents a domain from sending email and filling up the queues.
What to do to stop these domains from sending emails permanently ?
---------- LOGS ----------
*Blacklisting Rules: *on /etc/mail/spamassassin/local.cf
blacklist_from t.co hotmail.com jhdgsndhj.com sgnbxhfghd.com hjsnbfg.com snybfhf.com 265kt.com 10t1v.com q9cho.com d10vx_.com jhdgsn dhj.com snybfhf.com djsnhdh.com hjndgsycfs.com jhgsnvdgh.com dhjgnsghfs.com sgnghfsg.com sgnhscgfs.com ucidgsnhcvds.com jhcgsngfdgh. com hydgsnhcvdsngh.com jhgsnhsxffg.com hycgndsgjfdg.com eungfyuds.com 2udfwnw.com
blacklist_to t.co hotmail.com jhdgsndhj.com snybfhf.com sgnbxhfghd.com hjsnbfg.com djsnhdh.com hjndgsycfs.com jhgsnvdgh.com dhjgnsgh fs.com sgnghfsg.com sgnhscgfs.com ucidgsnhcvds.com jhcgsngfdgh.com hydgsnhcvdsngh.com jhgsnhsxffg.com hycgndsgjfdg.com eungfyuds.com 2udfwnw.com
*Blacklisting Rules Global:* /etc/amavisd/amavisd.conf
@score_sender_maps = ({ # a by-recipient hash lookup table,
[ # the _first_ matching sender determines the score boost
new_RE( # regexp-type lookup table, just happens to be all soft-blacklist [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0], [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i => 5.0], [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i => 5.0], [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0], [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0], [qr'^(your_friend|greatoffers)@'i => 5.0], [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0], [qr'^(sex|fck)\d*@'i => -5.0], [qr'.*@\.*\.hotmail\.com$'i => -10.0], [qr'.*@\.*\.yahoo\.com$'i => -10.0], ),
This does not seem to work (see active queues) - always close to 20000 (saturation) with useless domains.
T 5 10 20 40 80 160 320 640 1280 1280+ TOTAL 19979 0 4 890 3237 3470 2085 140 51 5110 4992 yahoo.com 6803 0 0 222 925 536 942 37 0 2308 1833 eungfyuds.com 467 0 0 52 186 227 0 0 0 0 2 coldthree.ru 422 0 0 0 0 0 0 0 0 0 422 top10new.ru 371 0 0 0 0 0 0 0 0 0 371 hjsgvnbfcgf.com 336 0 0 36 123 177 0 0 0 0 0 jhgvsnghsvg.com 313 0 1 30 117 164 0 0 0 0 1 dhgnvdbcfgf.com 302 0 1 37 111 153 0 0 0 0 0 suynghjfsngf.com 295 0 0 34 120 139 0 0 0 0 2 hygtjdfsfds.com 275 0 1 40 109 119 0 0 0 1 5 uysdgnhjgfh.com 274 0 0 30 110 128 0 0 0 0 6 wehjnsvcghfdg.com 262 0 0 39 102 119 0 0 0 0 2 jgswnhd.com 223 0 0 24 102 97 0 0 0 0 0 jdgsngdfgh.com 215 0 1 19 91 102 0 0 0 0 2 jdsgngyd.com 213 0 0 21 99 90 0 0 0 0 3 uficdgsnjgdg.com 190 0 0 25 74 91 0 0 0 0 0 dugnhdff.com 185 0 0 26 80 79 0 0 0 0 0 judgsyfdg.com 184 0 0 19 96 69 0 0 0 0 0 jdegngdfgh.com 184 0 0 23 80 79 0 0 0 0 2 cauen.com 174 0 0 0 0 0 172 2 0 0 0
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- __________________________________________________________________________ Out of clutter, find simplicity. From discord, find harmony. In the middle of difficulty, lies opportunity ~Albert Einstein Eva Kimathi
And using RBLs is not a walk in the park - if you do not actively monitor the logs! Sometimes they bite very hard. Just a heads-up! On 22 March 2013 11:14, Boniface <mboteb@gmail.com> wrote:
Are you using any RBL databases? They reduce the amount of spam your server recieves drastically. The good thing about RBL's is that the spam mails are rejected before processing. This saves the server alot of work.
/Boniface
On Fri, Mar 22, 2013 at 8:24 AM, george < theonlydamnedavailablename@gmail.com> wrote:
In my opinion, get a good service provider who can be your primary MX so that they can do the scanning on their end before forwarding to you, I am assuming your postfix receives directly from the Internet. Otherwise you can use spamassassin + mailscanner and numerous trials and errors. If you don't have the time, just pass it on to someone else who can do it better, it lets you work on your key competences. Sqyidguard and dansguardian are for web proxying, no?
George On Mar 22, 2013 7:21 AM, "Odhiambo Washington" <odhiambo@gmail.com> wrote:
I am an Exim guy so not the best advisor when it comes to Postfix, but what I suggest is finding a system to integrate into Postfix to enable it reject mail at SMTP time, not accepting it. The name of that system is left as an exercise for you.
On 21 March 2013 11:22, ndungu stephen <ndungustephen@gmail.com> wrote:
Hi gurus;
I am new to Postfix,Amavis,SpamAssassin ; spam mail have been filling up our server - filling up the hardisk, and queues with useless mail that seem to be from self spawning domains and email addresses.
This is preventing genuine email from functioning properly.
However, I followed instructions on the net to do "soft blacklisting" and "hard blacklisting" - but it does not seem to work.
I am assuming soft blacklisting gives an email a maximum number of hits before the address is given low priority and eventually blocked out. I also assumed hard blacklisting totally prevents a domain from sending email and filling up the queues.
What to do to stop these domains from sending emails permanently ?
---------- LOGS ----------
*Blacklisting Rules: *on /etc/mail/spamassassin/local.cf
blacklist_from t.co hotmail.com jhdgsndhj.com sgnbxhfghd.com hjsnbfg.com snybfhf.com 265kt.com 10t1v.com q9cho.com d10vx_.com jhdgsn dhj.com snybfhf.com djsnhdh.com hjndgsycfs.com jhgsnvdgh.com dhjgnsghfs.com sgnghfsg.com sgnhscgfs.com ucidgsnhcvds.com jhcgsngfdgh. com hydgsnhcvdsngh.com jhgsnhsxffg.com hycgndsgjfdg.com eungfyuds.com 2udfwnw.com
blacklist_to t.co hotmail.com jhdgsndhj.com snybfhf.com sgnbxhfghd.com hjsnbfg.com djsnhdh.com hjndgsycfs.com jhgsnvdgh.com dhjgnsgh fs.com sgnghfsg.com sgnhscgfs.com ucidgsnhcvds.com jhcgsngfdgh.com hydgsnhcvdsngh.com jhgsnhsxffg.com hycgndsgjfdg.com eungfyuds.com 2udfwnw.com
*Blacklisting Rules Global:* /etc/amavisd/amavisd.conf
@score_sender_maps = ({ # a by-recipient hash lookup table,
[ # the _first_ matching sender determines the score boost
new_RE( # regexp-type lookup table, just happens to be all soft-blacklist [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0], [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i => 5.0], [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i => 5.0], [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0], [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0], [qr'^(your_friend|greatoffers)@'i => 5.0], [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0], [qr'^(sex|fck)\d*@'i => -5.0], [qr'.*@\.*\.hotmail\.com$'i => -10.0], [qr'.*@\.*\.yahoo\.com$'i => -10.0], ),
This does not seem to work (see active queues) - always close to 20000 (saturation) with useless domains.
T 5 10 20 40 80 160 320 640 1280 1280+ TOTAL 19979 0 4 890 3237 3470 2085 140 51 5110 4992 yahoo.com 6803 0 0 222 925 536 942 37 0 2308 1833 eungfyuds.com 467 0 0 52 186 227 0 0 0 0 2 coldthree.ru 422 0 0 0 0 0 0 0 0 0 422 top10new.ru 371 0 0 0 0 0 0 0 0 0 371 hjsgvnbfcgf.com 336 0 0 36 123 177 0 0 0 0 0 jhgvsnghsvg.com 313 0 1 30 117 164 0 0 0 0 1 dhgnvdbcfgf.com 302 0 1 37 111 153 0 0 0 0 0 suynghjfsngf.com 295 0 0 34 120 139 0 0 0 0 2 hygtjdfsfds.com 275 0 1 40 109 119 0 0 0 1 5 uysdgnhjgfh.com 274 0 0 30 110 128 0 0 0 0 6 wehjnsvcghfdg.com 262 0 0 39 102 119 0 0 0 0 2 jgswnhd.com 223 0 0 24 102 97 0 0 0 0 0 jdgsngdfgh.com 215 0 1 19 91 102 0 0 0 0 2 jdsgngyd.com 213 0 0 21 99 90 0 0 0 0 3 uficdgsnjgdg.com 190 0 0 25 74 91 0 0 0 0 0 dugnhdff.com 185 0 0 26 80 79 0 0 0 0 0 judgsyfdg.com 184 0 0 19 96 69 0 0 0 0 0 jdegngdfgh.com 184 0 0 23 80 79 0 0 0 0 2 cauen.com 174 0 0 0 0 0 172 2 0 0 0
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
Hi all; Thanks for the suggestions. I will try each suggestion and see which one will reduce the Spam. Will update once successful as this may take a while. Meanwhile what we do is delete the queues (at the expense of losing genuine email) BR/ Stephen N.
do you have webmin? you can use it to query the queue and delete only suspicious addresses and spare the genuine ones On Fri, Mar 22, 2013 at 12:07 PM, ndungu stephen <ndungustephen@gmail.com>wrote:
Hi all;
Thanks for the suggestions. I will try each suggestion and see which one will reduce the Spam.
Will update once successful as this may take a while.
Meanwhile what we do is delete the queues (at the expense of losing genuine email)
BR/ Stephen N.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- __________________________________________________________________________ Out of clutter, find simplicity. From discord, find harmony. In the middle of difficulty, lies opportunity ~Albert Einstein Eva Kimathi
participants (7)
-
Boniface -
caroline mungai -
Eva Kimathi -
george -
kabiroz@yahoo.com -
ndungu stephen -
Odhiambo Washington