Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] state of the art filtering
- Date: Tue, 16 Mar 2010 11:34:55 +0100
- From: Tobias Diedrich <ranma@example.com>
- Subject: Re: [tlug] state of the art filtering
- References: <20100316092524.c153a4a9.attila@example.com> <4B9F4C11.90806@example.com>
- User-agent: Mutt/1.5.18 (2008-05-17)
Lewske Wada wrote: > Attila Kinali wrote: > > I don't use grey listing or TMDA as i deem their > > disadvantages higher than their benefit. I stopped using greylisting on my personal domain as it annoys me when I sign up for some forum or something and then have to wait for the mail server retry. On another server I'm still using greylisting, but that one is mostly mailing lists and no personal mail accounts. Would be interesting to check the logs and see how big the percentage of mail servers that didn't come back after being denied by greylisting really is... Traffic is rather small though: date received delivered deferred bounced rejected -------------------------------------------------------------------- Mar 15 2010 91 44 15 3 2431 Mar 16 2010 17 2 6 1 1352 Rejection percentage is about 98%. Compared to that on my personal domain its 58%: date received delivered deferred bounced rejected Mar 14 2010 402 271 2 0 263 Mar 15 2010 829 413 1 0 701 Mar 16 2010 256 127 0 0 215 > > What do you guys use? And do you have any recomendations > > to improve the setup above? > > > It depends on the kind of your SMTP server. > When I was using Postfix, I used to be directly editing > "/etc/postfix/header_checks" file to add addresses and subjects > that are suspicious using regular expressions and it worked great. > > For some malicious cases, you need to also add an expression > matching the body part in "/etc/postfix/body_checks". body_checks is also neat to catch spam backscatter to mailing lists. There shouldn't be any valid use of the ml address as envelope sender. /^[ |>]*Return-[pP]ath: <?(list1|list2|list3)@(domain1|domain2)\.tld>?/ REJECT Faked Return-Path in message body /^[ |>]*From: .*<?(list1|list2|list3)@(domain1|domain2)\.tld>?/ REJECT Faked From in message body and in header_checks I have ## must be last two matches /^Message-ID: <..*@example.com>/ DUNNO /^Message-ID: .*/ REJECT Invalid Message-ID -- Tobias PGP: http://8ef7ddba.uguu.de
- Follow-Ups:
- Re: [tlug] state of the art filtering
- From: Tobias Diedrich
- Re: [tlug] state of the art filtering
- References:
- [tlug] state of the art spam filtering
- From: Attila Kinali
- Re: [tlug] state of the art spam filtering
- From: Lewske Wada
- [tlug] state of the art spam filtering
- Prev by Date: Re: [tlug] state of the art spam filtering
- Next by Date: Re: [tlug] state of the art spam filtering
- Previous by thread: Re: [tlug] state of the art spam filtering
- Next by thread: Re: [tlug] state of the art filtering
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |