[Rack] Mail spam controls.
Ben Kochie
ben at nerp.net
Mon Apr 23 20:01:46 UTC 2012
It looks like someone broke postfix:
Apr 23 08:08:55 m1 postfix/smtpd[1775]: fatal: open database /etc/postfix/sender_access.db: No such file or directory
Apr 23 08:08:56 m1 postfix/master[5827]: warning: process /usr/lib/postfix/smtpd pid 1775 exit status 1
Fixed with postmap hash:sender_access
-ben
On Sun, 22 Apr 2012, Jonathan Lassoff wrote:
> Every list admin is thanking you right about now.
>
> Hopefully this cuts down on the moderation queue spam significantly.
>
> --j
>
> On Sun, Apr 22, 2012 at 11:55 AM, Ben Kochie <ben at nerp.net> wrote:
>> Looks like it's working:
>>
>> Apr 22 06:49:19 m1 postfix/smtpd[12007]: NOQUEUE: reject: RCPT from
>> 84-10-132-190.dynamic.chello.pl[84.10.132.190]: 554 5.7.1 Service
>> unavailable; Client host [84.10.132.190] blocked using zen.spamhaus.org;
>> http://www.spamhaus.org/query/bl?ip=84.10.132.190;
>> from=<abdullahi at wjadserver.com> to=<rack at lists.noisebridge.net>
>> proto=ESMTP helo=<84-10-132-190.dynamic.chello.pl>
>>
>> Apr 22 09:05:09 m1 postfix/smtpd[20716]: NOQUEUE: reject: RCPT from
>> unknown[218.156.232.162]: 554 5.7.1 Service unavailable; Client host
>> [218.156.232.162] blocked using zen.spamhaus.org;
>> http://www.spamhaus.org/query/bl?ip=218.156.232.162;
>> from=<dunningl9 at deltamar.net> to=<rack at lists.noisebridge.net> proto=ESMTP
>> bhelo=<kdn.ktguide.com>
>>
>>
>> -ben
>>
>> On Sat, 21 Apr 2012, Ben Kochie wrote:
>>
>>> I'm going to change the mail filter rules on noisebridge.net to better
>>> control the inbound spam.
>>>
>>> From:
>>> smtpd_recipient_restrictions =
>>> permit_mynetworks,
>>> reject_unauth_destination,
>>> check_sender_access hash:/etc/postfix/sender_access
>>>
>>> To:
>>> smtpd_recipient_restrictions =
>>> permit_mynetworks,
>>> reject_unauth_destination,
>>> check_sender_access hash:/etc/postfix/sender_access,
>>> reject_invalid_hostname,
>>> reject_non_fqdn_sender,
>>> reject_non_fqdn_recipient,
>>> reject_unknown_sender_domain,
>>> reject_unknown_recipient_domain,
>>> reject_rbl_client zen.spamhaus.org,
>>> reject_rbl_client cbl.abuseat.org,
>>> reject_rbl_client dnsbl-1.uceprotect.net,
>>> permit
>>>
>>> The key two changes here are to reject mails with common RFC violations,
>>> and then check 3 reliable blacklists.
>>>
>>> This should reduce the junk in our moderation queues.
>>>
>>> I'm also considering enabling greylist filtering. But let's see how these
>>> changes go.
>>>
>>> -ben
>>> _______________________________________________
>>> Rack mailing list
>>> Rack at lists.noisebridge.net
>>> https://www.noisebridge.net/mailman/listinfo/rack
>>>
>> _______________________________________________
>> Rack mailing list
>> Rack at lists.noisebridge.net
>> https://www.noisebridge.net/mailman/listinfo/rack
>
More information about the Rack
mailing list