On Mon, Oct 13, 2008 at 6:05 PM, Justin Piszcz <[EMAIL PROTECTED]> wrote: > > > On Mon, 13 Oct 2008, Joey wrote: > >>> -----Original Message----- >>> From: Justin Piszcz [mailto:[EMAIL PROTECTED] >>> Sent: Monday, October 13, 2008 5:37 PM >>> To: Joey >>> Subject: RE: Finally blocking some spam >>> >>> What anti-spam measurements do you currently use? >>> >>> What does your main.cf look like? >> >> (Snip) >> >> reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client >> psbl.surriel.com, reject_rbl_client ix.dnsbl.manitu.net, >> check_recipient_access hash:/etc/postfix/filtered_domains >> smtpd_restriction_classes = from_freemail_host >> soft_bounce = no >> strict_rfc821_envelopes = yes >> transport_maps = hash:/etc/postfix/transport, >> hash:/etc/postfix/transport_bounce >> unknown_address_reject_code = 554 >> unknown_client_reject_code = 554 >> unknown_hostname_reject_code = 554 >> unknown_local_recipient_reject_code = 550 >> >> > > 1. You are not using rhsbls, which can be HIGHLY valuable, at the helo, > sender > and client level.
Which are still working and accurate enough to block with? I had kind of given up on these for blocking and moved them all into SA scoring rules. I'm interested to know anyone's recent experiences. > 2. Where are your spf checks? > 3. Do you use greylisting? It can help significantly! > 4. Do you use the SBL DROP list as part of a CIDR reject list? Look it up > on google. > 5. Do you perform backscatter checks for email from <>, MAIL-DAEMON, etc? > 6. You should also look into www.policyd-weight.org, a great anti-spam > policy server! > 7. You can also use SAV but look/read around there is a specific list of > domains out there that you can use it for that is relatively safe. > 8. Install fail2ban, you can add regexp to block (firewall) automatically > on X number of blocks by a certain IP address via rbl, rhsbl, etc. > > I think you can do a lot better if you implement these suggestions vs. > blocking > by country. > > Justin. > >
