On Mon, Jan 4, 2010 at 5:44 PM, Steve <steeeeev...@gmx.net> wrote: > > -------- Original-Nachricht -------- >> Datum: Mon, 4 Jan 2010 17:40:29 -0500 >> Von: Roman Gelfand <rgelfa...@gmail.com> >> An: Steve <steeeeev...@gmx.net> >> CC: postfix-users@postfix.org >> Betreff: Re: anti spam measures > >> Well, it looks like, perhaps, I found the missing link. After adding >> s25r rules and HELO response verification in main.cf, no spam has >> siped through. >> >> I think that mostly it was HELO response verification that did it. >> BTW, is there a reason not block emails with incorrect HELO response? >> > Yes! Probably half of the sending MTA's out there have issues with setting > proper HELO/EHLO. I would not block them per default but use your already > installed policyd-weight and add a higher score to wrong HELO/EHLO (but the > default in policyd-weight should be already okay).
I am a bit surprised at your response. I would have expected you to say, a MTA which ignores basic basic configuration rules doesn't deserve that it's mail should be accepted. In fact, this is the way I feel about this. > > >> Thanks >> > Steve > > >> On Mon, Jan 4, 2010 at 5:30 PM, Steve <steeeeev...@gmx.net> wrote: >> > >> > -------- Original-Nachricht -------- >> >> Datum: Mon, 04 Jan 2010 23:20:04 +0100 >> >> Von: mouss <mo...@ml.netoyen.net> >> >> An: postfix-users@postfix.org >> >> Betreff: Re: anti spam measures >> > >> >> Steve a écrit : >> >> > -------- Original-Nachricht -------- >> >> >> Datum: Sun, 03 Jan 2010 23:37:18 +0100 >> >> >> Von: mouss <mo...@ml.netoyen.net> >> >> >> An: postfix users list <postfix-users@postfix.org> >> >> >> Betreff: Re: anti spam measures >> >> > >> >> >> Roman Gelfand a écrit : >> >> >>> I am running postfix with anti spam filter (policyd-weight, >> sqlgrey, >> >> >>> grossd, dkim, senderid-milter, dspam) . With this configuration, >> I am >> >> >>> down to under 10 spams a day. Looking at my backend server which >> is >> >> >>> exchange 2007, I find that all of the remaining spam messages have >> >> >>> spam confidence level of 7 or greater, which implies this is >> blatant >> >> >>> spam. Is there spam filter software software that works with >> postfix >> >> >>> that can perform checks similar to that of exchange 2007 spam >> >> >>> confidence level? >> >> >>> >> >> >> we can't really tell since we didn't see the messages that made it >> >> >> through postfix+friends. >> >> >> >> >> >> if the messages contained a URI listed at uribl or surbl, then you >> >> could >> >> >> try using uribl/surbl via milter-link or via spamassassin (via >> >> >> amavisd-new). >> >> >> >> >> >> anyway, You can add spamassassin (via amavisd-new) to your chain and >> >> see >> >> >> if it improves your filtering. >> >> >> >> >> > I am for sure one of the people that should keep his mouth shut since >> I >> >> have a to strong bias but SpamAssassin? Why? He is using DSPAM and if I >> >> would purpose him another free solution then only something like CMR114 >> or >> >> OSBF-Lua. >> >> > >> >> >> >> because I don't believe he will improve his filtering by adding more >> >> statistical filters (I think: if this was true, he can improve by >> better >> >> training/tuning of dspam). >> >> >> > Correct. >> > >> > >> >> In contrsat, adding a finely tuned heuristic >> >> filter will certainly improve his results. >> >> >> > True. >> > >> > >> >> one example: Justin Mason anti-fraud rules (JM_SOUGHT*) will block >> fraud >> >> mail that you can't block statistically (because you don't get enough >> of >> >> it to train a statistical filter). unless if you are a large ISP/MSP >> >> with users who report fraud mail quickly and you train your filter with >> >> these reports quickly. >> >> >> > Or you use other ways to filter them out (not statistically). >> > >> > >> >> other examples include: URIBL rules (granted, you can use milter-link), >> >> DNSxL rules applied to Received headers (mail that is "touched" by a >> >> host in Spamhaus SBL is unwanted!)... >> >> >> >> Once again, I said "add spamassassin" not replace dspam. This is >> because >> >> OP wanted to block "more". but adding SA in a way that improves his >> >> results is not effort free. which is why I said: >> >> >> > Right. >> > >> > >> >> > >> >> >> at one time, the question becomes: is the additional effort worth >> the >> >> >> pain? >> >> >> >> >> > Good question. >> >> >> >> I personally am from the school of access control before content >> >> filtering. >> >> >> > Me too :) >> > >> > >> >> so I don't feel comfortable arguing for SA vs dspam vs >> >> foofilter. >> >> >> > As I wrote before: I am to biased in that topic so I am not going to >> argue either. >> > -- >> > GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! >> > Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 >> > > > -- > GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! > Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 >
