-------- Original-Nachricht -------- > Datum: Mon, 4 Jan 2010 18:08:39 -0500 > Von: Roman Gelfand <rgelfa...@gmail.com> > An: Steve <steeeeev...@gmx.net> > CC: postfix-users@postfix.org > Betreff: Re: anti spam measures
> On Mon, Jan 4, 2010 at 5:44 PM, Steve <steeeeev...@gmx.net> wrote: > > > > -------- Original-Nachricht -------- > >> Datum: Mon, 4 Jan 2010 17:40:29 -0500 > >> Von: Roman Gelfand <rgelfa...@gmail.com> > >> An: Steve <steeeeev...@gmx.net> > >> CC: postfix-users@postfix.org > >> Betreff: Re: anti spam measures > > > >> Well, it looks like, perhaps, I found the missing link. After adding > >> s25r rules and HELO response verification in main.cf, no spam has > >> siped through. > >> > >> I think that mostly it was HELO response verification that did it. > >> BTW, is there a reason not block emails with incorrect HELO response? > >> > > Yes! Probably half of the sending MTA's out there have issues with > setting proper HELO/EHLO. I would not block them per default but use your > already installed policyd-weight and add a higher score to wrong HELO/EHLO > (but > the default in policyd-weight should be already okay). > > I am a bit surprised at your response. I would have expected you to > say, a MTA which ignores basic basic configuration rules doesn't > deserve that it's mail should be accepted. In fact, this is the way I > feel about this. > Roman. I do messaging since ages (I did messaging on the mainframe where sending electronic mail was still a miracle) and my personal opinion does not count. The reality out there is not so black/withe as you might think. There are a gazillion of MTAs that are wrong configured and use wrong HELO/EHLO. If you have the luxury that you can drop/reject those one that have wrong HELO/EHLO then do it. I can't. At least not without a negative impact for my customers. It's +/- like saying any page on the web that does not pass the W3C HTML/XHTML validation does not deserve to be displayed. You can imagine that a lot of them will fail. And so it is with SMTP. Some mail operators out there are forced to use MTAs that are broken and they are not in the position to update/upgrade/change the software (for whatever reason) and you would punish them just for one single (small) issue like wrong HELO/EHLO? I find this pretty hard. (okay, okay. I am *jealous* that you have that luxury). As I said before: Use a weighted calculation if you can and give a score to wrong HELO/EHLO but don't just drop/reject mails from wrong configured MTAs. The only drop/reject that I do regarding HELO/EHLO is if the remote client is claiming to be my server or my IP. Then I reject but other then that I give them a score for wrong HELO/EHLO and that's it. > > > > > >> Thanks > >> > > Steve > > > > > >> On Mon, Jan 4, 2010 at 5:30 PM, Steve <steeeeev...@gmx.net> wrote: > >> > > >> > -------- Original-Nachricht -------- > >> >> Datum: Mon, 04 Jan 2010 23:20:04 +0100 > >> >> Von: mouss <mo...@ml.netoyen.net> > >> >> An: postfix-users@postfix.org > >> >> Betreff: Re: anti spam measures > >> > > >> >> Steve a écrit : > >> >> > -------- Original-Nachricht -------- > >> >> >> Datum: Sun, 03 Jan 2010 23:37:18 +0100 > >> >> >> Von: mouss <mo...@ml.netoyen.net> > >> >> >> An: postfix users list <postfix-users@postfix.org> > >> >> >> Betreff: Re: anti spam measures > >> >> > > >> >> >> Roman Gelfand a écrit : > >> >> >>> I am running postfix with anti spam filter (policyd-weight, > >> sqlgrey, > >> >> >>> grossd, dkim, senderid-milter, dspam) . With this > configuration, > >> I am > >> >> >>> down to under 10 spams a day. Looking at my backend server > which > >> is > >> >> >>> exchange 2007, I find that all of the remaining spam messages > have > >> >> >>> spam confidence level of 7 or greater, which implies this is > >> blatant > >> >> >>> spam. Is there spam filter software software that works with > >> postfix > >> >> >>> that can perform checks similar to that of exchange 2007 spam > >> >> >>> confidence level? > >> >> >>> > >> >> >> we can't really tell since we didn't see the messages that made > it > >> >> >> through postfix+friends. > >> >> >> > >> >> >> if the messages contained a URI listed at uribl or surbl, then > you > >> >> could > >> >> >> try using uribl/surbl via milter-link or via spamassassin (via > >> >> >> amavisd-new). > >> >> >> > >> >> >> anyway, You can add spamassassin (via amavisd-new) to your chain > and > >> >> see > >> >> >> if it improves your filtering. > >> >> >> > >> >> > I am for sure one of the people that should keep his mouth shut > since > >> I > >> >> have a to strong bias but SpamAssassin? Why? He is using DSPAM and > if I > >> >> would purpose him another free solution then only something like > CMR114 > >> or > >> >> OSBF-Lua. > >> >> > > >> >> > >> >> because I don't believe he will improve his filtering by adding more > >> >> statistical filters (I think: if this was true, he can improve by > >> better > >> >> training/tuning of dspam). > >> >> > >> > Correct. > >> > > >> > > >> >> In contrsat, adding a finely tuned heuristic > >> >> filter will certainly improve his results. > >> >> > >> > True. > >> > > >> > > >> >> one example: Justin Mason anti-fraud rules (JM_SOUGHT*) will block > >> fraud > >> >> mail that you can't block statistically (because you don't get > enough > >> of > >> >> it to train a statistical filter). unless if you are a large ISP/MSP > >> >> with users who report fraud mail quickly and you train your filter > with > >> >> these reports quickly. > >> >> > >> > Or you use other ways to filter them out (not statistically). > >> > > >> > > >> >> other examples include: URIBL rules (granted, you can use > milter-link), > >> >> DNSxL rules applied to Received headers (mail that is "touched" by a > >> >> host in Spamhaus SBL is unwanted!)... > >> >> > >> >> Once again, I said "add spamassassin" not replace dspam. This is > >> because > >> >> OP wanted to block "more". but adding SA in a way that improves his > >> >> results is not effort free. which is why I said: > >> >> > >> > Right. > >> > > >> > > >> >> > > >> >> >> at one time, the question becomes: is the additional effort worth > >> the > >> >> >> pain? > >> >> >> > >> >> > Good question. > >> >> > >> >> I personally am from the school of access control before content > >> >> filtering. > >> >> > >> > Me too :) > >> > > >> > > >> >> so I don't feel comfortable arguing for SA vs dspam vs > >> >> foofilter. > >> >> > >> > As I wrote before: I am to biased in that topic so I am not going to > >> argue either. > >> > -- > >> > GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! > >> > Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 > >> > > > > > -- > > GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! > > Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 > > -- GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
