Do not forward spam
Hi, i'm having problems with spam forwarding - lot's of our users enabled forwarding to gmail and every spam they receive is also forwarded. Today gmail block us because of spam (which we were just forwarding, not sending). Any tips how can i disable forwarding in case of a spam (for example, when message has X-Spam-Status: Yes) ? Thanks. azur
Re: Do not forward spam
Am 20.09.2013 16:42, schrieb azurIt: > Hi, > > i'm having problems with spam forwarding - lot's of our users enabled > forwarding to gmail and every spam they receive is also forwarded. Today > gmail block us because of spam (which we were just forwarding, not sending). > Any tips how can i disable forwarding in case of a spam (for example, when > message has X-Spam-Status: Yes) ? Thanks. > > azur > you should reject and/or filter ( quarantaine ) incomming spam at incomming smtp stage what about using clamav-milter with sane-security antispam signatures and/or spamass-milter, perhaps amavis-milter Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Do not forward spam
On Fri, Sep 20, 2013 at 10:42 AM, azurIt wrote: > Hi, > > i'm having problems with spam forwarding - lot's of our users enabled > forwarding to gmail and every spam they receive is also forwarded. Today > gmail block us because of spam (which we were just forwarding, not > sending). Any tips how can i disable forwarding in case of a spam (for > example, when message has X-Spam-Status: Yes) ? Thanks. > > azur > As a first line of defence, maybe use postscreen to cut down the spam before it reaches smtpd ? The postscreen documentation (http://www.postfix.org/POSTSCREEN_README.html) mentions four layers of defence, if you have some of that implemented, or all of it, you would be able to cut down on your incoming spam, before anything gets forwarded to Google or any other place. cheers, mehul -- Mehul N. Sanghvi email: mehul.sang...@gmail.com
Re: Do not forward spam
Am 20.09.2013 19:31, schrieb azurIt: > I don't believe in rejecting e-mails based on spam checks - there are and > always be false positives. I will rather accept 100 spams than reject single > legitimate e-mail message. ok ,so why cry about your own decisions ? Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Do not forward spam
azurIt wrote: > I don't believe in rejecting e-mails based on spam checks - there are and > always be false positives. I will rather accept 100 spams than reject single > legitimate e-mail message. Spam volume these days is such that accepting, processing, and storing **all** mail is becoming more and more unworkable, especially with a situation like you're asking about where that stream of garbage is forwarded out of your system to a system that *does* reject some volume of spam (or blocks your system outright if you send them too much spam). Depending on how you count, we reject anywhere from 50% to 90% of our total mail volume based on a Spamhaus lookup. Aside from an incident where a Postini netblock got listed for a little while, I don't think I recall *any* false positives over several years. To more directly answer your original question, it would help if you posted an overview of your mail flow. It sounds like your forwarding is done via alias rather than .forward or some similar processing on final local delivery; choosing a different place for your forwarding may help cut the volume of forwarded spam. -kgd
Re: Do not forward spam
Am 20.09.2013 18:12, schrieb azurIt: > Blocking emails based on spam filters are always wrong. Spam recognition will > NEVER be 100%, there are always false positives. We are accepting all emails > and filter them after. I just need to tell Postfix to NOT forward particular > messages and only deliver them locally (for example, as mentioned before, > based on headers). > > azur you might use amavis-new with quarantaine, so you might inspect suspicious mails by human admins or the users themselfs for release or reject, after all, my false postives rate with clamav/spamass milter is nearly null ,about 1 users , so thats good enough in real, if really something goes wrong ( mail bounced at smtp income stage), sender may contact postmaster ( configure some contact in the bounce notice ) fix the problem Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Do not forward spam
>On Sep 20, 2013, at 18:21, azurIt wrote: > >>> CC: postfix-users@postfix.org >>> On Fri, Sep 20, 2013 at 10:42 AM, azurIt wrote: >>> Hi, i'm having problems with spam forwarding - lot's of our users enabled forwarding to gmail and every spam they receive is also forwarded. Today gmail block us because of spam (which we were just forwarding, not sending). Any tips how can i disable forwarding in case of a spam (for example, when message has X-Spam-Status: Yes) ? Thanks. azur >>> >>> As a first line of defence, maybe use postscreen to cut down the spam >>> before it reaches smtpd ? >>> >>> The postscreen documentation (http://www.postfix.org/POSTSCREEN_README.html) >>> mentions four layers of defence, if you have some of that implemented, or >>> all of it, you would be able to cut down on your incoming spam, before >>> anything gets forwarded to Google or any other place. >> >> Looks fine but i NEED to deliver also spams locally, i just don't want to >> forward them away. > > >No one 'needs' to deliver spam locally. On a properly configured system, the >vast majority of spam bounces off the before-queue defenses, and never reaches >the stage where a decision about forwarding or local storage needs to be made. >If you are running into trouble with Gmail it is quite likely that you are >accepting too much garbage from bots and zombies. > >This is a problem you should solve at the earliest possible stage, which is >where postscreen comes in. Read the documentation again, and understand why it >should be part of your defenses. > >If you think your problem can be solved using header checks, read the >appropriate documentation; > >http://www.postfix.org/header_checks.5.html > >But really, start by cutting down on what you accept. I don't believe in rejecting e-mails based on spam checks - there are and always be false positives. I will rather accept 100 spams than reject single legitimate e-mail message.
Re: Do not forward spam
On Sep 20, 2013, at 18:12, azurIt wrote: >> On 2013-09-20 09:42, azurIt wrote: >>> i'm having problems with spam forwarding - lot's of our users enabled >>> forwarding to gmail and every spam they receive is also forwarded. >>> Today gmail block us because of spam (which we were just forwarding, >>> not sending). Any tips how can i disable forwarding in case of a spam >>> (for example, when message has X-Spam-Status: Yes) ? Thanks. >> >> You may first want to look at why you are receiving the spam in the >> first place and not rejecting it. There are many ways to fight this, >> much of which will come down to what your policies are regarding >> rejecting mail, false positives, etc. >> >> You could always turn off the ability of your users to forward mail to >> other services, problem solved. > > This is not an option, we are offering commercial services and users demands > this feature. Gmail offers POP3 retrieval, which is a perfectly servicable option if users DEMAND every spam message, plus forwarding. > Blocking emails based on spam filters are always wrong. Spam recognition will > NEVER be 100%, there are always false positives. We are accepting all emails > and filter them after. I just need to tell Postfix to NOT forward particular > messages and only deliver them locally (for example, as mentioned before, > based on headers). Has it occurred to you that the reason lots of your users enable forwarding to Gmail may be the fact that you accept everything? And that they are essentially using Gmail as the spam filter they need because of this? You are creating this problem yourself. No spam filtering is 100% without false positives, but properly configured before-queue defenses generally cut out ~90% of the garbage you get from bots and zombies. Or more, depending on how tight of a ship you can afford to run. It also presents a traceable error path to any senders that may be caught with their pants down because of configuration issues, compromised systems and what have you. This means that anything that actually reaches the stage where you decide whether to store or forward is about 10% of what you are accepting now, and much less likely to cause trouble with forwarding. If you must do your own thing, figure out how to use the quarantine features of your chosen content filtering software, and do forwarding from there based on rules you specify. Or dig into the Postfix documentation and figure out how you might achieve what you are after without backscattering, or discarding mail. Mvg, Joni
Re: Do not forward spam
>On 2013-09-20 09:42, azurIt wrote: >> i'm having problems with spam forwarding - lot's of our users enabled >> forwarding to gmail and every spam they receive is also forwarded. >> Today gmail block us because of spam (which we were just forwarding, >> not sending). Any tips how can i disable forwarding in case of a spam >> (for example, when message has X-Spam-Status: Yes) ? Thanks. > >You may first want to look at why you are receiving the spam in the >first place and not rejecting it. There are many ways to fight this, >much of which will come down to what your policies are regarding >rejecting mail, false positives, etc. > >You could always turn off the ability of your users to forward mail to >other services, problem solved. This is not an option, we are offering commercial services and users demands this feature. >If you absolutely must be able to forward mail, then you will want to >work with Google so they understand what you are doing, and allow this >mail to pass without blocking your system. But I would still work on >blocking the spam from being received in the first place. Blocking emails based on spam filters are always wrong. Spam recognition will NEVER be 100%, there are always false positives. We are accepting all emails and filter them after. I just need to tell Postfix to NOT forward particular messages and only deliver them locally (for example, as mentioned before, based on headers). azur
Re: Do not forward spam
> CC: postfix-users@postfix.org >On Fri, Sep 20, 2013 at 10:42 AM, azurIt wrote: > >> Hi, >> >> i'm having problems with spam forwarding - lot's of our users enabled >> forwarding to gmail and every spam they receive is also forwarded. Today >> gmail block us because of spam (which we were just forwarding, not >> sending). Any tips how can i disable forwarding in case of a spam (for >> example, when message has X-Spam-Status: Yes) ? Thanks. >> >> azur >> > > >As a first line of defence, maybe use postscreen to cut down the spam >before it reaches smtpd ? > >The postscreen documentation (http://www.postfix.org/POSTSCREEN_README.html) >mentions four layers of defence, if you have some of that implemented, or >all of it, you would be able to cut down on your incoming spam, before >anything gets forwarded to Google or any other place. Looks fine but i NEED to deliver also spams locally, i just don't want to forward them away.
Re: Do not forward spam
Am 20.09.2013 18:12, schrieb azurIt: > Blocking emails based on spam filters are always wrong says who? > Spam recognition will NEVER be 100% nothing will 100%, nowehere > there are always false positives yes, and there are some 100 times more spam > We are accepting all emails and filter them after than accept that you are considered as a spammer and backscatter > I just need to tell Postfix to NOT forward particular messages no, you need to realize that they way you are acting you are considered as spammer for good reasons and the wrong handling accepting anything is nothing postfix can fix after that
Re: Do not forward spam
>Am 20.09.2013 19:31, schrieb azurIt: >> I don't believe in rejecting e-mails based on spam checks - there are and >> always be false positives. I will rather accept 100 spams than reject single >> legitimate e-mail message. > >ok ,so why cry about your own decisions ? Where exacly i was 'crying'? I was just friendly ASKING, if Postfix is able to _not_ forward a message based on it's headers.
Re: Do not forward spam
>azurIt wrote: > >> I don't believe in rejecting e-mails based on spam checks - there are and >> always be false positives. I will rather accept 100 spams than reject single >> legitimate e-mail message. > >Spam volume these days is such that accepting, processing, and storing >**all** mail is becoming more and more unworkable, especially with a >situation like you're asking about where that stream of garbage is >forwarded out of your system to a system that *does* reject some volume >of spam (or blocks your system outright if you send them too much spam). > >Depending on how you count, we reject anywhere from 50% to 90% of our >total mail volume based on a Spamhaus lookup. Aside from an incident >where a Postini netblock got listed for a little while, I don't think I >recall *any* false positives over several years. > >To more directly answer your original question, it would help if you >posted an overview of your mail flow. It sounds like your forwarding is >done via alias rather than .forward or some similar processing on final >local delivery; choosing a different place for your forwarding may help >cut the volume of forwarded spam. Thank you for a first post which tries to answer my original question. I'm doing forwards with 'virtual_alias_maps'. I will be, probably, able to implement all forwarding features of postfix with, for example, maildrop but it will be really lots of work. But it's a good idea anyway, thanks. azur
Re: Do not forward spam
On Fri, Sep 20, 2013 at 10:03:32PM +0200, azurIt wrote: > >>> On 2013-09-20 09:42, azurIt wrote: > i'm having problems with spam forwarding - lot's of our users > enabled forwarding to gmail and every spam they receive is > also forwarded. Today gmail block us because of spam (which we > were just forwarding, not sending). Any tips how can i disable snip > One note to all fans of 'spam filters rejecting' here: Did you even > notice that NO ONE of big e-mail providers are rejecting messages > based on standard spam filter techniques? Google, Yahoo, Microsoft, > AT&T, ... No one is doing it, most of them have developed their own No, I have not noticed that. Neither have you! You have noticed, at the top of this thread, that gmail is rejecting you! On the contrary, I have noticed that every major receiver has some sort of pre-DATA filtering rules. I have noticed, when a server for which I was responsible was listed on Spamhaus PBL or XBL, that I wasn't delivering much of my mail at all. Every major site was subject to delivery problems. I've personally known Microsoft to accept and discard non-spam mail. I've heard about Google doing the same. > filtering systems and you must be really big spammer to be blocked > permanently. The best of them is Google, just try their filters and > you will see (even blocking which was used to us was targeted only > to particular messages). When my server's reverse DNS failed (blame my former colo provider, not me), gmail rejected everything I sent. You apparently have little experience with real-world email. Your "quarantine, don't reject" ideals simply will not work for many sites. I've told before of a heavily-spammed small business domain I began hosting in 2005. The office manager, who was supposed to go through the email and print the important ones out for the boss, could literally do nothing else all day. Delete, delete, delete ... hours on end. Almost through the inbox? Oops, it's time to go home! I got her 8+ hour email sorting job down to about a half hour, by using sane and reasonable spam blocking techniques. Once one of her correspondents' mail host got listed on Spamhaus XBL, and sure enough, we rejected that mail. The sender got a bounce and knew that the mail didn't get through. So the sender called to ask. See, it's a whole lot better for interoperability in the days of 90%+ traffic being spam and abuse to reject mail than to tuck it away in a deep, dark quarantine where no one will ever have time to look. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Re: Do not forward spam
On 2013-09-20 09:42, azurIt wrote: i'm having problems with spam forwarding - lot's of our users enabled forwarding to gmail and every spam they receive is also forwarded. Today gmail block us because of spam (which we were just forwarding, not sending). Any tips how can i disable forwarding in case of a spam (for example, when message has X-Spam-Status: Yes) ? Thanks. You may first want to look at why you are receiving the spam in the first place and not rejecting it. There are many ways to fight this, much of which will come down to what your policies are regarding rejecting mail, false positives, etc. You could always turn off the ability of your users to forward mail to other services, problem solved. If you absolutely must be able to forward mail, then you will want to work with Google so they understand what you are doing, and allow this mail to pass without blocking your system. But I would still work on blocking the spam from being received in the first place.
Re: Do not forward spam
/dev/rob0: > No, I have not noticed that. Neither have you! You have noticed, at > the top of this thread, that gmail is rejecting you! The way I read his request is that he wants to forward non-spam only, and is looking for a Postfix solution that supports this. The best proposal I can come up with is a Milter that triggers on headers added by has spam filter, and that adds a second recipient only if the mail does not appear to be spam. Wietse
Re: Do not forward spam
Am 20.09.2013 22:10, schrieb azurIt: >> Am 20.09.2013 22:03, schrieb azurIt: >>> One note to all fans of 'spam filters rejecting' here: Did you even notice >>> that >>> NO ONE of big e-mail providers are rejecting messages based on standard >>> spam filter techniques? >>> Google, Yahoo, Microsoft, AT&T, ... No one is doing it, most of them have >>> developed their own >>> filtering systems and you must be really big spammer to be blocked >>> permanently. >>> The best of them is Google, just try their filters and you will see (even >>> blocking which >>> was used to us was targeted only to particular messages) >> >> that must be why you started this with "Today gmail block us because of spam >> (which we were >> just forwarding, not sending)" :-) >> > Please read my whole message. Thank you i did - but you still refuse to understand that *any* well implemented spam filter based on content also filters and rejects *pre queue* - nobody but you does accept *any* message and in many countries filter and delete spam *after* accept it from the sender even is not permitted by law *any* serious spam filter REJECTS at SMTP level because it is the only way the sender knows it was filtered while not be a backscatter because the *sending server* is generating the bounce with the rejct message of the final destination and if it was a professional spammer he will supress it and not read the reject message at all here you go: http://www.postfix.org/SMTPD_PROXY_README.html BTW: avoid to look answering yourself by quoting because you cut the poster you refer
Re: Do not forward spam
> CC: postfix-users@postfix.org >azurIt: >> I was just friendly ASKING, if Postfix is able to _not_ forward a >> message based on it's headers. > >Assumung that these headers are added by a spam filter, this would >require a Milter plugin that examines messages after your spam >filter, and that dynamically adds a forwarding address to the message >envelope (i.e. in addition to the existing local mailbox address). > >Milters can be implemented in a variety of languages including >Perl and Python. If all they do is inspect message headers, then >the performance impact should be limited. Thank you, i will consider this.
Re: Do not forward spam
Am 20.09.2013 22:03, schrieb azurIt: > One note to all fans of 'spam filters rejecting' here: Did you even notice > that > NO ONE of big e-mail providers are rejecting messages based on standard spam > filter techniques? > Google, Yahoo, Microsoft, AT&T, ... No one is doing it, most of them have > developed their own > filtering systems and you must be really big spammer to be blocked > permanently. > The best of them is Google, just try their filters and you will see (even > blocking which > was used to us was targeted only to particular messages) that must be why you started this with "Today gmail block us because of spam (which we were just forwarding, not sending)" :-)
Re: Do not forward spam
On 2013-09-20 1:31 PM, azurIt wrote: I don't believe in rejecting e-mails based on spam checks Then don't allow blanket forwarders, or just accept it when someone blocks you for good cause because of your silly decisions. - there are and always be false positives. For CONTENT filter based spam checks, yes, certainly, but there are a ton of NON-CONTENT pre-queue anti-spam checks that will block or reject 90-95%+ of the garbage with a FP rate of as close to 100% as you can get, the best of which are available in postscreen. Failure to take advantage of such options is just plain foolish. I will rather accept 100 spams than reject single legitimate e-mail message. Would you rather accept 1000 spams than reject one legitimate message? 10,000? A million? If someone is using a server that is spewing out spam, I am absolutely happy to reject their LEGITIMATE mail unless/until they fix their server, as should anyone. -- Best regards, */Charles/*
Re: Do not forward spam
azurIt: > I was just friendly ASKING, if Postfix is able to _not_ forward a > message based on it's headers. Assumung that these headers are added by a spam filter, this would require a Milter plugin that examines messages after your spam filter, and that dynamically adds a forwarding address to the message envelope (i.e. in addition to the existing local mailbox address). Milters can be implemented in a variety of languages including Perl and Python. If all they do is inspect message headers, then the performance impact should be limited. Wietse
Re: Do not forward spam
>>> On 2013-09-20 09:42, azurIt wrote: i'm having problems with spam forwarding - lot's of our users enabled forwarding to gmail and every spam they receive is also forwarded. Today gmail block us because of spam (which we were just forwarding, not sending). Any tips how can i disable forwarding in case of a spam (for example, when message has X-Spam-Status: Yes) ? Thanks. >>> >>> You may first want to look at why you are receiving the spam in the >>> first place and not rejecting it. There are many ways to fight this, >>> much of which will come down to what your policies are regarding >>> rejecting mail, false positives, etc. >>> >>> You could always turn off the ability of your users to forward mail to >>> other services, problem solved. >> >> This is not an option, we are offering commercial services and users demands >> this feature. > >Gmail offers POP3 retrieval, which is a perfectly servicable option if >users DEMAND every spam message, plus forwarding. > >> Blocking emails based on spam filters are always wrong. Spam recognition >> will NEVER be 100%, there are always false positives. We are accepting all >> emails and filter them after. I just need to tell Postfix to NOT forward >> particular messages and only deliver them locally (for example, as mentioned >> before, based on headers). > >Has it occurred to you that the reason lots of your users enable >forwarding to Gmail may be the fact that you accept everything? And >that they are essentially using Gmail as the spam filter they need >because of this? No, we have our own spam filters but they are NOT rejecting e-mails, only putting them in Spam folder. There are no complains about spam from users at all. >You are creating this problem yourself. No spam filtering is 100% >without false positives, but properly configured before-queue defenses >generally cut out ~90% of the garbage you get from bots and zombies. Or >more, depending on how tight of a ship you can afford to run. It also >presents a traceable error path to any senders that may be caught with >their pants down because of configuration issues, compromised systems >and what have you. We are, of course, not accepting every garbage: smtpd_sender_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain I just meant that we are not rejecting e-mails based on spam filters. >This means that anything that actually reaches the stage where you >decide whether to store or forward is about 10% of what you are >accepting now, and much less likely to cause trouble with forwarding. > >If you must do your own thing, figure out how to use the quarantine >features of your chosen content filtering software, and do forwarding >from there based on rules you specify. Or dig into the Postfix >documentation and figure out how you might achieve what you are after >without backscattering, or discarding mail. We are not backscatters, our systems are configured correctly. One note to all fans of 'spam filters rejecting' here: Did you even notice that NO ONE of big e-mail providers are rejecting messages based on standard spam filter techniques? Google, Yahoo, Microsoft, AT&T, ... No one is doing it, most of them have developed their own filtering systems and you must be really big spammer to be blocked permanently. The best of them is Google, just try their filters and you will see (even blocking which was used to us was targeted only to particular messages).
Re: Do not forward spam
On Sep 20, 2013, at 18:21, azurIt wrote: >> CC: postfix-users@postfix.org >> On Fri, Sep 20, 2013 at 10:42 AM, azurIt wrote: >> >>> Hi, >>> >>> i'm having problems with spam forwarding - lot's of our users enabled >>> forwarding to gmail and every spam they receive is also forwarded. Today >>> gmail block us because of spam (which we were just forwarding, not >>> sending). Any tips how can i disable forwarding in case of a spam (for >>> example, when message has X-Spam-Status: Yes) ? Thanks. >>> >>> azur >> >> As a first line of defence, maybe use postscreen to cut down the spam >> before it reaches smtpd ? >> >> The postscreen documentation (http://www.postfix.org/POSTSCREEN_README.html) >> mentions four layers of defence, if you have some of that implemented, or >> all of it, you would be able to cut down on your incoming spam, before >> anything gets forwarded to Google or any other place. > > Looks fine but i NEED to deliver also spams locally, i just don't want to > forward them away. No one 'needs' to deliver spam locally. On a properly configured system, the vast majority of spam bounces off the before-queue defenses, and never reaches the stage where a decision about forwarding or local storage needs to be made. If you are running into trouble with Gmail it is quite likely that you are accepting too much garbage from bots and zombies. This is a problem you should solve at the earliest possible stage, which is where postscreen comes in. Read the documentation again, and understand why it should be part of your defenses. If you think your problem can be solved using header checks, read the appropriate documentation; http://www.postfix.org/header_checks.5.html But really, start by cutting down on what you accept. Mvg, Joni
Re: Do not forward spam
>Am 20.09.2013 22:03, schrieb azurIt: >> One note to all fans of 'spam filters rejecting' here: Did you even notice >> that >> NO ONE of big e-mail providers are rejecting messages based on standard spam >> filter techniques? >> Google, Yahoo, Microsoft, AT&T, ... No one is doing it, most of them have >> developed their own >> filtering systems and you must be really big spammer to be blocked >> permanently. >> The best of them is Google, just try their filters and you will see (even >> blocking which >> was used to us was targeted only to particular messages) > >that must be why you started this with "Today gmail block us because of spam >(which we were >just forwarding, not sending)" :-) > Please read my whole message. Thank you.
Re: Do not forward spam
Hello Azur, On 9/20/2013 12:45 PM, DTNX Postmaster wrote: > Has it occurred to you that the reason lots of your users enable > forwarding to Gmail may be the fact that you accept everything? And > that they are essentially using Gmail as the spam filter they need > because of this? Joni makes a very salient point here, and others made the same point as well. I can understand your false positive philosophy, but I don't agree with it, and neither does any other respectable mail OP today. This philosophy may have worked in the mid 1990s when spam volumes were low and merely an annoyance. But the situation "on the ground" of the battlefield in 2013 makes this untenable. The spam volume has increased over 1000 fold and is actively wrecking infrastructures when left unchecked. Thus, taking your currently flawed philosophy into account, *at bare minimum* you need to stop accepting spam from malware infected PCs into your queue. You can safely reject nearly all of this bot spam at smtp connect using Postscreen and similar methods. These look at the client sending the spam, not the content. Thus the FP rate is zero--nobody requests email from a spam bot. Nobody gives explicit opt-in permission for a bot network operator to send them email. Remember, spam is defined by consent, not content. Spambots are never given consent. Block them. Rejecting bots at connect should eliminate 80-90% of your inbound spam volume. Other than putting a huge dent in the forwarding problem, this will also: 1. Decrease network bandwidth consumed after connect 2. Decrease network bandwidth consumed during forwarding 3. Decrease disk space consumed by all the spam you're currently accepting 4. Cut down dramatically on CPU cycles currently burned analyzing all emails for spam 5. Generally reduce the physical hardware infrastructure required to support your user load 6. Dramatically increase the number of email users you can support with your current hardware infrastructure As you can see, there are many critical advantages to rejecting the "low hanging fruit" bot spam sources, without causing false positives. Frankly, if I was your employer I'd have fired you already for not having implemented measures to block bot spam, simply because of the financial burden it places on me due to the extra infrastructure required to ingest, forward, store it, etc. Others here likely share this sentiment. Ingesting all bot spam, all spam, will eventually bankrupt you. You cannot be profitable running a commercial email operation if you're ingesting all the spam. Either the infrastructure costs will eat all your profits, or, more likely, you will eventually lose your customers. On 9/20/2013 12:45 PM, Kris Deugau wrote: > To more directly answer your original question, it would help if you > posted an overview of your mail flow. It sounds like your forwarding > is done via alias rather than .forward or some similar processing on > final local delivery; choosing a different place for your forwarding > may help cut the volume of forwarded spam. A commercial email service should never configure per user forwarding at the MTA level. This is why Sieve, procmail, etc exist, to allow users to configure this themselves at the MDA level. Here, any forwarded email is resubmitted to the MTA. As someone else pointed out, you have an easier trail to follow if there is a problem with a specific user and forwarding. It also allows you, the administrator, to implement site wide MDA delivery rules that override individual user rules. In this case, you'd create an MDA rule that delivers any message with an appropriate SPAM tag in the header to a user's local SPAM folder. If the user creates a forward rule it will not forward the spam. Yes, you have work ahead of you to rearchitect this correctly. But this is how it should have been done in the first place. If you need additional assistance, the first thing you need to do is tell us which MDA you're using. Procmail, Maildrop, Dovecot LDA, etc. -- Stan
Re: Do not forward spam
On Sep 20, 2013, at 22:03, azurIt wrote: >> You are creating this problem yourself. No spam filtering is 100% >> without false positives, but properly configured before-queue defenses >> generally cut out ~90% of the garbage you get from bots and zombies. Or >> more, depending on how tight of a ship you can afford to run. It also >> presents a traceable error path to any senders that may be caught with >> their pants down because of configuration issues, compromised systems >> and what have you. > > We are, of course, not accepting every garbage: > smtpd_sender_restrictions = > reject_non_fqdn_sender > reject_unknown_sender_domain > > I just meant that we are not rejecting e-mails based on spam filters. Which is exactly what the various suggestions were about. About rejecting incoming connections based on the connection profile and the envelope, before a message is queued. In other words, no one is suggesting rejecting a message based on its content, we are suggesting that you can cut down the amount of spam you need to make a store or forward decision on tremendously, by raising the bar on what you accept in the first place. The very first reply you got, from Robert Schetterer, already made the distinction between rejection and filtering, by the way. And if the 'smtpd_sender_restrictions' you list above is your idea of not accepting garbage, there is quite a bit of room for improvement. >> This means that anything that actually reaches the stage where you >> decide whether to store or forward is about 10% of what you are >> accepting now, and much less likely to cause trouble with forwarding. >> >> If you must do your own thing, figure out how to use the quarantine >> features of your chosen content filtering software, and do forwarding >> from there based on rules you specify. Or dig into the Postfix >> documentation and figure out how you might achieve what you are after >> without backscattering, or discarding mail. > > We are not backscatters, our systems are configured correctly. Nowhere am I suggesting that you are. I am noting it as a risk that one needs to be aware of. Did you notice your original question was answered there, by the way? It is one of several answers you got before you sent this message. > One note to all fans of 'spam filters rejecting' here: Did you even notice > that NO ONE of big e-mail providers are rejecting messages based on standard > spam filter techniques? Google, Yahoo, Microsoft, AT&T, ... No one is doing > it, most of them have developed their own filtering systems and you must be > really big spammer to be blocked permanently. The best of them is Google, > just try their filters and you will see (even blocking which was used to us > was targeted only to particular messages). Ahh, now you reveal that you are not being blocked, but that they are rejecting some (but not all!) messages based on their local rules. In other words, your original problem description is incomplete at best, and hints at a different class of problem; being blocked by Gmail. You should therefore not be surprised that the suggestions and answers you get focus on that much bigger problem of no messages being accepted at all. And please, you don't think you are the only one here who deals with forwarding to the big gorillas in the game, do you? To get the most value from this list and others like it, assume that most of the problems you run into have already been solved in various ways, for a wide variety of setups and scenarios. Perhaps your own solution is not the best option. Perhaps your view of the problem is incomplete, or perhaps you are misunderstanding the problem completely. And just in case that the issues you are having do present a novel problem, always be as descriptive as possible. That you are doing forwards with 'virtual_alias_maps' at the moment should really have been part of your original post, for example. Better questions tend to get much better answers, with less noise for everyone. Mvg, Joni
Re: Do not forward spam
Am 20.09.2013 21:42, schrieb azurIt: >> Am 20.09.2013 19:31, schrieb azurIt: >>> I don't believe in rejecting e-mails based on spam checks - there are and >>> always be false positives. I will rather accept 100 spams than reject >>> single legitimate e-mail message. >> >> ok ,so why cry about your own decisions ? > > > Where exacly i was 'crying'? I was just friendly ASKING, if Postfix is able > to _not_ forward a message based on it's headers. do filter on header checks ( set them on hold for human inspection ), but you will find this unusable ,in real world ,after some time, cause of fast changing spam. > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Do not forward spam
> The way I read his request is that he wants to forward non-spam > only, and is looking for a Postfix solution that supports this. > > The best proposal I can come up with is a Milter that triggers on > headers added by has spam filter, and that adds a second > recipient only if the mail does not appear to be spam. Not the best but maybe another option, if you can't find/write a milter: Set up a 2nd postfix instance that acts as relayhost for the first. There you could discard or redirect unwanted messages with header_checks. One possible disadvantage is that this would happen for *any* outgoing mail (not only the forwarded ones).
Re: Do not forward spam
On Sep 21, 2013, at 14:53, Jan P. Kessler wrote: >> The way I read his request is that he wants to forward non-spam >> only, and is looking for a Postfix solution that supports this. >> >> The best proposal I can come up with is a Milter that triggers on >> headers added by has spam filter, and that adds a second >> recipient only if the mail does not appear to be spam. > > Not the best but maybe another option, if you can't find/write a milter: > > Set up a 2nd postfix instance that acts as relayhost for the first. > There you could discard or redirect unwanted messages with > header_checks. One possible disadvantage is that this would happen for > *any* outgoing mail (not only the forwarded ones). Would the single, existing instance with 'smtp_header_checks' not achieve the same thing? http://www.postfix.org/postconf.5.html#smtp_header_checks Mvg, Joni
Re: Do not forward spam
> Would the single, existing instance with 'smtp_header_checks' not > achieve the same thing? > > http://www.postfix.org/postconf.5.html#smtp_header_checks Not, if the required headers are added later on by a content_filter.
Re: Do not forward spam
Am 21.09.2013 15:17, schrieb Jan P. Kessler: > > Would the single, existing instance with 'smtp_header_checks' not > > achieve the same thing? > > > > http://www.postfix.org/postconf.5.html#smtp_header_checks > > Not, if the required headers are added later on by a content_filter. Just to be clear. What I meant was: - postfix-1 accepts mail and some spamfilter (pre- or postqueue) scans and adds headers. - mail gets delivered locally - forwarded (non-local) mail is sent to postfix-2 instance (relayhost) - mail with "x-spam-flag: yes" get's discarded/redirected by header_checks - other mail is forwarded to gmail/yahoo/whatever
Re: Do not forward spam
On Sep 21, 2013, at 15:17, Jan P. Kessler wrote: >> Would the single, existing instance with 'smtp_header_checks' not >> achieve the same thing? >> >> http://www.postfix.org/postconf.5.html#smtp_header_checks > > Not, if the required headers are added later on by a content_filter. The documentation states that 'These tables are searched while mail is being delivered'. As the Postfix SMTP client is responsible for delivering mail to the specified forwarding target, why would these be skipped if the message has passed through a content filter? All the content filter does is reinsert a modified message into the queue, does it not? As I read it, 'smtp_header_checks' provides a way to do header checks only on messages that are leaving the system, leaving local delivery unaffected? Mvg, Joni
Re: Do not forward spam
> As I read it, 'smtp_header_checks' provides a way to do header checks only on > messages that are leaving the system, leaving local delivery unaffected? You are right. It should achieve the same.
Re: Do not forward spam
On Sep 21, 2013, at 15:24, "Jan P. Kessler" wrote: > Am 21.09.2013 15:17, schrieb Jan P. Kessler: >>> Would the single, existing instance with 'smtp_header_checks' not >>> achieve the same thing? >>> >>> http://www.postfix.org/postconf.5.html#smtp_header_checks >> >> Not, if the required headers are added later on by a content_filter. > > Just to be clear. What I meant was: > > - postfix-1 accepts mail and some spamfilter (pre- or postqueue) scans > and adds headers. > - mail gets delivered locally > - forwarded (non-local) mail is sent to postfix-2 instance (relayhost) > - mail with "x-spam-flag: yes" get's discarded/redirected by header_checks > - other mail is forwarded to gmail/yahoo/whatever I understand what you mean, but I am not a big fan of adding complexity if it is not absolutely necessary. Especially when it comes to discarding mail based on 'header_checks', as those apply to incoming messages as well; the 'x-spam-flag: yes' is a fairly universally used header, after all. One could of course add a custom header unique to the system, but I would much prefer to handle it locally, in a single instance, preferably from within the content filtering software itself. Mail server setups tend to live for a long time, and one might not remember why the DISCARD was there, reuse the header for another purpose, create a mail loop because the relayhost redirects to a mailbox local to the first instance, that someone puts an external redirect on because the system is running out of space two years down the line, etcetera, etcetera. Keeping it local, preferably within the same 'step' within the delivery workflow that scores your spam, tends to be the most robust. Mvg, Joni
Re: Do not forward spam
> As I read it, 'smtp_header_checks' provides a way to do header > checks only on messages that are leaving the system, leaving local > delivery unaffected? The SMTP client cannot add or remove recipients. The decision to forward mail needs to be made before the queue manager. Therefore, milter_header_checks is more practical. spammer -> smtpd -> cleanup -> qmgr -> smtp -> yahoo etc. milter adding -> local -> mailbox spam header; milter_header_checks adding yahoo etc. address. Wietse
Re: Do not forward spam
I have 10 years of sending emails, (because I have e-card sites), and due to the volume I get a lot of incoming spam. I would like to suggest to you that you are not going to stop all spam, 100% all the time, no matter what you do. And Though I understand your desire to to accept all the emails at your server, that leaves you with a bit of a backwards conundrum. I think you would do well to pay attention to this... At one level you could be playing with fire by forwarding all these emails. Each ISP has their own filter systems in place, and some of them integrate services such as SpamHaus or Spamcop. *I have seen emails rejected because of blacklisted IP addresses and/or blacklisted domain names in the emails. So if you forward emails that contain blacklisted IP's or domains you are likely to run into some difficulty.* For that reason alone I would personally attempt to block more known incoming spam using DNSBL's, especially using the two I have just mentioned. Amongst others, I personally use: reject_rbl_client sbl.spamhaus.org, reject_rbl_client xbl.spamhaus.org, reject_rbl_client bl.spamcop.net If emails are rejected by the clients above, it's generally going to be for a good reason, though not 100% foolproof, it's a pretty safe bet to use them, and certainly more accurate than spam filters. In doing so, you will knock down wasted emails, system resources, and time. But you may also help prevent yourself from getting RED flagged for having blacklisted IP's and domain names in your outgoing emails. Beyond that, shy of manually approving all the other incoming emails before forwarding, I would suggest that you consider other options. *AOL has a "approved senders list" for it's users*, the users input what email addresses they will accept email from, "whitelisting", and the rest is rejected. You could do something similiar, even if you simply trash the emails that are not on the whitelists. You probably could set it up so that any email address in any users contact list simply be added to the whitelisting. - Free English & Spanish Ecards for Birthdays, Christmas , holidays, Valentines , Love , & just because! -- View this message in context: http://postfix.1071664.n5.nabble.com/Do-not-forward-spam-tp61620p61794.html Sent from the Postfix Users mailing list archive at Nabble.com.
