On 2020-01-10 03:04, Pierre Abbat wrote:
My mailserver is being attacked by what looks like a botnet since December 16 at 6:07 (11:07 UTC). Many hosts all over the world are sending mail purporting to be from many domains all over the world to a few domains in Russia. Most of the IP addresses are blocked by uceprotect.net; a few are blocked by other blocklists. A few are not blocked, but are rejected with "Relay access denied". The messages come at a rate of several per second. There are 133 emails stuck in leaf's mail queue, but they do not appear to be related to this attack. Pierre
When dealing with spam, there is no magic one size fits all solution. In order to mitigate spam, you'll need to come up with a multi-layered anti-spam solution.
I'm not sure what Steffans issue with OpenSMTPD was, it sounds like he made himself an open relay. I've run OpenSMTPD for a while now and its been working wonderfully for me.
Anti spam is all about showing proof of work. No reverse DNS and Forward confirmed rDNS? Drop the connection. Bad senderscore? Drop the connection, part of a reputable spam blocklist? drop the connection. That way you're dropping the most egregious offenders before they've even sent you any data. Only after they pass these basic checks is the mail allowed in, where it is then analysed by something like Rspamd or spamassasin etc.
Doing all this with OpenSMTPD is super easy. The reverse DNS checks are built right into it, and there are several other filters available as well such as the sender-score filter. I then use Rspamd for spf and dkim checks as well as spam analysis. I also use dovecot on the server and I use the built in sieve filter to allow for easy training of the spam filter.
I recommend checking out Gilles (the creator of OpenSMTPD) how-to guide for setting up a functional OpenSMTPD mail server:
https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/
