[gentoo-user] Filtering spam for a business address

[gentoo-user] Filtering spam for a business address

[Grant]

Does anyone use a spam-filtering solution they think is accurate
enough to use with a business email address?  I'm getting tons of spam
and I'd really like to try and filter it out, but I need to make sure
I don't miss any legitimate email.  I'm using postfix and
courier-imap.

- Grant
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Filtering spam for a business address

[Grant]

> > Does anyone use a spam-filtering solution they think is accurate
> > enough to use with a business email address?  I'm getting tons of spam
> > and I'd really like to try and filter it out, but I need to make sure
> > I don't miss any legitimate email.  I'm using postfix and
> > courier-imap.
> >
> > - Grant
>
>         Greylisting because it doesn't filter anything it merely delays email
> with a temp 450 error. Real emails retry after an interval and spam does
> not so it eliminates about 90-95%. Couple with reasonable Postfix checks
> like making sure the sender domain exists, etc and a mail client with
> internal filtering. With the above in place I see maybe 1-2 actual spams
> in my inbox a week and averaging about eight a day in my spam folder.
>
> Postgrey is in portage and it'll take you about almost two full minutes
> to get setup and working. I suggest making the the greylist time 30
> seconds and the whitelist time 32 days.
>
> kashani

That sounds really nice.  Would you say sending back a 450 error is
100% reliable?  Which config option makes postfix check to see if the
sender domain exists.  I can't find it in /etc/postfix/main.cf.

- Grant
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Filtering spam for a business address

[kashani]

Grant wrote:
>> Greylisting because it doesn't filter anything it merely delays
>> email with a temp 450 error. Real emails retry after an interval
>> and spam does not so it eliminates about 90-95%. Couple with
>> reasonable Postfix checks like making sure the sender domain
>> exists, etc and a mail client with internal filtering. With the
>> above in place I see maybe 1-2 actual spams in my inbox a week and
>> averaging about eight a day in my spam folder.
>> 
>> Postgrey is in portage and it'll take you about almost two full
>> minutes to get setup and working. I suggest making the the greylist
>> time 30 seconds and the whitelist time 32 days.
>> 
>> kashani
> 
> That sounds really nice.  Would you say sending back a 450 error is 
> 100% reliable?  Which config option makes postfix check to see if the
>  sender domain exists.  I can't find it in /etc/postfix/main.cf.
> 

	Nothing is 100% reliable and greylisting is no different. Somewhere 
someone is running a mail server that retries every 4 hours instead of 
the usual 5 minutes, 15 minutes, 60 minutes that most servers do. Mail 
that shows up in 4-8 hours may be no different that if you have dropped 
the mail in the first place.  Additionally some things like Amazon 
newsletters do not retry at all so you'd have to white-list them. And 
I've seen two instances where email originates from a different server 
each time it retires... which makes no sense at any level and seems 
incredibly in efficient.
	I'd keep an eye on things the first month you run it, but generally I 
have had very few issues over the past two years.

You want to look at smptd_recipient_restrictions. I like the following, 
but I would not blindly use them unless you are sure it's the behavior 
you really want.

smtpd_recipient_restrictions =
         reject_invalid_hostname,
         reject_non_fqdn_recipient,
         reject_non_fqdn_sender,
         reject_unknown_sender_domain,
         reject_unknown_recipient_domain,
         reject_unauth_pipelining,
         permit_mynetworks,
         permit_sasl_authenticated,
         check_policy_service inet:127.0.0.1:10030,
         reject_unauth_destination,
         permit

kashani
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Filtering spam for a business address

[Preston Hagar]

[-- Attachment #1: Type: text/plain, Size: 542 bytes --]

>
> > Grant wrote:
> >> Does anyone use a spam-filtering solution they think is accurate
> >> enough to use with a business email address?  I'm getting tons of spam
> >> and I'd really like to try and filter it out, but I need to make sure
> >> I don't miss any legitimate email.  I'm using postfix and
> >> courier-imap.
> >>
> >> - Grant
>
>

I have been wondering about this as well and I found this really great
write-up:

http://www.freesoftwaremagazine.com/articles/focus_spam_postfix/

I would highly recommend looking at it.

Preston

[-- Attachment #2: Type: text/html, Size: 951 bytes --]

Re: [gentoo-user] Filtering spam for a business address

[Grant]

> >> Does anyone use a spam-filtering solution they think is accurate
> > >> enough to use with a business email address?  I'm getting tons of spam
> > >> and I'd really like to try and filter it out, but I need to make sure
> > >> I don't miss any legitimate email.  I'm using postfix and
> > >> courier-imap.
> > >>
> > >> - Grant
> >
> >
>
>
> I have been wondering about this as well and I found this really great
> write-up:
>
> http://www.freesoftwaremagazine.com/articles/focus_spam_postfix/
>
>  I would highly recommend looking at it.
>
> Preston

That's a great article.  Where do you implement the changes he
suggests on the first page?  I searched /etc/postfix/main.cf for the
configuration options but they aren't there.

- Grant
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Filtering spam for a business address

[kashani]

Grant wrote:
> 
> That's a great article.  Where do you implement the changes he
> suggests on the first page?  I searched /etc/postfix/main.cf for the
> configuration options but they aren't there.

You have to add them.

kashani
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Filtering spam for a business address

[Preston Hagar]

[-- Attachment #1: Type: text/plain, Size: 2073 bytes --]

>
> > http://www.freesoftwaremagazine.com/articles/focus_spam_postfix/
> >
>
> That's a great article.  Where do you implement the changes he
> suggests on the first page?  I searched /etc/postfix/main.cf for the
> configuration options but they aren't there.
>
> - Grant
> -


Just add them to main.cf and do a /etc/init.d/postfix reload  (make sure not
to include the line numbers in his examples)

For the lines that reference external files, you will have to create the
files and the content and the issue the command:

postmap <filename>

The guide puts all of the files in /usr/local/etc/postifx, but I just put
the files in /etc/postfix  (If you put the files in /etc/postfix instead of
/usr/local/etc/postfix, make sure to change the path main.cf).  I left off
the spf filter since it seems that many people still have not adopted spf.
Postgrey is great and I use it on my person email server, but I left that
off of the business system I manage.  I work for a real estate company and
postgrey can delay email by 4 hours or more depending on the sending server
configuration.  Although no one should depend on email for speedy delivery,
it is my experience that most users expect it.  All of the other options
have really helped a lot and cut down on spam.

A couple of things to remember, each time you change main.cf or any other
postfix configuration file, you need to issue the command:

/etc/init.d/postfix reload

to get postfix to take the new configuration changes.

Also, if you change any of the external files that main.cf refrences, you
need to  do a :

postmap <filename>

and then
/etc/init.d/postfix reload

It is probably a good idea to tail your mail logs for a while after you make
the changes just to make sure you are not blocking anything you didn't
intend
to.

tail -f /var/log/mail/current

or

tail -f /var/log/mail.info

depending on your logger.
Also, I would recommend sending email to an account on your new system from
any and all external email accounts you may have such as yahoo or gmail just
for extra testing.

Good Luck,

Preston

[-- Attachment #2: Type: text/html, Size: 2720 bytes --]