Antw: Re: Kolab-users Digest, Vol 46, Issue 15
Simon Pirschel
Simon.Pirschel at hug.de
Fri Dec 21 08:21:24 CET 2007
>>> Thomas Spuhler <thomas at btspuhler.com> 21.12.2007 05:24 >>>
On Thursday 20 December 2007, Simon Pirschel wrote:
> >> Hi
> >>
> >> Recently, I saw a lot of post about activating some "postfix antispam"
> >> features.
> >>
> >> I would like to react!
> >>
> >> The first goal of an email system is to exchange messages between
> >> peoples. Anything that prevent messages to pass through must be discuss
> >> with care! [...]
> >> Only grey and black listing are "dynamic" measures against SPAM that
> >> SPAMMER cannot control!
> >>
> >> Regards
> >>
> >>> Nik777 <kolab at babel.homelinux.net> 20.12.2007 02:20 >>>
> >
> > I couldn't agree more.
> >
> > I recently implemented greylisting for one of our email domains, and the
> > results were amazing! Of 11041 emails received in the following 24
> > hours, 40 were actually delivered. The remaining 1101 did not retry!
> >
> > I am now looking for a more sophisticated greylisting implementation
> > which would allow me to recognise some further spamming behaviour in a
> > fully dynamic way.
> >
> > For instance, recognising multiple emails from the same IP address to
> > different invalid addresses on our domain.
> >
> > In all other areas of my firewall, I also only implement dynamic
> > blocking, so that suspicious behaviour is blocked temporarily, which
> > protects my network, but then the block is removed, so that I don't
> > later block potentially correct traffic.
> >
> > Cheers!
> > Nik
>
> Checking spam with rbl lists is pretty effective, too. I got several
> domains which recieve 25000 spam mails per day and more. Because of my rbl
> list I can block up to 99% of this spam before it gets queued. Rbl lists
> are dynamic, very easy to integrate in postfix and cost one dns query per
> mail and rbl list.
>
> This is my "smtpd_recipient_restrictions" in postfixs main.cf (non kolab).
>
> smtpd_recipient_restrictions =
> permit_sasl_authenticated
> permit_mynetworks
> reject_unauth_destination
> reject_invalid_hostname
> reject_non_fqdn_sender
> reject_unknown_sender_domain
> reject_non_fqdn_recipient
> reject_unknown_recipient_domain
> reject_rbl_client zen.spamhaus.org
> reject_rbl_client bl.spamcop.net
> reject_rbl_client cbl.abuseat.org
> reject_rbl_client dnsbl.ahbl.org
> reject_rbl_client dialups.mail-abuse.org
> reject_rbl_client dynablock.sorbs.net
> reject_rbl_client relays.mail-abuse.org
> reject_rbl_client list.dsbl.org
> permit
>
>
> Simon
>
> _______________________________________________
> Kolab-users mailing list
> Kolab-users at kolab.org
> https://kolab.org/mailman/listinfo/kolab-users
> Be careful adding as listed above, it made my postfix non startable
> Thomas
Yes, these settings came from a native postfix main.cf.
For Kolab users:
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
reject_unlisted_recipient
reject_invalid_hostname
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_non_fqdn_recipient
reject_unknown_recipient_domain
check_policy_service unix:private/kolabpolicy
reject_rbl_client zen.spamhaus.org
reject_rbl_client bl.spamcop.net
reject_rbl_client cbl.abuseat.org
reject_rbl_client dnsbl.ahbl.org
reject_rbl_client dialups.mail-abuse.org
reject_rbl_client dynablock.sorbs.net
reject_rbl_client relays.mail-abuse.org
reject_rbl_client list.dsbl.org
permit
!!!!!! PLEASE REMEMBER TO EDIT /kolab/etc/kolab/templates/main.cf.template AND EXECUTE /kolab/sbin/kolabconf !!!!!!
Simon
More information about the users
mailing list