better blocking at MTA level (off-topic)
Hugo van der Kooij
hvdkooij at vanderkooij.org
Sat May 26 09:40:29 IST 2007
On Sat, 26 May 2007, Koopmann, Jan-Peter wrote:
> looking at todays 88% High Scoring Spam ratio I would like to block more
> at the MTA level. What are relyable RBL services (commercial is fine)
> that can be used? Or other methods besides tarpitting, pipelining tricks
> etc. at MTA level (which we all do) that would reduce the load?
>
> Or am I the only one suffering from massive attacks the past few days?
> What are you guys using?
>From my postfix config:
smtpd_client_restrictions =
check_client_access hash:/etc/postfix/whitelist,
check_sender_access hash:/etc/postfix/whitelist,
check_recipient_access hash:/etc/postfix/recipients,
permit_mynetworks,
check_client_access hash:/etc/postfix/blacklist,
check_sender_access hash:/etc/postfix/blacklist,
check_client_access cidr:/etc/postfix/ipblacklist,
regexp:/etc/postfix/dynamic_networks,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_unknown_hostname
reject_non_fqdn_sender,
reject_unknown_sender_domain
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_destination
check_policy_service unix:/var/spool/postfix/postgrey/socket
I have tested with Trend Micro RBL and you can take it yourself for a spin
for 30 days:
http://us.trendmicro.com/us/products/enterprise/network-reputation-services/index.html
I am not sure you will like the pricetag but they are pretty good for a
RBL.
My blacklist contains domain name parts like:
abo.wanadoo.fr (no point in allowing these DSL/CABLE spammers)
And the regular expressions like:
/^host-.*\.argeweb\.nl$/
/^softbank.*\.bbtec\.net$/
....
Hugo.
--
hvdkooij at vanderkooij.org http://hugo.vanderkooij.org/
This message is using 100% recycled electrons.
Some men see computers as they are and say "Windows"
I use computers with Linux and say "Why Windows?"
(Thanks JFK, for the insight.)
More information about the MailScanner
mailing list