better blocking at MTA level (off-topic)

Hugo van der Kooij hvdkooij at vanderkooij.org
Sat May 26 09:40:29 IST 2007


On Sat, 26 May 2007, Koopmann, Jan-Peter wrote:

> looking at todays 88% High Scoring Spam ratio I would like to block more
> at the MTA level. What are relyable RBL services (commercial is fine)
> that can be used? Or other methods besides tarpitting, pipelining tricks
> etc. at MTA level (which we all do) that would reduce the load?
>
> Or am I the only one suffering from massive attacks the past few days?
> What are you guys using?

>From my postfix config:
smtpd_client_restrictions =
         check_client_access hash:/etc/postfix/whitelist,
         check_sender_access hash:/etc/postfix/whitelist,
         check_recipient_access hash:/etc/postfix/recipients,
         permit_mynetworks,
         check_client_access hash:/etc/postfix/blacklist,
         check_sender_access hash:/etc/postfix/blacklist,
         check_client_access cidr:/etc/postfix/ipblacklist,
         regexp:/etc/postfix/dynamic_networks,
         reject_invalid_hostname,
         reject_non_fqdn_hostname,
         reject_unknown_hostname
         reject_non_fqdn_sender,
         reject_unknown_sender_domain
         reject_non_fqdn_recipient,
         reject_unknown_recipient_domain,
         reject_unauth_destination
         check_policy_service unix:/var/spool/postfix/postgrey/socket

I have tested with Trend Micro RBL and you can take it yourself for a spin 
for 30 days: 
http://us.trendmicro.com/us/products/enterprise/network-reputation-services/index.html

I am not sure you will like the pricetag but they are pretty good for a 
RBL.

My blacklist contains domain name parts like:
abo.wanadoo.fr (no point in allowing these DSL/CABLE spammers)

And the regular expressions like:
/^host-.*\.argeweb\.nl$/
/^softbank.*\.bbtec\.net$/
....

Hugo.

-- 
 	hvdkooij at vanderkooij.org	http://hugo.vanderkooij.org/
 	    This message is using 100% recycled electrons.

 	Some men see computers as they are and say "Windows"
 	I use computers with Linux and say "Why Windows?"
 		(Thanks JFK, for the insight.)


More information about the MailScanner mailing list