A new setup

Eli Wapniarski eli at orbsky.homelinux.org
Thu Jun 25 06:40:27 IST 2009 

On Thursday 25 June 2009 00:59:12 aragonx at dcsnow.com wrote:
> Hello all,
> 
> Perhaps you get this question a lot.  If you can point me to the
> appropriate thread, I would greatly appreciate it.
> 
> Anyway, I'm currently running Fedora 9 x64, mailscanner-4.70.7-1, ClamAV
> 0.95.1, spamassassin-3.2.5-1 and sendmail-8.14.2-4.
> 
> Fedora 9 is eol so I am going to do a reinstall.  This time, I want to do
> a little better keeping the spam down.  This system mainly serves as my
> email for my private consulting business and the family.
> 
> Any suggestions on things I should add or whole setups?  Should I add some
> milters?  Razor?  SPF?  etc...  I'm looking for some guidance because I
> have not given this much effort so far but that has to change.  The wife
> is complaining (about spam) and you know how that can be.  :)
> 
> Thanks in advance.
> 
> ---
> Will Y.

As a matter of fact, I do. Funny how I see a extreme parallel to my setup. The only thing, is that me being the System Admin complained about the volume of mail traffic coming into my system. I couldn't and still can't turn on blocks from the general MailScanner rules because of the fear my spouse has of false positives. She is absolutely insistent that she would prefer to get a gazillion spams then loose an important email. And I really can't argue with that. I thinks she's right. However I was wrong in not pursuing Spamassassin rules further. But, I did find an alternative soulution which I am happy with. More on that later.

However the volume was absolutely frightening when I finally discovered how bad it really was. That was discovered with the help of MailWatch which can be found at:

(http://mailwatch.sourceforge.net/doku.php).

It is a very nice web interface that enables monitoring of the actual traffic getting through. And when I discovered that I started looking for solutions. I came up with 2 very extremely effective milters that plugin to sendmail to virtually kill spam. Both of which are available from the fedora repository.

The first and most important of these is milter-greylisting

for more info see (http://hcpnet.free.fr/milter-greylist/).

Read up on this one by correctly adding milter-greylist to sendmail you will effectvely eliminate at least 70% of spam and 99% of malware laden email from entering your system. The best thing you could do is read up on it and install it. I cannot praise this enough.

The next thing that you will need is effective manually configurable regular expression rules to block the rest of the spam. I understand that this can be done effectively with Spamassassin. However, I use another milter called milter-regex.

more info: http://www.benzedrine.cx/milter-regex.html

The most important rule that you will need to establish is the one that sorts out what is a legitimate email address and what's bogus and unceremoniously and without mercy and without bounce or response drop the bogus email addresses. This in effect kills 99% (maybe exaggerating a little, but really only a little) of the spam that milter-greylisting allows through.

Now people might argue with me that I am circumventing the way MTA's are supposed to work in that they take into account that there may be a problem with a mail server or mailbox. And so by default if a MTA can't reach a receiver they will try again and again and again and again. And that's what spammers and other mischief makers are counting on. Cause.... this behaviour causes a back up of the mail queue due to the ping pong effect. You bounce, they bounce and then you bounce and then  they bounce and the amount of mail stuck in the queue grows and grows and grows eventually and effectively establishing denial of service. The way to kill that is with the above mentioned rule above. And that keeps the mail going.

If you decide on Spamassassin rules to do this, I am sure the people on this mailing list will be very helpful.

If you decide to go the milter-regex route then I can point you in the right direction to set up the rule that I've described in the preceeding paragraphs.


In any case as mentioned both milters are available in Fedora repositories.

Eli

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list