Spam question
Dave Jones
dave at jonesol.com
Wed Aug 26 23:12:37 UTC 2015
If using Postfix, definitely enable postscreen and then you can setup
weights for each RBL. Everyone's environment/recipients are a little
different so not all RBLs that work for one will work for another and
vice versa. Postscreen will let you use the more "unreliable" RBLs in
a combined manner so they can help make the decision to block but not
block on their own like the standard way shown earlier in this thread.
On Mon, Aug 24, 2015 at 5:26 AM, Martin Hepworth <maxsec at gmail.com> wrote:
> Sean
> Greylisting is still very very useful and recommended at the MTA level.
>
> Do you reject non-valid recipients at the MTA level as well?
>
> I presume your Spamassassin is upto date and getting the updated rulesets
> from them automatically?
>
>
> --
> Martin Hepworth, CISSP
> Oxford, UK
>
> On 6 August 2015 at 19:10, Sean M. Schipper <sean.m.schipper at lawrence.edu>
> wrote:
>>
>> Email is accepted for a single domain. I use postfix as my MTA.
>>
>>
>>
>> I employ Spamhaus as an RBL that I use to reject at SMTP. I do use others
>> but do not reject based on them. Any others that are reputable enough to
>> reject with?
>>
>>
>>
>> I haven’t really considered Greylisting. I just read some on it to
>> refresh my memory. Is this commonly used by the MailScanner community?
>>
>>
>>
>>
>>
>>
>>
>> --
>>
>>
>>
>> RBL ? Greylisting ? How many domains are you filtering ? What MTA ?
>>
>>
>>
>> --
>>
>> Jeremy McSpadden | Flux Labs
>>
>> Local - 850-250-5590x501<tel:850-250-5590;501> | Mobile -
>> 850-890-2543<tel:850-890-2543>
>>
>> Fax - 850-254-2955<tel:850-254-2955> | Toll Free -
>> 877-699-FLUX<tel:877-699-FLUX>
>>
>> Web - http://www.fluxlabs.net<http://www.fluxlabs.net/>
>>
>>
>>
>>
>>
>> On Aug 6, 2015, at 12:49 PM, Sean M. Schipper
>> <sean.m.schipper at lawrence.edu<mailto:sean.m.schipper at lawrence.edu>> wrote:
>>
>>
>>
>> Since last November I've been getting inundated with spam (yesterday just
>> under 7,000 just in the am) from coming from 3 or 4 IP addresses on the same
>> subnet in the morning starting like clockwork just after 9am. Then
>> sometimes I'll get a similar rush of spam in the afternoon coming from a
>> separate IP range. Countries of origin include US and Bulgaria mostly but
>> also have come from Brasil, Romania and S. Africa.
>>
>>
>>
>> I've been able to train MailScanner to correctly identify these as spam
>> since the content is very similar -- tons of links to websites with .php
>> extensions. Examples of subject lines: Situations for 2015 that forgive
>> your Student-Loan, 12 month MBA programs, accelerated...
>>
>>
>>
>> To cut down on the processing/traffic on my server I've been just
>> blacklisting these IP subnets at smtp with a deny bounce message. Does
>> anyone have any other suggestions on actions I can take to rid myself of
>> this annoying daily routine? Does anyone else have similar battle stories
>> like this?
>>
>>
>>
>> Thanks for any suggestions on this.
>>
>>
>>
>> Sean
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/listinfo/mailscanner
>>
>>
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>
>
More information about the MailScanner
mailing list