postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: RE: Fighting Backscatter

RE: Fighting Backscatter

From: Terry Gilsenan <terry.gilsenan_at_nospam>
Date: Wed Oct 20 2010 - 02:05:22 GMT
To: Steve Jenkins <steve@stevejenkins.com>, Postfix users <postfix-users@postfix.org>

From: owner-postfix-users@postfix.org [owner-postfix-users@postfix.org] On Behalf Of Steve Jenkins [steve@stevejenkins.com]
Sent: Wednesday, 20 October 2010 11:50 AM
To: Terry Gilsenan; Postfix users
Subject: RE: Fighting Backscatter

>Hi, Terry. Again, very helpful advice presented in a way I understand. :)
>Thank you.

>Based on Jeroen's advice, I've modified my main.cf file to restrict much
>more of the undeliverable mail on the way IN. Just from watching my logfile
>over the past few minutes, I'm seeing a LOT more rejections for "Domain not
>found" and "cannot find your reverse hostname" as well as warnings for
>"address not listed for" and "Helo command rejected: need fully-qualified
>hostname." That's awesome! I'm assuming that after watching these warnings
>for a while and being satisfied that these warnings are appearing only for
>SPAM that I can turn off the warning and simply reject. What should I use as
>a good indicator for when it's time to do that?

I have no idea what would work for you, I log everything and I have a legal requirement to do so.

>Like you, I also tend to be more practical than pragmatic, so even if it
>causes a few sighs and finger wags, I'm open to quietly sinking mail that I
>can't deliver. Any pointers on exactly how to do that?

Amavisd-new and spamassassin are great tools when configured correctly and DISCARD used as a final rule.

header_checks and body_checks allow the use of the DISCARD action.

Accept and then discard (silently delete) is perfectly valid if that is your decision as to the final disposition of rec'd email that fits the rules you have set. Ultimately you want to get the server config setup so that you dont even start the data phase of the SMTP transaction for most spam. Content filter should then be a last resort.

Regards,
T

<snip>