postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: Fighting Backscatter

Re: Fighting Backscatter

From: Stan Hoeppner <stan_at_nospam>
Date: Wed Oct 20 2010 - 03:35:09 GMT
To: postfix-users@postfix.org

Jeroen Geilman put forth on 10/19/2010 8:09 PM:

> You're missing some of the better spam prevention methods here, such as
> decent HELO checks, and an RBL or two.
>
> I'd suggest at least adding reject_unknown_reverse_client_hostname in
> there, as well as (testing out)
> reject_[invalid|unknown|non_fqdn]_helo_hostname.

This will probably be a big help to Steve.

smtpd_recipient_restrictions =
        permit_mynetworks
        permit_sasl_authenticated,
        reject_unauth_destination
        ...
        check_client_access pcre:/etc/postfix/fqrdns.pcre
        ...
        reject_rbl_client zen.spamhaus.org
        reject_rbl_client psbl.surriel.com
        reject_rhsbl_client dbl.spamhaus.org
        reject_rhsbl_sender dbl.spamhaus.org
        reject_rhsbl_helo dbl.spamhaus.org
        check_policy_service inet:127.0.0.1:60000

http://www.hardwarefreak.com/fqrdns.pcre

This pcre rdns checker kills tons of bot spam from consumer IPs that
should not be sending direct smtp mail. It picks up where the PBL
leaves off. Zero FP rate. As always, exclude it from your own
submission smtpd or it ighty well reject your own users.

The check_policy_service line is the postgrey daemon. Doesn't stop
alot, maybe 5-10 per day of 1000, but it's a needed safety net. Your
anti spam toolbox needs many tools to make all the tools effective as a
whole. Merely adding fqrdns.pcre has put a big smile on the faces of
quite a few OPs.

As always, do a "postfix reload" after making changes to main.cf.

-- Stan