postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: Fighting Backscatter

Re: Fighting Backscatter

From: Brian Evans - Postfix List <grknight_at_nospam>
Date: Wed Oct 20 2010 - 17:57:25 GMT
To: postfix-users@postfix.org

On 10/19/2010 11:35 PM, Stan Hoeppner wrote:
> Jeroen Geilman put forth on 10/19/2010 8:09 PM:
>
>> You're missing some of the better spam prevention methods here, such as
>> decent HELO checks, and an RBL or two.
>>
>> I'd suggest at least adding reject_unknown_reverse_client_hostname in
>> there, as well as (testing out)
>> reject_[invalid|unknown|non_fqdn]_helo_hostname.
> This will probably be a big help to Steve.
>
> smtpd_recipient_restrictions =
> permit_mynetworks
> permit_sasl_authenticated,
> reject_unauth_destination
> ...
> check_client_access pcre:/etc/postfix/fqrdns.pcre

In your opinion, would check_reverse_client_hostname_access (Postfix
2.6+) work better here?
Many dynamic zombies don't always resolve forward.

> ...
> reject_rbl_client zen.spamhaus.org
> reject_rbl_client psbl.surriel.com
> reject_rhsbl_client dbl.spamhaus.org
> reject_rhsbl_sender dbl.spamhaus.org
> reject_rhsbl_helo dbl.spamhaus.org
> check_policy_service inet:127.0.0.1:60000
>
> http://www.hardwarefreak.com/fqrdns.pcre
>
> This pcre rdns checker kills tons of bot spam from consumer IPs that
> should not be sending direct smtp mail. It picks up where the PBL
> leaves off. Zero FP rate. As always, exclude it from your own
> submission smtpd or it ighty well reject your own users.
>
> The check_policy_service line is the postgrey daemon. Doesn't stop
> alot, maybe 5-10 per day of 1000, but it's a needed safety net. Your
> anti spam toolbox needs many tools to make all the tools effective as a
> whole. Merely adding fqrdns.pcre has put a big smile on the faces of
> quite a few OPs.
>
> As always, do a "postfix reload" after making changes to main.cf.
>