postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: Fighting Backscatter

Re: Fighting Backscatter

From: Stan Hoeppner <stan_at_nospam>
Date: Thu Oct 21 2010 - 03:17:39 GMT
To: postfix-users@postfix.org

Steve Jenkins put forth on 10/19/2010 11:12 PM:
> Stan Hoeppner said:
>> This will probably be a big help to Steve.
>
> Thanks, Stan. That fqrdns.pcre file rocks. Is that something you created?
> May I share the link with others?

Glad it's working well for you. That file was donated to me via an
anonymous poster to the spam-l mailing list quite some time ago during
one of our discussions on blocking dyn/generic PTRs. I'm pretty sure he
is a mail OP at one of the larger US ISPs.

My only contribution to that file so far is the very last expression
that blocks a snowshoe spammer I came across. Normally I block snowshoe
spammers via netblock with a CIDR file. IIRC that spammer has his
machines spread out across a couple dozen ISPs. But since he's using
multiple variations of the same domain name, I wrote that expression to
block it all.

Share it as far and wide as you like. I've been sharing it here and
other places for some time.

> I had already added the spamhaus DBL checks (after Jeroen nudged me toward
> their Zen IP blocklist), but Surriel PSBL is new to me and I'll check that
> out now. I also just Googled postgrey and will check that out as well.

There are other good greylisting policy daemons and milters for Postfix.
 I simply mentioned Postgrey as that's what I use and it seems to work
decent.

> Thanks again - your post WAS a big help. I appreciate it.

You're welcome. Have you tried Sahil Tandon's checkdbl.pl header check
daemon yet? I intentionally avoided mentioning it previously as I
wasn't sure if you were up to something like that yet. It requires
modifying master.cf as well as main.cf.

It scans headers for all domain names and then queries Spamhaus DBL,
URIBL, and SURBL for those domains, then rejects the connection on a
hit. This works very well for some sites. It's probably not going to
catch a ton of stuff, but it can catch stuff that smtpd level checks don't.

http://people.freebsd.org/~sahil/scripts/checkdbl.pl.txt

-- Stan