?
Solved

Reject incoming mail based on Spam Score

Posted on 2007-10-11
6
Medium Priority
?
2,122 Views
Last Modified: 2013-12-09
Hi! I would like my mail server to reject incoming mail based on the spam score of the mail. I use Postfix, SpamAssassin and Procmail. Is this possible?

Currently, SpamAssassin assesses all mail and assigns a spam score, adding it to the mail headers. Procmail then filters the mail by reading the spam score and delivers it appropriately. I have it set up to deliver mail with a score of 5+ to the Spam folder, and all mail with a score of 20+ is delivered to the users' Trash folder, but instead of delivering mail with scores of 20+, I would like Postfix to reject it. Don't know if it's possible with my current setup, but any input is appreciated.
0
Comment
Question by:Julian Matz
  • 3
  • 3
6 Comments
 
LVL 36

Assisted Solution

by:grblades
grblades earned 2000 total points
ID: 20059034
Postfix has only very recently implemented support for milters so in theory if you have a very up to date copy of postfix then it should be possible. However generally it is a bad idea. Spamassassin can take a while to process each mail as it has numerous dns lookups to perform and the wait the server would have to perform before accepting the mail in theory could cause problems.

May I ask why you wish to do this?
If I know I might be able to suggest some better alternatives.
0
 
LVL 21

Author Comment

by:Julian Matz
ID: 20059223
Thanks for the response. My Postfix version is 2.3.8.

The reason I wanted to do this is because I thought it would decrease the server load. Also, it would stop unwanted mail ever reaching the mailbox and it would be less tedious to manually check for false positives as false positives are very likely not to have a spam score of 20 or higher. Another reason was that I thought that spammers or spam software might give up sending spam to my network if the messages are bounced.

Alternative suggestions are most welcome :)
0
 
LVL 36

Assisted Solution

by:grblades
grblades earned 2000 total points
ID: 20059306
Spammers dont seem to stop sending spam if the mail bounces. I still get spam for non existing users which were deleted over 4 years ago.

I use the Spamhaus (requires a datafeed subscription) and spamcop RBls in my postfix configuration and it rejects about 4000 mails per day. That leaves about 800 messages coming in and getting scanned of which about 500 are spam.

I use Mailscanner. It is setup to flag mail with a score of over 5 as (probably spam), spam with a score of over 10 is flaged as (spam) and spam with a score of over 20 is just deleted. To use mailscanner requires minimal changes to postfix (one line in /etc/postfix/access to put incoming mail into the hold queue).

My website has links to the software and sites I have mentioned together with various other tips
http://www.gbnetwork.co.uk/mailscanner
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 21

Author Comment

by:Julian Matz
ID: 20062363
I'm using MailScanner also, although I haven't been able to perfect the installation for Postfix, SA, Procmail and MailScanner to completely work in harmony...

So what you're suggesting is to make Postfix reject the mail before it reaches SA? That would make sense.
You seem to have a lot of experience with Postfix, etc. :) Could I ask you to take a quick look at my Postfix main.cf file, and firstly see if everything looks ok as is, and maybe make a few suggestions if you think it could be improved? I'm using this in a production environment with maybe 50 or so mail users.

I've put a copy of the file here:
http://194.150.229.199:80/EE/postfix_main.cf.txt
0
 
LVL 36

Accepted Solution

by:
grblades earned 2000 total points
ID: 20063631
It looks ok. I am also using Spamhaus but it is a subscription service. For up to 100 users it is $500/year.
As you can see from the logwatch output below spamhaus blocks the vast majority and spamcop block about 14% of what remains (about 800 messages made it through). If I remove spamhaus the spamcop would only block about 3000 messages so spamhaus is far better.

 Messages rejected using Anti-Spam site 5510 Time(s)
     autoblock.dnsbl identified 7 spam messages.
     bl.spamcop.net identified 126 spam messages.
     local.dnsbl identified 15 spam messages.
     zen.spamhaus.org identified 5362 spam messages.

You might want to consider using the mailwatch2rbl script I wrote (assuming you use mailwatch) as it monitors how many mails each IP address sends and will add any that only send spam over a particular threshold to a block table for X number of hours. It doesnt make a large difference to us but I am sure if we wernt using spamhaus then it would be far more effective.

I also have the following two entries in my main.cf :-
smtpd_client_connection_count_limit = 5
smtpd_timeout = 120

The first one limits the maximum number of connections each client can make. There were a few faulty bot clients around a couple of months ago which would leave a lot of connections open to the mail server. We had a couple which had 50 connections open. This limits the number of connections to 5. The second one reduces the inactivity timeout down to 2 minutes.
0
 
LVL 21

Author Closing Comment

by:Julian Matz
ID: 31408127
Thanks a lot for the help and comments!
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question