Solved

Stopping spam on postfix mail server.

Posted on 2014-10-30
1
583 Views
1 Endorsement
Last Modified: 2014-11-04
Hi Team,

We are running our own mail server (postfix/dovecot) and we are severely hit by spam lately. The spam is
especially directed to one particular email address.

We have installed spamassassin and let the score to be the default (5). However, most of the spam
messages's score is calculated much below 5, and thus spamassasin is not tagging them as spam.

e.g:

X-Spam-Level: *
X-Spam-Status: No, score=1.9 required=5.0 tests=HTML_MESSAGE,RP_MATCHES_RCVD,
      SPF_HELO_PASS,SPF_PASS,T_REMOTE_IMAGE,URIBL_BLOCKED,URIBL_DBL_SPAM
      autolearn=no version=3.3.2
Thread-Index: AQDk/HpmbBSNJI1pQg3Hg8cGEtwSMA==
Content-Language: en-us

We also installed amavisd, agents like pyzor, razor and installed dcc too. Inspite of this, we
still get lot of spam which is not detected as spam by spamassassin. Is spamassassin miscalculating?
What else can I do to stop the spam?


Thanks.
1
Comment
Question by:Starquest321
1 Comment
 
LVL 27

Accepted Solution

by:
Dr. Klahn earned 500 total points
ID: 40415395
Spam is always a tough issue to deal with, because when one hole is plugged the spammers go find another one.  There are some things you can try that I've found effective on my own system, but they may not be acceptable practice on your system.

1.  Use iptables to restrict access from outside the US and Canada.  Most US based firms do business in the US and possibly Canada.  Most spam comes from outside the US.  If it is acceptable (and that's a big if), bring up iptables, load the geoip geolocation add-on, and disable incoming SMTP on port 25 from anything other than the US and Canada.

#/bin/sh

# /etc/iptables/script1
#
# This script is executed after script0 when /etc/init.d/iptables
# is called during the startup process.
#
# These rules are permanent lockouts of specific country codes as
# determined by the GeoIP database in /var/geoip.
#
# Note:  Keep the GeoIP database current using the shell scripts.

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
iptloc="/sbin/iptables"
declare -i sfail=0

# Delete all rules in any pre-existing chain
# $iptloc -F CountryLockouts
# Suppress error messages
$iptloc -F CountryLockouts > /dev/null 2> /dev/null

# Flush any pre-existing chain
# $iptloc -X CountryLockouts
# Suppress error messages
$iptloc -X CountryLockouts > /dev/null 2> /dev/null

# Declare a new iptables chain for these rules
$iptloc -t filter -N CountryLockouts
sfail=sfail+$?

# RULES BEGIN ============================================

# Accept incoming SMTP from the US
$iptloc -t filter -A CountryLockouts -m geoip --src-cc US -p tcp --dport 25 -j ACCEPT
sfail=sfail+$?

# Accept incoming SMTP from Canada
$iptloc -t filter -A CountryLockouts -m geoip --src-cc CA -p tcp --dport 80 -j ACCEPT
sfail=sfail+$?

# Reject incoming SMTP from any other country
$iptloc -t filter -A CountryLockouts -p tcp --dport 25 -j REJECT
sfail=sfail+$?


# RULES END ============================================

# Return to the calling chain
$iptloc -t filter -A CountryLockouts -j RETURN
sfail=sfail+$?

# Now insert a call to this chain at the top of INPUT
$iptloc -I INPUT 1 -j CountryLockouts
sfail=sfail+$?

exit $sfail

Open in new window


2.  If it's not acceptable to strongly filter at the iptables level, use Postscript rules to eliminate the offending countries in the Postscript configuration using the access_helo file.

# Entire country codes

/\.cn$/                                        550 Denied: China (.CN)
/\.es$/                                        550 Denied: Estonia (.ES)
/\.hu$/                                        550 Denied: Hungary (.HU)
/\.jp$/                                        550 Denied: Japan (.JP)
/\.kr$/                                        550 Denied: Korea (.KR)
/\.pl$/                                        550 Denied: Poland (.PL)
/\.ro$/                                        550 Denied: Romania (.RO)
/\.rs$/                                        550 Denied: Serbia (.RS)
/\.ru$/                                        550 Denied: Russia (.RU)
/\.sg$/                                        550 Denied: Singapore (.SG)
/\.yu$/                                        550 Denied: Yugoslavia (extinct)

# Specific IP addresses

/212\.38\.176\.10$/                            550 Denied

Open in new window


I have found these rules eliminate 99% of the spam I used to see on the system and the same goes for hostile SMTP probes.  However, they are admittedly severe and are definitely not appropriate for a company doing business outside the US on a world-wide, every country, basis.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
The purpose of this video is to demonstrate how to use PicMonkey software to customize images for a Mailchimp campaign. Picmonkey is free and simple online software which can be used by users who don’t have robust editing software such as Photoshop,…
This Micro Tutorial demonstrates  how Internet marketers work with competitive analysis data, and a common task in data preparation is creating separate column for domains. You will then extract from a list of URLs.

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question