ASKER
ASKER
# email target: ryhinsxr@mysite
$iptloc -t filter -A $chname -m string --string "ryhinsxr@mysite" --algo bm -p tcp -j DROP
# email target: tbsrtv159@mysite
$iptloc -t filter -A $chname -m string --string "tbsrtv159@mysite" --algo bm -p tcp -j DROP
# email target: zxc13221@mysite
$iptloc -t filter -A $chname -m string --string "zxc13221@mysite" --algo bm -p tcp -j DROP
# spameri@tiscali.it
$iptloc -t filter -A $chname -m string --string "spameri@tiscali.it" --algo bm -p tcp -j DROP
ASKER
All these email will have breakage of SPF or DKIM or both
at least flag them as SPAM
Feed the message as spam and it should capture similar future messages as spam
ASKER
Potentially, requests from quotes originate on your own webserver. Make sure that form is not being abused.
rspamd is in the receiving line of the mailserver or works together with the MTA during RECEIPT of the message by the MTA or even before it.
same for AMAVIS, then spamassin is trained by the mailsystem (assisted by the option i mentioned as #9 for anything that get through), or anything that get into a spam mail account and should be marked as legitimate.
Spam scanning by the MUA (outlook, pine, kontact et. etc. is far too late in the process).
ASKER
See if IMAP is an option for you based on your comment your current setup uses pop
Spam scanning by the MUA (outlook, pine, kontact et. etc. is far too late in the process).
ASKER
IMHO, referring to your users as "clowns" does not provide for a ...
The issue with pop is that it is a one way trip. there are no folders .. the loss of emails would then require that you have some backup process on the user/workstation side
if you use procmail, as the MTA, you can processes a general system wide spamasssasin filter before you drop privilege to handle the user delivery
Instead of disabling, you can change the behavior to add to the Subject: ---SPAM ---
Who sets policy? Do you provide a mechanism by which they can turn on or off their settings?
That might be a way to simplify things allowing the user to handle.
Steps:
1st Clear description for your mail system what it Should do , should not do etc. from MANAGEMENT. (And point out up fron the policy should APPLY to ALL personell) get it in written form. NO exceptions... not even for management!
2nd Build your environment around this together with guidelines for use
3rd Train the people in proper use those that don't want to live up to their part should suffer from the consequences of their own choices. If they are carpenters and only want to handle 400g hammers and now need a 1000g hammer to handle a big nail they should not try stubbornly the 400g hammers but use the tools needed. If they reject you HAVE TO BE ABLE to point to the description from management.
If management rejects this way of working then create a setup that should be capable to handle all cruft and leave it at that, any more effort will be futile... it is either organized or it is wild west there is no in between way.
Ransomware/Phishing/Spam by mail will happen even with filtering there is a difference if you belong to the low hanging fruit or are higher up the tree.
Ransomware/Phishing can be very hard to detect anyway.., it's just the stakes get higher.
Please provide more info on your mailsetup...
or consider a slightly different setup....
EXIM/Postfix mailreceiver (MTA) DKIM + DMARC can be processed here...
- IP address against RBL's on connect, connection rate / IP source if you want. this will prevent most.
- HELO/EHLO packet for validity w.r.t. IP address - this is a 2nd large winner
- FROM address check (SPF) / blacklists / whitelists here or in RSPAMD
- TO address check if you want the mail anyway
Here greylisting can help if the source/destaddress are seen before from this server Unknowns are temporary blocked to be retried later (mostly 1 hour by SMTP standard).
if retried within minutes is must be a spammer, and thus either be rejected ad nauseam, or even get blacklisted.
DATA:
DKIM & DMARC processing
Then the data part can be passed on to RSPAMD for a verdict on content
Final delivery to MUA... or IMAP database.
RSPAMD configured with it
Validates Receiver, sender, (can do greylistin advise, dkim etc. also) does spamassassin check, virusscans, URBL ..... (mostly content.)
DOVECOT/ CYRUS - Imap / pop servers
They can handle massive amounts of mail effectively.
Make it possible to create subfolders etc. and use archiving.
(using sieve scipts some handling can be automated).
btw, if you follow all guidlines you will also find Microsoft is one of the big offenders in how mail should be handled and how they do it....
I almost have no more spam... and anything above 5 points is considered spammy any thing > 7 is not deliverd to the enduser.
There is 1 or 2 / month spam coming through, most sent to a mail address that used to be used on LinkedIn and was leaked years ago.
Roughly 70K spam mail / month blocked by the various methods. Not a lot of people complain i do not respond to mail or
Linux is a UNIX-like open source operating system with hundreds of distinct distributions, including: Fedora, openSUSE, Ubuntu, Debian, Slackware, Gentoo, CentOS, and Arch Linux. Linux is generally associated with web and database servers, but has become popular in many niche industries and applications.
TRUSTED BY
BadSender <badsender@nowhere.com>