'Re: Suggestions for less spam'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postfix-users
Subject:    Re: Suggestions for less spam
From:       James Brown <jlbrown () bordo ! com ! au>
Date:       2019-09-25 0:02:26
Message-ID: ASSP.017135207b.F3DC26CF-82C7-4269-9239-A056CDB3B398 () bordo ! com ! au
[Download RAW message or body]

This is an S/MIME signed message


> On 23 Sep 2019, at 1:59 am, Dominic Raferd <dominic@timedicer.co.uk> wrote:
> 
> On Sun, 22 Sep 2019 at 14:36, Paul van der Vlis <paul@vandervlis.nl> wrote:
>> 
>> Hello,
>> 
>> I would like some suggestions on how to get less spam, I will paste my
>> configuration at the end of the mail.
>> 
>> Maybe somebody with a nice setup could post his/her setup?
>> 
>> As you can see, I am experimenting with reject_unknown_client_hostname.
>> What's your opinion about that setting?
>> 
>> I've never used greylisting. Are you using it?
> 
> I have been tweaking my settings for the last three years largely
> based on advice from this list. I give below my (slightly simplified)
> smtpd_recipient_restrictions settings for unauthenticated connections
> (suggestions for improvement very welcome). I also apply some
> header_checks and use spamassassin and clamav (via amavis) with some
> bespoke rules.
> 
> I think it is inadvisable to use reject_unknown_client_hostname (risk
> of fps) but I have found reject_unknown_reverse_client_hostname very
> effective. I tried greylisting but gave it up - it isn't necessary and
> the delays were very irritating to users (e.g. for password reset
> emails).
> 
> smtpd_recipient_restrictions =
>    reject_unauth_pipelining
> 
>     # localfile whitelists
>    check_sender_access hash:/etc/postfix/sender_access_whitelist
>    check_client_access hash:/etc/postfix/client_access_whitelist
>    check_client_access cidr:/etc/postfix/client_access_whitelist.cidr
>    check_helo_access hash:/etc/postfix/helo_access_whitelist
> 
>    # localfile blacklists
>    check_sender_access hash:/etc/postfix/sender_access
>    check_client_access hash:/etc/postfix/client_access
>    check_helo_access hash:/etc/postfix/helo_access
>    check_sender_access pcre:/etc/postfix/sender_access.pcre
> 
>    # reject clients without PTR
>    reject_unknown_reverse_client_hostname
> 
>    # reject clients with dynamic ips
>    reject_rbl_client dul.dnsbl.sorbs.net=127.0.0.10
> 
>    # rejections based on rbls for helo/sender/reverse_client
>    reject_rhsbl_helo dbl.spamhaus.org
>    reject_rhsbl_sender dbl.spamhaus.org
>    reject_rhsbl_reverse_client dbl.spamhaus.org
>    reject_rhsbl_sender fresh.fmb.la=127.2.0.[2;14]
> 
>    # ip-based remote whitelists
>    permit_dnswl_client list.dnswl.org=127.0.[0..255].[1..3]
>    permit_dnswl_client white.uribl.com
>    permit_dnswl_client hostkarma.junkemailfilter.com=127.0.0.[1;3;5]
> 
>    # ip-based remote blacklists
>    reject_rbl_client zen.spamhaus.org
>    reject_rbl_client dyna.spamrats.com
>    reject_rbl_client hostkarma.junkemailfilter.com=127.0.0.2
>    reject_rbl_client truncate.gbudb.net
>    reject_rbl_client dnsbl.cobion.com
>    reject_rbl_client bl.fmb.la=127.0.0.2
>    reject_rbl_client b.barracudacentral.org
> 
Just wondering if it is worth using Razor.

https://sourceforge.net/projects/razor/

Do people find it useful? Anyone using it?

Seems at bit dated.

Thanks, James.


["smime.p7s" (application/x-pkcs7-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic