On Sun, 2006-03-05 at 15:01 +0100, Patrick wrote:
On Sun, 2006-03-05 at 00:04 -0500, Joe Klemmer wrote:
Anyway, I want to try swapping out sendmail for postfix to see if that makes any kind of difference. Now, I promise to hit the HOW-TO's and FAQ's and google/A9 myself blue in the face, but if someone has already done this could you kindly post a quick message with any "gotchas" you found or any config issues you ran into it would be greatly appreciated.
Did this a while back. I used the basic sendmail+spamassassin setup that comes with FC4 and decided to move to Postfix because I wanted more powerful tools to fight spam. First thing I did was buy "the definitive guide" postfix book from Kyle Dent. There is now also another book called "the book of postfix" by Hildebrandt and Koetter. Dunno which is better. I enjoyed reading Kyle's book and it was very helpful.
Next, I googled for "postfix amavis clamav pyzor razor dcc" and found two links that were very useful (not at home right now and couldn't find the links. They were aimed at FC4 iirc). I grabbed a box not doing any mail stuff to setup the postifx-amavis-clamav-pyzor-razor-dcc combo and worked from there. Once I had the setup I wanted I moved it over to the mailserver. Don't throw away your sendmail setup. If things go wrong you want the ability to move back and continue to receive mail while you figure out how to fix the postfix problem.
I found that postfix is very powerful when it comes to fighting spam. Very useful was how to block spammers from Korea and China (see http://www.fadden.com/techmisc/asian-spam.htm). And I'm adding more rogue networks like rima-tde.net, RoadRunner, Verizon, Comcast, Shawcable, etc. I also block broadband networks in Eastern Europe the moment they hit me with spam and South America (Brasil and Mexico) are growing on my blocklist too.
Something like this works quite good (in /etc/postfix/main.cf):
smtpd_client_restrictions = permit_mynetworks, check_client_access cidr:/etc/postfix/sinokorea.cidr, check_client_access cidr:/etc/postfix/bans.cidr, check_client_access cidr:/etc/postfix/comcast.cidr, check_client_access cidr:/etc/postfix/shawcable.cidr, reject_rbl_client relays.ordb.org, reject_rbl_client opm.blitzed.org, reject_rbl_client list.dsbl.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client virbl.dnsbl.bit.nl, reject_rbl_client dnsbl.njabl.org, reject_rhsbl_sender dsn.rfc-ignorant.org
My spam is down about 75%. The remaining 25% is caused by an upstream ISP relay that does not filter as aggressive as I would like to. Soon this will change as I will take out the relay and be primary MX for that part too. Hopefully this will drop spam to < 1%.
---- blocking the cidr's as you are doing doesn't really help since it masks the bigger issues as well as the 'rogue' networks you are describing. Fix the problem not the symptom.
add greylisting...see www.greylisting.org
I use sqlgrey - I think if you enable dag's repo, you will get it installed.
add a few more rules...you might want to check out this suggestion that I got from Chris Mauritz a year ago...
http://lists.centos.org/pipermail/centos/2005-April/004339.html
and I found this link to be exceedingly useful too...
http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt
I also use MailScanner as my wrapper for spamassassin and clamav and find it very, very effective (don't listen to the doom and gloom folks that poo poo using MailScanner on Postfix)
you do these things, you can forget all about rogue networks as you call them and banned cidr's because you will stop almost all the spam with the proper setup and don't need to do wholesale block of ip addresses.
Craig