Running CentOS 4.2 with all updates. I've been using sendmail for my MTA since forever. I've grown used to it and I can make it do what I want it to. However (there's always a catch, isn't there)...
Lately it seems that some mail is being lost. I've noticed some instances when a message was sent to myself and others which I will only see if someone replies back to everyone. Additionally, I am on the word-a-day list and have noticed that occasionally I don't get the word for that day. At first I thought it was just me. My .procmailrc is a horror to look at and I've got some fairly aggressive anti-spam stuff going on. But my mother has mentioned this problem, too. (I have my whole family setup with email on my server, good son that I am)
Anyway, I want to try swapping out sendmail for postfix to see if that makes any kind of difference. Now, I promise to hit the HOW-TO's and FAQ's and google/A9 myself blue in the face, but if someone has already done this could you kindly post a quick message with any "gotchas" you found or any config issues you ran into it would be greatly appreciated.
Thanks, Joe
On Sun, 2006-03-05 at 00:04 -0500, Joe Klemmer wrote:
Anyway, I want to try swapping out sendmail for postfix to see if that makes any kind of difference. Now, I promise to hit the HOW-TO's and FAQ's and google/A9 myself blue in the face, but if someone has already done this could you kindly post a quick message with any "gotchas" you found or any config issues you ran into it would be greatly appreciated.
Did this a while back. I used the basic sendmail+spamassassin setup that comes with FC4 and decided to move to Postfix because I wanted more powerful tools to fight spam. First thing I did was buy "the definitive guide" postfix book from Kyle Dent. There is now also another book called "the book of postfix" by Hildebrandt and Koetter. Dunno which is better. I enjoyed reading Kyle's book and it was very helpful.
Next, I googled for "postfix amavis clamav pyzor razor dcc" and found two links that were very useful (not at home right now and couldn't find the links. They were aimed at FC4 iirc). I grabbed a box not doing any mail stuff to setup the postifx-amavis-clamav-pyzor-razor-dcc combo and worked from there. Once I had the setup I wanted I moved it over to the mailserver. Don't throw away your sendmail setup. If things go wrong you want the ability to move back and continue to receive mail while you figure out how to fix the postfix problem.
I found that postfix is very powerful when it comes to fighting spam. Very useful was how to block spammers from Korea and China (see http://www.fadden.com/techmisc/asian-spam.htm). And I'm adding more rogue networks like rima-tde.net, RoadRunner, Verizon, Comcast, Shawcable, etc. I also block broadband networks in Eastern Europe the moment they hit me with spam and South America (Brasil and Mexico) are growing on my blocklist too.
Something like this works quite good (in /etc/postfix/main.cf):
smtpd_client_restrictions = permit_mynetworks, check_client_access cidr:/etc/postfix/sinokorea.cidr, check_client_access cidr:/etc/postfix/bans.cidr, check_client_access cidr:/etc/postfix/comcast.cidr, check_client_access cidr:/etc/postfix/shawcable.cidr, reject_rbl_client relays.ordb.org, reject_rbl_client opm.blitzed.org, reject_rbl_client list.dsbl.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client virbl.dnsbl.bit.nl, reject_rbl_client dnsbl.njabl.org, reject_rhsbl_sender dsn.rfc-ignorant.org
My spam is down about 75%. The remaining 25% is caused by an upstream ISP relay that does not filter as aggressive as I would like to. Soon this will change as I will take out the relay and be primary MX for that part too. Hopefully this will drop spam to < 1%.
Good luck!
Regards, Patrick
On Sun, 2006-03-05 at 08:01, Patrick wrote:
Did this a while back. I used the basic sendmail+spamassassin setup that comes with FC4 and decided to move to Postfix because I wanted more powerful tools to fight spam.
If that is your only reason for changing, I'd recommend looking at sendmail+MimeDefang first (http://www.mimedefang.org/). MimeDefang runs via the milter interface and can do any kind of checks you want with the results available to sendmail during the SMTP conversation so you can reject at the smtp level instead of having to construct and return bounces. There is a fairly active mail list for support too.
On Sun, 2006-03-05 at 15:01 +0100, Patrick wrote:
On Sun, 2006-03-05 at 00:04 -0500, Joe Klemmer wrote:
Anyway, I want to try swapping out sendmail for postfix to see if that makes any kind of difference. Now, I promise to hit the HOW-TO's and FAQ's and google/A9 myself blue in the face, but if someone has already done this could you kindly post a quick message with any "gotchas" you found or any config issues you ran into it would be greatly appreciated.
Did this a while back. I used the basic sendmail+spamassassin setup that comes with FC4 and decided to move to Postfix because I wanted more powerful tools to fight spam. First thing I did was buy "the definitive guide" postfix book from Kyle Dent. There is now also another book called "the book of postfix" by Hildebrandt and Koetter. Dunno which is better. I enjoyed reading Kyle's book and it was very helpful.
Next, I googled for "postfix amavis clamav pyzor razor dcc" and found two links that were very useful (not at home right now and couldn't find the links. They were aimed at FC4 iirc). I grabbed a box not doing any mail stuff to setup the postifx-amavis-clamav-pyzor-razor-dcc combo and worked from there. Once I had the setup I wanted I moved it over to the mailserver. Don't throw away your sendmail setup. If things go wrong you want the ability to move back and continue to receive mail while you figure out how to fix the postfix problem.
I found that postfix is very powerful when it comes to fighting spam. Very useful was how to block spammers from Korea and China (see http://www.fadden.com/techmisc/asian-spam.htm). And I'm adding more rogue networks like rima-tde.net, RoadRunner, Verizon, Comcast, Shawcable, etc. I also block broadband networks in Eastern Europe the moment they hit me with spam and South America (Brasil and Mexico) are growing on my blocklist too.
Something like this works quite good (in /etc/postfix/main.cf):
smtpd_client_restrictions = permit_mynetworks, check_client_access cidr:/etc/postfix/sinokorea.cidr, check_client_access cidr:/etc/postfix/bans.cidr, check_client_access cidr:/etc/postfix/comcast.cidr, check_client_access cidr:/etc/postfix/shawcable.cidr, reject_rbl_client relays.ordb.org, reject_rbl_client opm.blitzed.org, reject_rbl_client list.dsbl.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client virbl.dnsbl.bit.nl, reject_rbl_client dnsbl.njabl.org, reject_rhsbl_sender dsn.rfc-ignorant.org
My spam is down about 75%. The remaining 25% is caused by an upstream ISP relay that does not filter as aggressive as I would like to. Soon this will change as I will take out the relay and be primary MX for that part too. Hopefully this will drop spam to < 1%.
---- blocking the cidr's as you are doing doesn't really help since it masks the bigger issues as well as the 'rogue' networks you are describing. Fix the problem not the symptom.
add greylisting...see www.greylisting.org
I use sqlgrey - I think if you enable dag's repo, you will get it installed.
add a few more rules...you might want to check out this suggestion that I got from Chris Mauritz a year ago...
http://lists.centos.org/pipermail/centos/2005-April/004339.html
and I found this link to be exceedingly useful too...
http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt
I also use MailScanner as my wrapper for spamassassin and clamav and find it very, very effective (don't listen to the doom and gloom folks that poo poo using MailScanner on Postfix)
you do these things, you can forget all about rogue networks as you call them and banned cidr's because you will stop almost all the spam with the proper setup and don't need to do wholesale block of ip addresses.
Craig
Craig White wrote:
I also use MailScanner as my wrapper for spamassassin and clamav and find it very, very effective (don't listen to the doom and gloom folks that poo poo using MailScanner on Postfix)
I had MailScanner installed and it worked great. I switched to Amavis-new because I was afraid the authors of postfix would stop support for MailScanner. Amavis-new has the same results as far as I can tell.
you do these things, you can forget all about rogue networks as you call them and banned cidr's because you will stop almost all the spam with the proper setup and don't need to do wholesale block of ip addresses.
I agree with your conclusions. Greylisting and a tight postfix set up has my Spamassassin mostly idle. In fact, I have eliminated bayes from spamassassin because I do not get enough spam to train it well. I do use rulesdujour in spammassissn to get most of the few who make it through.
On Sun, 2006-03-05 at 16:31 -0800, John Thomas wrote:
Craig White wrote:
I also use MailScanner as my wrapper for spamassassin and clamav and find it very, very effective (don't listen to the doom and gloom folks that poo poo using MailScanner on Postfix)
I had MailScanner installed and it worked great. I switched to Amavis-new because I was afraid the authors of postfix would stop support for MailScanner. Amavis-new has the same results as far as I can tell.
---- it was too hard to work with (amavis-new) whereas MailScanner was a breeze, is frequently updated, does extra stuff with quarantine, phishing, etc.
too bad you let the doom & gloom people scare you away from MailScanner/postfix combination. ----
you do these things, you can forget all about rogue networks as you call them and banned cidr's because you will stop almost all the spam with the proper setup and don't need to do wholesale block of ip addresses.
I agree with your conclusions. Greylisting and a tight postfix set up has my Spamassassin mostly idle. In fact, I have eliminated bayes from spamassassin because I do not get enough spam to train it well. I do use rulesdujour in spammassissn to get most of the few who make it through.
---- indeed - this list (CentOS) has a lot of knowledgeable Postfix users which made my transition from sendmail to postfix easy and very effective.
and a mostly idle spamassassin is a much happier machine ;-)
Craig
Patrick wrote:
On Sun, 2006-03-05 at 00:04 -0500, Joe Klemmer wrote:
Anyway, I want to try swapping out sendmail for postfix to see if that makes any kind of difference. Now, I promise to hit the HOW-TO's and FAQ's and google/A9 myself blue in the face, but if someone has already done this could you kindly post a quick message with any "gotchas" you found or any config issues you ran into it would be greatly appreciated.
Did this a while back. I used the basic sendmail+spamassassin setup that comes with FC4 and decided to move to Postfix because I wanted more powerful tools to fight spam. First thing I did was buy "the definitive guide" postfix book from Kyle Dent. There is now also another book called "the book of postfix" by Hildebrandt and Koetter. Dunno which is better. I enjoyed reading Kyle's book and it was very helpful.
One other project I'd like to throw out there is postfixadmin which provides most of the things talked about in this thread provides a nice web interface to postfix
On Sat, 2006-03-04 at 23:04, Joe Klemmer wrote:
Running CentOS 4.2 with all updates. I've been using sendmail for my MTA since forever. I've grown used to it and I can make it do what I want it to. However (there's always a catch, isn't there)...
Lately it seems that some mail is being lost. I've noticed some instances when a message was sent to myself and others which I will only see if someone replies back to everyone.
Some people have reasons for disliking sendmail, but I've never heard 'losing mail' as one of them.
On Sat, 2006-03-11 at 19:16 -0600, Les Mikesell wrote:
On Sat, 2006-03-04 at 23:04, Joe Klemmer wrote:
Running CentOS 4.2 with all updates. I've been using sendmail for my MTA since forever. I've grown used to it and I can make it do what I want it to. However (there's always a catch, isn't there)...
Lately it seems that some mail is being lost. I've noticed some instances when a message was sent to myself and others which I will only see if someone replies back to everyone.
Some people have reasons for disliking sendmail, but I've never heard 'losing mail' as one of them.
Based on the OPs first message it sounds more like his procmail rules are causing the problem. It is doubtful that sendmail would be the source of the problem.
-
Craig White -
Joe Klemmer -
John Thomas -
Keith Morse -
Les Mikesell -
Patrick -
Scot L. Harris