[CentOS] postfix and spam, I am impressed

Tue Mar 13 17:00:44 UTC 2012
Nataraj <incoming-centos at rjl.com>

On 03/13/2012 07:02 AM, m.roth at 5-cent.us wrote:
> Ross Walker wrote:
>> On Mar 12, 2012, at 5:25 PM, m.roth at 5-cent.us wrote:
>>> Here's a question: is there any way to inspect an email's headers, and
>>> reject it if the alleged FWDN in the From:" doesn't match the oldest
>>> "Received: "?
>> That would be problematic with dual homed mail gateways that received on
>> internal interface and delivered on external interface that had different
>> host names on each.
> I'm just trying to think of ways around a blacklist... *esp* the way
> dnsorb does, where they'll blacklist an entire block that belongs to a
> hosting provider, who provides one external delivery address.
>        mark "why, yes, that has happened to me several times"
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

Ok, so it wouldn't work to just use the oldest received, but a smarter
inspection could check to see weather it actually passed through a
server owned by the claimed domain.  The reality is that what is need is
to input this into a scoring system weighted with other spam evaluation
mechanisms, something like spamassassin.  The downside of spamassasin is
that it is costly to run and must be run after the message is accepted
by the smtp server.

There already exist so many different spam control methods, many of them
can run at the smtp level and reject mail prior to accepting.  I get
pretty decent rejection from greylisting.  Postscreen is supposed to be
quite good for detecting any kind of bot attacks.  I'm currently using
other techniques for bot attacks, but plan on switching to postscreen.

I also run fail2ban and block IP addresses when I get repeated smtp
errors from an IP, this substantially reduces any kind of bulk spam
attack which attempts to guess valid mail recipients.

I would look at the milter that Les mentioned.  I haven't had a a chance