Hi everyone,
Over the last few weeks, our server has been inundated with spam (300 per day), particularly from the following domain suffixes;
.guru
.info
.icu
.us
I'm running SPAMASSASSIN and have recently installed BAYES.
Two questions, is it possible for ALL SPAM to be moved into a folder held on the server?
And can I block ALL emails from a particular domain suffice (e.g. .guru, .info, .icu)?
thanks
Andrew
P.S. My Spamassasin settings...
# These values can be overridden by editing ~/.spamassassin/user_prefs.cf
# (see spamassassin(1) for details)
# These should be safe assumptions and allow for simple visual sifting
# without risking lost emails.
required_hits 5.0
report_safe 0
required_score 2.0
rewrite_header Subject [**SPAM**]
# Blocked Domains and Emails
blacklist_from ∗@*.guru
blacklist_from ∗@.guru
blacklist_from ∗.guru
blacklist_from ∗@*.buzz
blacklist_from ∗@.buzz
blacklist_from ∗.buzz
Server inundated with SPAM
Re: Server inundated with SPAM
I've also used main.cf in postfix to call upon a file called rejected_domains with the following information
/\.guru$/ REJECT We reject all .guru domains
/\.buzz$/ REJECT We reject all .buzz domains
/\.icu$/ REJECT We reject all .icu domains
/\.us$/ REJECT We reject all .us domains
/\.am$/ REJECT We reject all .am domains
/\.bid$/ REJECT We reject all .bid domains
/\.info$/ REJECT We reject all .info domains
/\.life$/ REJECT We reject all .life domains
/\.monster$/ REJECT We reject all .monster domains
/\.xyz$/ REJECT We reject all .xyz domains
/\.casa$/ REJECT We reject all .casa domains
/\.cyou$/ REJECT We reject all .cyou domains
/\.work$/ REJECT We reject all .work domains
/\.int$/ REJECT We reject all .int domains
/\.tk$/ REJECT We reject all .tk domains
That's done the trick to stop TLD spamming domains!
/\.guru$/ REJECT We reject all .guru domains
/\.buzz$/ REJECT We reject all .buzz domains
/\.icu$/ REJECT We reject all .icu domains
/\.us$/ REJECT We reject all .us domains
/\.am$/ REJECT We reject all .am domains
/\.bid$/ REJECT We reject all .bid domains
/\.info$/ REJECT We reject all .info domains
/\.life$/ REJECT We reject all .life domains
/\.monster$/ REJECT We reject all .monster domains
/\.xyz$/ REJECT We reject all .xyz domains
/\.casa$/ REJECT We reject all .casa domains
/\.cyou$/ REJECT We reject all .cyou domains
/\.work$/ REJECT We reject all .work domains
/\.int$/ REJECT We reject all .int domains
/\.tk$/ REJECT We reject all .tk domains
That's done the trick to stop TLD spamming domains!
- KernelOops
- Posts: 428
- Joined: 2013/12/18 15:04:03
- Location: xfs file system
Re: Server inundated with SPAM
Spam protection is fairly easy to do with postfix, 90% of spam are usually blocked there, the rest are blocked via opendkim/opendmarc/spamassassin.
Before you block entire top level domains, try using the postscreen feature of postfix, its a VERY powerful tool. For example, here is what I use:
Then decide which blacklists you are going to use, the most popular are spamhaus, spamcop and uceprotect, here is what I use:
Finally, make sure you use the postfi restrictions like: reject_unknown_reverse_client_hostname, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_sender_domain, so on and so forth.
What is important, is to block as much spam at the MTA level, because that is "cheap" in cpu/network resources, to avoid using spamassassin as much as possible, which more "expensive" in resources.
I can PM you my configuration if its any help to you.
Before you block entire top level domains, try using the postscreen feature of postfix, its a VERY powerful tool. For example, here is what I use:
Code: Select all
postscreen_blacklist_action = drop
postscreen_cache_cleanup_interval = 24h
postscreen_cache_retention_time = 30d
postscreen_command_time_limit = 10s
postscreen_greet_action = enforce
postscreen_greet_wait = 10s
Code: Select all
postscreen_dnsbl_action = enforce
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_sites =
zen.spamhaus.org*3
bl.spamcop.net*3
dnsbl-1.uceprotect.net*3
dnsbl.dronebl.org*3
hostkarma.junkemailfilter.com=127.0.0.2*3
What is important, is to block as much spam at the MTA level, because that is "cheap" in cpu/network resources, to avoid using spamassassin as much as possible, which more "expensive" in resources.
I can PM you my configuration if its any help to you.
--
R.I.P. CentOS
--
R.I.P. CentOS
--
Re: Server inundated with SPAM
Thanks so much KernelOops and if you could PM your configuration as a base for us, that would be great!
cheers,
Andrew
cheers,
Andrew
- KernelOops
- Posts: 428
- Joined: 2013/12/18 15:04:03
- Location: xfs file system