Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
More sqlgrey questions - Answered!
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Fred Krogh
Veteran
Veteran


Joined: 07 Feb 2005
Posts: 1036
Location: Tujunga, CA

PostPosted: Fri May 06, 2016 9:43 pm    Post subject: More sqlgrey questions - Answered! Reply with quote

So sqlgrey is doing pretty much what it is supposed to do, but the table from_awl is getting to many things in it, and I'm still getting too much spam.
I have the reconnect delay set to 2 (minutes), and the max_connect_age set to 2 (hours). I have made up a list of trusted email addressed and put that in a table called whitelist ([url],http://www.hyllander.org/content/sqlgrey-and-whitelisting-senders[/url] but I don't think my version of sqlgrey looks in that table. I'm thinking that maybe if I add more to the delay I can get rid of more of the spam. (Ideally there would be a way to blacklist it, but if there is one, I haven't seen how to do it.) I think I want to use the optout_email table, but if that is the way to do it, why have the whitelist table.

If I understand things correctly I could change "optmethod=none", to "optmethod=optout", and put my trusted email addressed in the optout_email table. I believe "optout" means to not greylist, i.e. to pass the email through without bothering to greylist it. Is this correct? And if there is some way to blacklist the ugly spam that get into the from_awl table I'd really like to know about it. Thanks,
Fred


Last edited by Fred Krogh on Sun May 08, 2016 12:37 am; edited 1 time in total
Back to top
View user's profile Send private message
Fred Krogh
Veteran
Veteran


Joined: 07 Feb 2005
Posts: 1036
Location: Tujunga, CA

PostPosted: Fri May 06, 2016 10:15 pm    Post subject: Reply with quote

I think I may have an answer to my question, but it would be nice to have it confirmed. Namely I think that the optout_email table is for opting out of grey listing for recipients. This is not all that useful to me. I got impatient and tried putting the emails I trusted tp get mail from in optout_email and sure enough, nothing gets blocked. So the only hope is the whitelist table which does not seem to get looked at, or perhaps some way of black listing?
Back to top
View user's profile Send private message
freke
l33t
l33t


Joined: 23 Jan 2003
Posts: 952
Location: Somewhere in Denmark

PostPosted: Sat May 07, 2016 9:02 am    Post subject: Reply with quote

You can use blacklists by adding to your smtpd_recipients_restrictions:
Code:
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,


ie.
Code:
smtpd_recipient_restrictions =
        permit_mynetworks
        permit_sasl_authenticated
        reject_unknown_recipient_domain
        reject_non_fqdn_recipient
        reject_rbl_client list.dsbl.org
        reject_rbl_client sbl.spamhaus.org
        reject_rbl_client cbl.abuseat.org
        reject_rbl_client dul.dnsbl.sorbs.net
        check_policy_service inet:mail.vlh.dk:2501


It'll then make queries to those blacklists before letting mail through (which hasn't been permitted by mynetworks or sasl_authenticated)

Alternatively you could look into mail-filter/policyd-weight - it checks multiple blacklist and rejects mails if the sender is in ie. 3 blacklists.
(policyd-weight needs a patch https://bugs.gentoo.org/show_bug.cgi?id=538902 - because of an update to Perls Net::DNS module).
Code:
May 05 13:20:11 [policyd-weight] weighted check:  NOT_IN_IX_MANITU=-0.25 NOT_IN_SPAMCOP=-0.5 NOT_IN_ZEN_SPAMHAUS=-0.75 IN_CBL=3.25 IN_BRBL_BARRACUDA=3.25 NOT_IN_SPAM_SORBS=-1 NOT_IN_SPAM_RATS=-2 CL_IP_NE_HELO=8 (check from: .5306. - helo: .michelin.localhost. - helo-domain: .localhost.)  FROM_NOT_FAILED_HELO(DOMAIN)=9.5 RESOLVED_IP_IS_NOT_HELO=1.5; <client=unknown[203.121.145.34]> <helo=michelin.localhost> <from=tanisha64@5306.com> <to=admin@vlh.dk>; rate: 21_
May 05 13:20:11 [policyd-weight] decided action=550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: michelin.localhost, MTA hostname: unknown[203.121.145.34] (helo/hostname mismatch); <client=unknown[203.121.145.34]> <helo=michelin.localhost> <from=tanisha64@5306.com> <to=admin@vlh.dk>; delay: 6s
Back to top
View user's profile Send private message
Fred Krogh
Veteran
Veteran


Joined: 07 Feb 2005
Posts: 1036
Location: Tujunga, CA

PostPosted: Sat May 07, 2016 5:43 pm    Post subject: Reply with quote

I have 40 entries in the from_awl table that I don't want email from. All this in less than a day. This stuff still swamps my regular email even thought admittedly things are much better than before . Since places like spamhaus (which I am using) are able to reject mail from certain domains, it seems to me that it should be possible for me to have my own local list. It's possible my list would reject mail that others might want, but for my purposes I'd be happy not to see any email from these places. It just seems to me that there should be some way to have such a list locally. Anybody know how Thanks,
Fred
P.S. I'm currently using this
Quote:
smtpd_recipient_restrictions =
permit_mynetworks permit_sasl_authenticated reject_invalid_hostname
reject_non_fqdn_hostname reject_non_fqdn_sender reject_non_fqdn_recipient
reject_unauth_destination reject_unknown_sender_domain
reject_unknown_recipient_domain check_policy_service inet:127.0.0.1:2501
reject_rbl_client zen.spamhaus.org
reject_rbl_client list.dsbl.org
Back to top
View user's profile Send private message
freke
l33t
l33t


Joined: 23 Jan 2003
Posts: 952
Location: Somewhere in Denmark

PostPosted: Sat May 07, 2016 7:46 pm    Post subject: Reply with quote

You can build access maps - ie. I have an /etc/postfix/maps/access_client with:
Code:
aol.com         REJECT
extendcp.co.uk  OK
then
Code:
postmap hash:access_client
creates a db-file postfix can use
and under smtpd_client_restrictions
Code:
check_client_access hash:/etc/postfix/maps/access_client
after a
Code:
postfix reload
postfix now rejects any aol.com connection (which was the number one spamming source on my system).

Likewise you could create a /etc/postfix/maps/sender_access file with ie.
Code:
spam@spam.com REJECT
then use postmap to create a db-file, and add it to smtpd_recipients_restrictions
Code:
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_sender_access hash:/etc/postfix/sender_access,
....
and do a reload to start blocking specific senders.
Back to top
View user's profile Send private message
Fred Krogh
Veteran
Veteran


Joined: 07 Feb 2005
Posts: 1036
Location: Tujunga, CA

PostPosted: Sun May 08, 2016 12:37 am    Post subject: Reply with quote

I don't even have a maps directory in my postfix directory and of course no access_client. This looks like just what I want. Many thanks freke!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum