View previous topic :: View next topic |
Author |
Message |
epig Tux's lil' helper
Joined: 16 Feb 2005 Posts: 86
|
Posted: Sun May 08, 2016 6:01 pm Post subject: [SOLVED]Postfix/amavis blacklist domains? |
|
|
Hi all
I have user that are getting a fair amount of spam with subject and body in Norwegian.
Needless to say, this has no problem in bypassing my amavisd-new spam checks.
This spam is, however, somewhat atypical since it seems to originate from just a few domains.
I have tried to blacklist this in /usr/share/spamassassin/user_prefs with no luck.
Code: |
blacklist_from *@luxury-pesos.com
blacklist_from *@luxurious-cow.com
blacklist_from *@new.coinletters2.com
blacklist_from *@anonhost.org
blacklist_from *@daytoanyway.co.uk
blacklist_from *@dainty-pirate-money.net
blacklist_from *@green-mango-bargain.org
blacklist_from *@norgesautomatencasino.no
blacklist_from *@daytoanyway.co.uk
blacklist_from *@ladivaoutlet.comi
blacklist_from *@vip-erbjudande.net
blacklist_from *@knowledgeways.date
|
So my question is:
where, if anywhere can I put this file or such a blacklist? Does anyone know?
Last edited by epig on Thu May 12, 2016 2:01 pm; edited 1 time in total |
|
Back to top |
|
|
Duncan Mac Leod Guru
Joined: 02 May 2004 Posts: 312 Location: Germany
|
Posted: Sun May 08, 2016 7:53 pm Post subject: Re: Postfix/amavis blacklist domains? |
|
|
epig wrote: | So my question is:
where, if anywhere can I put this file or such a blacklist? Does anyone know? |
Just put your blacklist entries in /etc/spamassassin/local.cf |
|
Back to top |
|
|
epig Tux's lil' helper
Joined: 16 Feb 2005 Posts: 86
|
Posted: Tue May 10, 2016 9:45 am Post subject: Re: Postfix/amavis blacklist domains? |
|
|
Duncan Mac Leod wrote: |
Just put your blacklist entries in /etc/spamassassin/local.cf |
That does not seem to work:
Code: |
blacklist_from *@luxury-pesos.com
blacklist_from *@luxurious-cow.com
blacklist_from *@new.coinletters2.com
blacklist_from *@anonhost.org
blacklist_from *@daytoanyway.co.uk
blacklist_from *@dainty-pirate-money.net
blacklist_from *@green-mango-bargain.org
blacklist_from *@norgesautomatencasino.no
blacklist_from *@daytoanyway.co.uk
blacklist_from *@ladivaoutlet.comi
blacklist_from *@vip-erbjudande.net
blacklist_from *@knowledgeways.date
|
Gives the log entry:
Code: |
May 10 11:34:11 [postfix/smtpd] connect from guild.gasseaplane.com[208.76.251.230]
May 10 11:34:12 [postfix/smtpd] NOQUEUE: client=guild.gasseaplane.com[208.76.251.230]
May 10 11:34:12 [amavis] (03840-14) ESMTP:[127.0.0.1]:10024 /var/amavis/tmp/amavis-20160509T200903-03840-VbgpJ5lG: <s129@anonhost.org> -> <someone@domain.net> SIZE=8880 BODY=8BITMIME Received: from grond.domain.net ([127.0.0.1]) by localhost (grond.domain.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <someone@domain.net>; Tue, 10 May 2016 11:34:12 +0200 (CEST)
May 10 11:34:12 [amavis] (03840-14) Checking: zNWWxMHugJF1 [208.76.251.230] <s129@anonhost.org> -> <someone@domain.net>
May 10 11:34:12 [amavis] (03840-14) p003 1 Content-Type: multipart/alternative
May 10 11:34:12 [amavis] (03840-14) p001 1/1 Content-Type: text/plain, size: 331 B, name:
May 10 11:34:12 [amavis] (03840-14) p002 1/2 Content-Type: text/html, size: 7170 B, name:
May 10 11:34:12 [postfix/smtpd] connect from localhost[127.0.0.1]
May 10 11:34:12 [postfix/smtpd] 876A9202754: client=localhost[127.0.0.1]
May 10 11:34:12 [postfix/cleanup] 876A9202754: message-id=<8768b8f38d7aa2c5924c8173aaa0a01c@s129.anonhost.org>
May 10 11:34:12 [postfix/smtpd] disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
May 10 11:34:12 [postfix/qmgr] 876A9202754: from=<s129@anonhost.org>, size=9464, nrcpt=1 (queue active)
May 10 11:34:12 [amavis] (03840-14) FWD from <s129@anonhost.org> -> <someone@domain.net>,BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 876A9202754
May 10 11:34:12 [amavis] (03840-14) Passed CLEAN {RelayedInbound}, [208.76.251.230]:60029 [208.76.251.230] <s129@anonhost.org> -> <someone@domain.net>, Message-ID: <8768b8f38d7aa2c5924c8173aaa0a01c@s129.anonhost.org>, mail_id: zNWWxMHugJF1, Hits: -0.917, size: 9030, queued_as: 876A9202754, 549 ms
May 10 11:34:12 [amavis] (03840-14) TIMING-SA total 203 ms - parse: 2.5 (1.2%), extract_message_metadata: 17 (8.4%), get_uri_detail_list: 2.9 (1.4%), tests_pri_-1000: 10 (4.7%), tests_pri_-950: 0.98 (0.5%), tests_pri_-900: 1.03 (0.5%), tests_pri_-400: 22 (10.9%), check_bayes: 21 (10.4%), b_tokenize: 8 (4.1%), b_tok_get_all: 6 (3.0%), b_comp_prob: 4.4 (2.2%), b_tok_touch_all: 0.35 (0.2%), b_finish: 0.49 (0.2%), tests_pri_0: 129 (63.4%), check_dkim_signature: 0.88 (0.4%), check_dkim_adsp: 26 (13.0%), check_pyzor: 0.11 (0.1%), tests_pri_500: 2.2 (1.1%), get_report: 0.55 (0.3%)
May 10 11:34:12 [postfix/local] 876A9202754: to=<someone@domain.net>, relay=local, delay=0.02, delays=0.01/0/0/0, dsn=2.0.0, status=sent (delivered to maildir)
May 10 11:34:12 [postfix/qmgr] 876A9202754: removed
|
It looks like SA is ignoring the local.cf file all together.
I also put some BAYES_ scores in a while ago to test, with no reslult.
Does the default Gentoo installation (I installed it all through Portage) hode its config somewhere else? |
|
Back to top |
|
|
freke l33t
Joined: 23 Jan 2003 Posts: 977 Location: Somewhere in Denmark
|
Posted: Tue May 10, 2016 6:07 pm Post subject: |
|
|
I *think* amavis-new and maia (a fork of amavis-new which I use) only calls specific Spamassassin-modules?
I *think* if you started spamd and created a content-filter it might work using local.cf?
You could use access-maps in postfix to blacklist - I guess that'll also save CPU-cycles as it's done sooner, ie.:
/etc/postfix/maps/sender_access Code: | *@luxury-pesos.com REJECT
*@luxurious-cow.com REJECT
*@new.coinletters2.com REJECT
... |
Code: | postmap hash:sender_access |
in /etc/postfix/main.cf Code: | smtpd_recipient_restrictions =
check_sender_access hash:/etc/postfix/maps/sender_access
permit_mynetworks
permit_sasl_authenticated
... |
|
|
Back to top |
|
|
epig Tux's lil' helper
Joined: 16 Feb 2005 Posts: 86
|
Posted: Tue May 10, 2016 6:16 pm Post subject: |
|
|
freke wrote: |
You could use access-maps in postfix to blacklist - I guess that'll also save CPU-cycles as it's done sooner, ie.:
|
Thanks.
I tried that, I will check tomorrow morning |
|
Back to top |
|
|
silter2 n00b
Joined: 26 Jul 2016 Posts: 1
|
Posted: Tue Jul 26, 2016 4:48 pm Post subject: Re: [SOLVED]Postfix/amavis blacklist domains? |
|
|
epig wrote: | Hi all
I have user that are getting a fair amount of spam with subject and body in Norwegian.
Needless to say, this has no problem in bypassing my amavisd-new spam checks.
This spam is, however, somewhat atypical since it seems to originate from just a few domains.
I have tried to blacklist this in /usr/share/spamassassin/user_prefs with no luck.
Code: |
blacklist_from *@luxury-pesos.com
blacklist_from *@luxurious-cow.com
blacklist_from *@new.coinletters2.com
blacklist_from *@anonhost.org
blacklist_from *@daytoanyway.co.uk
blacklist_from *@dainty-pirate-money.net
blacklist_from *@green-mango-bargain.org
blacklist_from *@norgesautomatencasino.no
blacklist_from *@daytoanyway.co.uk
blacklist_from *@ladivaoutlet.comi
blacklist_from *@vip-erbjudande.net
blacklist_from *@knowledgeways.date
|
So my question is:
where, if anywhere can I put this file or such a blacklist? Does anyone know? |
step 1:
in /etc/spamassassin/v320.pre ON:
loadplugin Mail::SpamAssassin::Plugin::Shortcircuit
step 2:
in /etc/spamassassin/local.cf ON:
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
shortcircuit USER_IN_BLACKLIST on
shortcircuit USER_IN_BLACKLIST_TO on
shortcircuit SUBJECT_IN_BLACKLIST on
endif # Mail::SpamAssassin::Plugin::Shortcircuit
and add this line:
include /etc/spamassassin/my_black_list.cf
step 4:
vi/nano/vim what ever U like /etc/spamassassin/my_black_list.cf and paste your rules:
blacklist_from *@luxury-pesos.com
blacklist_from *@luxurious-cow.com
blacklist_from *@new.coinletters2.com
blacklist_from *@anonhost.org
blacklist_from *@daytoanyway.co.uk
blacklist_from *@dainty-pirate-money.net
blacklist_from *@green-mango-bargain.org
blacklist_from *@norgesautomatencasino.no
blacklist_from *@daytoanyway.co.uk
blacklist_from *@ladivaoutlet.comi
blacklist_from *@vip-erbjudande.net
blacklist_from *@knowledgeways.date
step 5:
sa-compile
/etc/init.d/amavisd reload _________________ cu silter2 |
|
Back to top |
|
|
epig Tux's lil' helper
Joined: 16 Feb 2005 Posts: 86
|
Posted: Tue Jul 26, 2016 4:58 pm Post subject: |
|
|
Thank you! |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|