| View previous topic :: View next topic |
| Author |
Message |
audiodef
Watchman
Joined: 06 Jul 2005
Posts: 6308
Location: /usr/lib64/lv2
|
 Posted: Wed Jul 11, 2018 10:31 pm Post subject: Tips wanted on weeding out name spam |
 |
|
I run my own mail server on a Gentoo-based server. Anyone have any tips for weeding out that spam with people's names in the subject line?
_________________
Gentoo Studio: A Gentoo-based, professional digital audio workstation OS.
Last edited by audiodef on Sun Jul 22, 2018 3:23 pm; edited 2 times in total |
|
| Back to top |
|
 |
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5801
|
|
| Back to top |
|
|
audiodef
Watchman
Joined: 06 Jul 2005
Posts: 6308
Location: /usr/lib64/lv2
|
| Posted: Thu Jul 12, 2018 2:49 am Post subject: |
|
|
I was wondering if I could do something like that. I mean, who IRL actually puts their name and only their name in the subject line anyway? 
EDIT: Being the usual idiot I am, I forgot I already had sufficient measures in place. I just needed to run sa-update and restart spamd.
_________________
Gentoo Studio: A Gentoo-based, professional digital audio workstation OS. |
|
| Back to top |
|
|
audiodef
Watchman
Joined: 06 Jul 2005
Posts: 6308
Location: /usr/lib64/lv2
|
| Posted: Sun Jul 22, 2018 3:24 pm Post subject: |
|
|
Not solved.
I know it's not a bad mail server config because it's only affecting two accounts that have been used online over time. I'm hoping to figure out how to strengthen my spam filter. I could del these accounts, but I'd have to go around updating a lot of places that use these emails as logins and stuff.
_________________
Gentoo Studio: A Gentoo-based, professional digital audio workstation OS. |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 42564
Location: 56N 3W
|
| Posted: Sun Jul 22, 2018 3:30 pm Post subject: |
|
|
audiodef,
I greylist everything. That means nothing gets through at the first attempt from anywhere.
Spammers rarely do a retry :)
I check RDNS too but that drops some mail that I do want due to oddly configured mail systems.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
audiodef
Watchman
Joined: 06 Jul 2005
Posts: 6308
Location: /usr/lib64/lv2
|
| Posted: Mon Jul 23, 2018 8:35 pm Post subject: |
|
|
Thanks, Neddy. Great idea. 
EDIT:
Trying Postgrey. It seemed to block all mail until I found in my logs that postfix was unable to connect to postgrey. This was because
https://wiki.gentoo.org/wiki/Postfix/Greylisting
gives a specific port which is not the actual port used in my instance. Checking ps aux | grep postgrey, I used the port from that output and now postgrey appears to be working, with expected log output.
_________________
Gentoo Studio: A Gentoo-based, professional digital audio workstation OS. |
|
| Back to top |
|
|
figueroa
Guru
Joined: 14 Aug 2005
Posts: 401
Location: GA-USA
|
| Posted: Sun Feb 24, 2019 4:23 am Post subject: |
|
|
I've begun to just redirect all mail from selected top level domains that appear to only send spam using a procmail rule:
| Code: | :0
* ^Return-Path.*@([-a-z0-9_\.]+)(\.stream>|\.info>|\.bi.>|\.date>|\.win>|\.c.\.cc>|\.top>|\.webcam>|\.me>|\.tv>|\.party>|\.faith>|\.review>|\.site>|\.trade>|\.click>|\.link>|\.rocks>|\.space>|\.work>|\.xxx>|\.xyz>|\.club>|\.press>|\.cricket>|\.download>|\.science>|\.study>|\.gdn>|\.men>|\.site>|\.world>|\.agency>|\.today>|\.icu>|\.life>|\.live>|\.fun>|\.pro>|\.loan>|\.gq>|\.store>)
{
LOG="Sender Domain Rule Return Path - "
:0: senderdom1
.junk/
}
:0
* ^From.*@([-a-z0-9_\.]+)(\.stream>|\.info>|\.bi.>|\.date>|\.win>|\.c.\.cc>|\.top>|\.webcam>|\.me>|\.tv>|\.party>|\.faith>|\.review>|\.site>|\.trade>|\.click>|\.link>|\.rocks>|\.space>|\.work>|\.xxx>|\.xyz>|\.club>|\.press>|\.cricket>|\.download>|\.science>|\.study>|\.gdn>|\.men>|\.site>|\.world>|\.agency>|\.today>|\.icu>|\.li[fv]e>|\.fun>|\.pro>|\.loan>|\.gq>|\.store>)
{
LOG="Sender Domain Rule From - "
:0: senderdom2
.junk/
} |
I keep track of the hits by mailing myself a custom log daily, and I also check "junk" a couple of times a day. These two rules are run before SpamAssassin, and from these domains I get 0% false positives. This is 80% of all of my spam. The Return-Path rules catches 99.9% of these top level domain bad actors. The From rule is just a fall-back, but From is most often forged anyway.
You can modify rules like these to hit on selected user names in the To: or TO: header.
_________________
Andy Figueroa
andy@andyfigueroa.net Working with Unix since 1983. |
|
| Back to top |
|
|
|
Networking & Security
