Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Tips wanted on weeding out name spam
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 6308
Location: /usr/lib64/lv2

PostPosted: Wed Jul 11, 2018 10:31 pm    Post subject: Tips wanted on weeding out name spam Reply with quote

I run my own mail server on a Gentoo-based server. Anyone have any tips for weeding out that spam with people's names in the subject line?
_________________
Gentoo Studio: A Gentoo-based, professional digital audio workstation OS.


Last edited by audiodef on Sun Jul 22, 2018 3:23 pm; edited 2 times in total
Back to top
View user's profile Send private message
bunder
Bodhisattva
Bodhisattva


Joined: 10 Apr 2004
Posts: 5801

PostPosted: Wed Jul 11, 2018 11:18 pm    Post subject: Reply with quote

You could write a custom spamassassin rule if you're okay with perl regex. :wink:

https://wiki.apache.org/spamassassin/WritingRules#Header_rules
_________________
overlay | patches
Neddyseagoon wrote:
The problem with leaving is that you can only do it once and it reduces your influence.
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 6308
Location: /usr/lib64/lv2

PostPosted: Thu Jul 12, 2018 2:49 am    Post subject: Reply with quote

I was wondering if I could do something like that. I mean, who IRL actually puts their name and only their name in the subject line anyway? :P

EDIT: Being the usual idiot I am, I forgot I already had sufficient measures in place. I just needed to run sa-update and restart spamd.
_________________
Gentoo Studio: A Gentoo-based, professional digital audio workstation OS.
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 6308
Location: /usr/lib64/lv2

PostPosted: Sun Jul 22, 2018 3:24 pm    Post subject: Reply with quote

Not solved.

I know it's not a bad mail server config because it's only affecting two accounts that have been used online over time. I'm hoping to figure out how to strengthen my spam filter. I could del these accounts, but I'd have to go around updating a lot of places that use these emails as logins and stuff.
_________________
Gentoo Studio: A Gentoo-based, professional digital audio workstation OS.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 42581
Location: 56N 3W

PostPosted: Sun Jul 22, 2018 3:30 pm    Post subject: Reply with quote

audiodef,

I greylist everything. That means nothing gets through at the first attempt from anywhere.
Spammers rarely do a retry :)

I check RDNS too but that drops some mail that I do want due to oddly configured mail systems.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 6308
Location: /usr/lib64/lv2

PostPosted: Mon Jul 23, 2018 8:35 pm    Post subject: Reply with quote

Thanks, Neddy. Great idea. :)

EDIT:

Trying Postgrey. It seemed to block all mail until I found in my logs that postfix was unable to connect to postgrey. This was because

https://wiki.gentoo.org/wiki/Postfix/Greylisting

gives a specific port which is not the actual port used in my instance. Checking ps aux | grep postgrey, I used the port from that output and now postgrey appears to be working, with expected log output.
_________________
Gentoo Studio: A Gentoo-based, professional digital audio workstation OS.
Back to top
View user's profile Send private message
figueroa
Guru
Guru


Joined: 14 Aug 2005
Posts: 401
Location: GA-USA

PostPosted: Sun Feb 24, 2019 4:23 am    Post subject: Reply with quote

I've begun to just redirect all mail from selected top level domains that appear to only send spam using a procmail rule:

Code:
:0
* ^Return-Path.*@([-a-z0-9_\.]+)(\.stream>|\.info>|\.bi.>|\.date>|\.win>|\.c.\.cc>|\.top>|\.webcam>|\.me>|\.tv>|\.party>|\.faith>|\.review>|\.site>|\.trade>|\.click>|\.link>|\.rocks>|\.space>|\.work>|\.xxx>|\.xyz>|\.club>|\.press>|\.cricket>|\.download>|\.science>|\.study>|\.gdn>|\.men>|\.site>|\.world>|\.agency>|\.today>|\.icu>|\.life>|\.live>|\.fun>|\.pro>|\.loan>|\.gq>|\.store>)
{
LOG="Sender Domain Rule Return Path - "
:0: senderdom1
.junk/
}

:0
* ^From.*@([-a-z0-9_\.]+)(\.stream>|\.info>|\.bi.>|\.date>|\.win>|\.c.\.cc>|\.top>|\.webcam>|\.me>|\.tv>|\.party>|\.faith>|\.review>|\.site>|\.trade>|\.click>|\.link>|\.rocks>|\.space>|\.work>|\.xxx>|\.xyz>|\.club>|\.press>|\.cricket>|\.download>|\.science>|\.study>|\.gdn>|\.men>|\.site>|\.world>|\.agency>|\.today>|\.icu>|\.li[fv]e>|\.fun>|\.pro>|\.loan>|\.gq>|\.store>)
{
LOG="Sender Domain Rule From - "
:0: senderdom2
.junk/
}


I keep track of the hits by mailing myself a custom log daily, and I also check "junk" a couple of times a day. These two rules are run before SpamAssassin, and from these domains I get 0% false positives. This is 80% of all of my spam. The Return-Path rules catches 99.9% of these top level domain bad actors. The From rule is just a fall-back, but From is most often forged anyway.

You can modify rules like these to hit on selected user names in the To: or TO: header.
_________________
Andy Figueroa
andy@andyfigueroa.net Working with Unix since 1983.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum