April 4th, 2012, 12:51 PM
Stopping spam - postix
I have recently completed my conversion from centos5 with sendmail to centos 6 with postfix/dovecot/procmail/spamassassin....and a little postgrey.
Thought I would share my spam begone story.
My old box got lots of spam...and a lot got through. My email address on one server is from 1997 the other from 2001. Both seem to be on every single spam list that exists.
I got it down from 300 or so that made it through to about 5-10 a day tops....
For postfix I added just about every smtpd restriction I could, fqdn, reverse host, etc....there are quite a few.
That stopped a ton...and it rejects them during the helo stuff, not a bounced mail. Of course reject any user except for the ones who are supposed to receive incoming mails.
spamassassin I only use for spam levels over 10 as they seem to be a compromised free email account usually and the spammer goes for broke. If the spam level is over 10 it usually is in the 30s. So I just delete them.
Lastly, I started adding the ones that got through to a spam blacklist. Almost all of these seem to be from the same 5 groups of spammers based on the layout of the mail.
Most are bulk spammers that keep off rbl lists by requesting removal, keep proper mail formats, and have a lot of hidden mail servers with credentials.
So I started making a list of them. And that paid off really well.
I get about1 every few hours at most. On one account I get one a day...down from hundreds. On the older account I still get about 5 a day.
And I diligently add to the blacklist those that get through.
Feel free to copy or peruse my blacklist here
There are only a few names you might recognize, but they are on there since they do not stop, even with rejects, even with unsubscribe.
I hated email before due to so much spam. Having the email address since 1997 means I cannot change it, but 15 years of posts, mails, subscriptions, and the spam was overwhelming.
Now I have empty mailboxes...it is unreal
One thing I noticed...I added each smtp restriction and other blocks one at a time....mail would drop for a few hours, then pick up again. It is like they have networks designed to upgrade if you resist.
Once I dropped the easily spoofed acceptance, they went to more legitimate means...then when it was all done they came from real bulk spammers and not their fake ones...which I would add to the blacklist.
When I would add a name to the blacklist it would stop from that spammer...til the next day when they would use another of their email servers.. like vocus.com was blocked, then vocsmail came in.
fine by me, I just kept adding them.
My list grows about 2 or 3 a day...feel free to use it.
Last edited by alleyOOPs; April 4th, 2012 at 12:53 PM.