Jump to content
Froxlor Forum

Archived

This topic is now archived and is closed to further replies.

  • 0
arnoldB

[Poll] How to secure mail-server(s) against spam?

Question

Hey,

 

I'd like to ask you:

 

How to secure mail-server(s) against spam?

Which software do you use?

Did you have implemented a interface in your Froxlor for your admins/resellers/customers(for scaling the behavior of spam-detection, etc.)?

Which tutorials or documentations do you advise?

 

My knowledge in mail-antispam is very low. I'd be very happy to learn from you.

 

My default pop/imap server is: Dovecot

My default smtp server is: Postfix

 

What is your experience in

 

- blocklists (*RBL)

- Greylisting

- SPF / DomainKeys

- Your ways to fight against spam

 

 

Thanks a lot for participating on this topic.

 

arnoldB

Share this post


Link to post
Share on other sites

6 answers to this question

Recommended Posts

I deployed Maia Mailguard years ago and I have grown fond of it, as it provides me with a system-wide efficiency of 99.03% (0.01% false positives, 0.96% false negatives). It can be configured to use the Froxlor mailuser database.

 

Another solution that caught my eye recently is Dspam. Should I ever decide to part from Maia this would probably be the first alternative I would consider.

Share this post


Link to post
Share on other sites

El Rico, maybe you want to add a maia mailguard sample-configuration to use with Froxlor's database in our wiki so others can benefit from it?

Share this post


Link to post
Share on other sites

There wouldn't be much benefit to it, because the only point of integration is the mail user database, which is very well explained in the Maia configuration itself. The rest depends very much on the preferences of the system administrator, e.g. spam thresholds, quarantine times etc. :)

Share this post


Link to post
Share on other sites

Hey there,

 

I like to answer your questions.

 

How to secure mail-server(s) against spam?

About 90 percent of real-spam emails reaching my smtpd get deleted directly by postfix.

One half got filtered by DNSBL, the other half by FQDN restrictions. See this abridgment of main.cf below.

 

smtpd_recipient_restrictions =
   permit_mynetworks,
   permit_sasl_authenticated,
   reject_sender_login_mismatch,
   reject_non_fqdn_hostname,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unauth_destination,
   reject_unauth_pipelining,
   reject_invalid_hostname,
   reject_rbl_client sbl-xbl.spamhaus.org,
   reject_rbl_client ix.dnsbl.manitu.net,

 

Emails which not got filtered have to pass spamassassin (and clamav via clamsmtp, but irrelevant). Spamassassin mostly uses default configuration, I just decreased the required_score value to 4.0.

Emails excessin the required_score get a ***SPAM*** tag in subject and will be delivered (by dovecot-sieve) to Junk folder (so users have a chance to read those could-be-spam emails anyway).

 

 

Which software do you use?

 

FreeBSD 8.1-p2

The following software is running in an ezjail environment (not necessary for handling with spam emails, but it is a huge security improvement)

Postfix 2.7.2

Dovecot 1.2.16 with dovecot-sieve 1.2

ClamAV 0.97

Clamsmtp 1.10

 

Another way to use Clamav and Spamassassin is relaying your emails through amavis daemon, which calls spamassassin and clamav by himself.

Somehow amavis wont work in a jail so I had to use clamsmtp.

 

Did you have implemented a interface in your Froxlor for your admins/resellers/customers(for scaling the behavior of spam-detection, etc.)?

 

Unfortunately I have no knowledge of PHP, so probably I won't implement anything in froxlor myself. Maybe the developers will ;-).

 

Which tutorials or documentations do you advise?

 

First of all of course the official documentations of above-named software. Google helps a lot, too ;-)

Further check this thread on FreeBSD forums:

http://forums.freebsd.org/showthread.php?t=10728

It didn't work out of the box for me, but it includes a very good basement to integrate Spamassassin and Clamav (and some other trivia).

 

What is your experience in

 

- blocklist.de - NONE

- Greylisting - NONE

- SPF / DomainKeys - NONE

- Your ways to fight against spam - see above ;-)

Answers inside ;)

 

 

Best regards

Werner

Share this post


Link to post
Share on other sites

Edited the main.cf of Postfix to the following reduced the incoming spam about 80%:

 

# SMTPD Settings
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unauth_pipelining,
      # reject_non_fqdn_recipient,
   reject_rbl_client bl.blocklist.de,
   reject_rbl_client zombie.dnsbl.sorbs.net, 
   reject_rbl_client opm.blitzed.org, 
   reject_rbl_client sbl.spamhaus.org, 
   reject_rbl_client blackholes.easynet.nl, 
   reject_rbl_client dialup.blacklist.jippg.org, 
   reject_rbl_client cbl.abuseat.org,
check_recipient_mx_access cidr:/etc/postfix/mx_access

smtpd_sender_restrictions = permit_mynetworks,
   reject_rhsbl_client rhsbl.sorbs.net, 
   reject_rhsbl_sender rhsbl.sorbs.net, 
   reject_rbl_client sbl.spamhaus.org, 
   reject_rbl_client dialup.blacklist.jippg.org, 
   reject_rbl_client opm.blitzed.org, 
   reject_rbl_client cbl.abuseat.org,
   reject_rbl_client bl.blocklist.de,
permit_sasl_authenticated 
# reject_unknown_helo_hostname, 
# reject_unknown_recipient_domain, 
# reject_unknown_sender_domain

smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_client_hostname


smtpd_helo_restrictions = 
   permit_sasl_authenticated, 
   permit_mynetworks, 
   reject_unauth_destination, 
   reject_rhsbl_client rhsbl.sorbs.net, 
   reject_rhsbl_sender rhsbl.sorbs.net, 
   reject_rbl_client opm.blitzed.org, 
   reject_rbl_client cbl.abuseat.org, 
   reject_rbl_client sbl.spamhaus.org, 
   reject_rbl_client dialup.blacklist.jippg.org, 
   reject_rbl_client opm.blitzed.org, 
   reject_rbl_client bl.blocklist.de,
   reject_rbl_client cbl.abuseat.org, 
   reject_unauth_pipelining

Share this post


Link to post
Share on other sites

Hello all,

 

i use in my new froxolr postfix enviroment the ASSP Anti Spam Smtp Proxy to prevent spam. I use ASSP since years on different Servers an configuration (Suse, Debian,Conffix, Plesk a now squeeze with froxlor).

ASSP is a perl script.

It is implementet like : INCOME EMAIL --> ASSP --> Postfix.

Postfix --> ASSP --> OUTGOING EMAIL

 

It has all function to prevent from spam in one application. I disabled all spam prevention and User Authentification in Postfix an let ASSP do it. The result is 100%(yes) SpamFree.

 

Here is a small List of the features:

 

Easy browser-based setup (optional).

Uses your existing message transport and existing SMTP server.

Works with Sendmail, qmail, Postfix, Imail, Hmailserver, Kerio, Exchange, Courier, Mercury, Lotus Notes, and all other standard SMTP servers.

Adds SSL/TLS support and Spam Analysis even for your non SSL aware MTA

Automatically customizes to your site's unique email profile.

Automatic whitelist -- noone you email will ever be blocked.

Early Sender validation -- Kills most spam before it ever reaches the server.

Advanced Virus Scanning with ClamAV and your File-System Virusscanner

Senders receive immediate notification if mail is blocked but no erroneous bounces are ever generated.

Redlist keeps an address off the whitelist.

No-processing addresses pass through.

Makes use of honeypot type spambucket addresses to automatically recognize spam and update your spam database.

Bayesian filter intelligently classifies email into spam and non-spam.

Community based grey IP list, Senderbase, SPF, DKIM support even if your MTA does not support it.

Supports additional site-defined regular expressions to identify spam or non-spam email.

Can optionally block all non-whitelisted email (for anti-spam zelots).

Mime encoded and other camouflaged spam is also recognized.

Automatically maintains the spam and non-spam databases.

Accepts whitelist submissions and spam error reports by authorized email.

Optionally rejects executable attachments from non-whitelisted (or all) addresses.

Practically no maintenance required.

Active user community and email list for support questions.

Source code included if you need to customize your installation.

Optionally blocks no mail but adds an email header and/or updates the message subject.

Optionally uses community-based spam statistics to identify hosts that are likely to send spam or non-spam mail.

Individual users can be configured to receive all mail.

Shows detailed analysis of spam rating process for specific messages.

Option to forward a copy of every rejected mail to an address or to resend blocked Mails.

Can block spam-bombs (when spammers forge your domain in the from field) and fake Bounces

Keeps spam statistics for your site.

Detailed Wiki documentation.

Can listen on more than one smtp port.

Plug-In architecture for custom made funtions

In *nix environments can switch to non-root user. Also supports chroot jail.

Runs as a service or daemon in Windows NT/2000/2003/2008, Linux, OS X and many more platforms whits perl support

Free (as in speech) software -- Licensed under the GPL.

And much more!

 

 

Take a look at http://assp.sourceforge.net/

 

Christian

Share this post


Link to post
Share on other sites

×
×
  • Create New...