Date: Thu, 5 Jan 2017 08:12:48 +0000 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Subject: Re: Filtering Email Message-ID: <9bd488a3-ca45-a546-3706-3b032386f954@FreeBSD.org> In-Reply-To: <2E557AFF-35A1-4D08-8FA9-10C65BF4ABDE@lafn.org> References: <2E557AFF-35A1-4D08-8FA9-10C65BF4ABDE@lafn.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --xQ2USewWwbkJF3rK5vXDpxBe0Dck6KTa9 Content-Type: multipart/mixed; boundary="exv1SQENRcgTchpu25pbMiwRfehCNKVLu"; protected-headers="v1" From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Message-ID: <9bd488a3-ca45-a546-3706-3b032386f954@FreeBSD.org> Subject: Re: Filtering Email References: <2E557AFF-35A1-4D08-8FA9-10C65BF4ABDE@lafn.org> In-Reply-To: <2E557AFF-35A1-4D08-8FA9-10C65BF4ABDE@lafn.org> --exv1SQENRcgTchpu25pbMiwRfehCNKVLu Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 05/01/2017 01:46, Doug Hardie wrote: > I have a local mail server (postfix, dovecot LDA) that receives mail > that is forwarded from my main account's mail server. Virtually all > mail is forwarded so the received from address is the same for all. > For a number of years we have used drive-by mail blocking on the main > MTA. Basically it sends a TEMP_FAIL to the first email from an > unknown sender and then if they later retry, it is accepted. This > blocked over 90% of the spam a few years ago as spammers didn't > bother to pay for retries. However, the environment has changed and > it appears that the spammer's MTAs now do retry so a lot of spam is > getting through. Yeah -- greylisting is now a lot less effective than it was, as the spammers have learned to forward e-mails through real MTAs, and those will retry after a tempfail. > I am looking to be able to filter mail on the local MTA (either > postfix or dovecot) so that I can have a table of IP addresses/names > that if any appear in any Received header the email is filtered to the > bit bucket. It appears that is possible in dovecot pigeonhole (I am > using that). However, it is not table driven. You have to write a rule > for each name/IP. I don't see anyway to have it refer to a table. Is > such possible? postfix is the right place to set up your blacklist. Indeed, postfix can read the blacklisted addresses from a file or from numerous types of database. See: http://www.postfix.org/header_checks.5.html (for filtering based on Received: headers) Otherwise, any spam filtering tool will be able to handle blacklisting a list of senders. Check out rspamd and rmilter in ports. There's a potential problem with rejecting email from your local server -- backscatter. If your upstream MTA has accepted a message for delivery and then your local MTA later decides to bounce it, there is no choice other than to send the bounce to the sender address in the mail headers, and spammers nowadays forge that address, so you end up resending the spam to some (possibly innocent) third party. It's better to just /dev/null the messages in such circumstances. Cheers, Matthew --exv1SQENRcgTchpu25pbMiwRfehCNKVLu-- --xQ2USewWwbkJF3rK5vXDpxBe0Dck6KTa9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJYbgAAXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATg2AQAKjPt2PCro+tBZmm0J9D/ofz rL9qNDz2z+Rym/7F+Ewsg91RExDe8NAjerB3Sikw7fgf+47ix4nrc9QpJ9fqsjf+ C38ohtN9pFwi1inAjAzC6Jv94JEWpdii0GDFIoxDzHhJ9fBe2Z6AojBWyIudMnkY +XB3pT7QoE86hX9uZfWbFlyS4mSQat/XG2ACTg33S6/4sMrHjvis1h1yEXFp0FNy pvuTaEb6sSnr9cTvmBcmERE8sL6CsRRDNw4N5VhusjNkqeKPLLsZKj/ZCYRO9nax 6W7MD11TWIX6/d0DsbS21W9wSNibSDdJxBGmMXliNX8vK+H9kZfHM4xaybGAR9S0 ldmnRRDENl9aif8sTDDMAq983fO1pV+YGbDF9kkkYT2Dyfo1oArqI3kfDFAzQtnQ d+uSLZGfEdtV2pU6iI2aC6heDOyFcmKr/ndHtN7jhBIghLTJBnHQwuC8xD18iv0F zgCLPaoohVbYTzYYtMfBOIrrlq4ZYD84K29Atg/UMWcwDdOwtH1HcF1at+/1rUY3 5W8byh029cl3DnQURdr41nVGTUke+0bx695Cypelcy9+AnW84APUf3jEXwmAC9LE UPjkZZVItAyHveNEaUSTaVczWC+vByL+IHDlSWifEGoPntcE+9AYM66XzES450SD of2FOcRV20L+Cvq6eG90 =hfSY -----END PGP SIGNATURE----- --xQ2USewWwbkJF3rK5vXDpxBe0Dck6KTa9--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9bd488a3-ca45-a546-3706-3b032386f954>