With the increasing amounts of spam email thats being sent across the internet recently, I decided to improve my spam filtering.
Already I had Amavisd-New (http://www.ijs.si/software/amavisd/) running my emails through Spamassassin for spam detection and Clamav for virus filtering, but even with these a lot of junk was getting through. The majority of the junk email I was getting at the time was coming from foreign IP addresses, and mostly in dynamic IP ranges allocated to home users. I.E. Home users Windows machines that have been compromised by endless spam bots which sit doing their controllers dirty work without the owner of the machine knowing any different.
If you are concerned that your PC could be being used for these activities, I would recommend running a complete virus scan of your PC regularly. If you have a virus scanner, make sure it is up to date and running properly, if not I’d recommend Trendmicro’s Housecall for a free online scanner. http://housecall.antivirus.com Aswell as the virus scanner, Windows itself needs to be kept up to date using http://windowsupdate.microsoft.com
Enough on the major cause of spam, what can be done to eliviate the problem of spam. There are multiple things you can do to reduce the spam problem. The first that I tried was to filter all my email, while this is ok on a small scale, filtering ALL email for a large mail system can require a lot of processing time.
Various types of listing
Black listing, is a list that is refused immediately, no questions asked – the lists above.
White listing, this is a list of that will always be allowed through
Grey listing, this is where a list is built up to allow through
How about we drop mail before it even gets that far? Real time spam blacklists are very useful for this, while occasionally legitimate machines get on these blacklists and sometimes spammers aren’t on them, this in combination with other measures helped to cut down my spam.
To enable blacklisting features in your postfix setup, add the following to smtpd_recipient_restrictions in your config.
This will tell postfix to use the 7 blacklists to check mail before even allowing it in. While this will reduce spam, alone it will not cut it completely. This is where ‘Grey listing’ comes in.
Grey listing works best when used with other forms of filtering, and it relies on the fact that most spammers email ‘servers’ don’t behave correctly. Normal email servers will retry to send mail through if they are given a temporary error code from the recipients SMTP server. However, spam servers don’t retry the mail.
What greylisting does is when a new mail comes in, it saves a keypair, the senders and the recipients email address, if, after a set period of time that pair comes back to the server then it is allowed through. While this works currently, it is only a matter of time before spammers start to create more ‘correct’ mail servers that have the ability to get around this.
To implement grey filtering in postfix using the ‘postgrey’ script available from http://isg.ee.ethz.ch/tools/postgrey/
Again, in the smtpd_recipient_restrictions block add another line that contains
Once you have added this, start postgrey and then reload postfix, your mail logs should then show postgrey working by giving out temporary errors to inbound emails. After a short period you won’t notice any delay in your email once a list of allowed senders builds up.