LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

February 2014

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS February 2014

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: server side spam filters
From:	David Sommerseth <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Tue, 11 Feb 2014 16:57:54 +0100
Content-Type:	text/plain
Parts/Attachments:	text/plain (63 lines)

On 11/02/14 02:13, Yasha Karant wrote:
> Our site has been edicted to Microsoft Exchange server with a Barracuda
> spam filter.  There are numerous difficulties, one of which is spam not
> being filtered and non-spam being so filtered (significant increase in
> mission critical false positives).  At present, the administrative
> authorities (all of whom appear to be management professionals, not
> internals nor systems folks) insist on Exchange, allowing open systems
> standards compliant end-users to have IMAP service.  Given this, what
> are the best server-side spam filters, either hardware or software? 
> "Best" should be based upon current field-deployed experience and/or
> unsolicited external reviews (not vendor-supported "independent" reviews).

I've put up a fairly simple Postfix + Amavis-new + SpamAssasin server in
front of some of my Zimbra servers to get rid of the "worst" trash (we
also had some other requirements too, but that's not important in this
thread).  I configured Postfix with several RBLs, SPF and postgrey.  In
addition I added these smtpd_recipient_restrictions:

        reject_unknown_reverse_client_hostname,
        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,

The RBLs I have had great success with are:

        reject_rbl_client bl.spamcop.net,
        reject_rbl_client zen.spamhaus.org,
        reject_rbl_client bl.blocklist.de,
        reject_rbl_client b.barracudacentral.org,
        reject_rbl_client bl.spamcannibal.org,
        reject_rbl_client cidr.bl.mcafee.com,

The two first ones and barracudacentral.org seems to be those being
triggered most.  Barracudacentral requires a registration (they want the
IP of your DNS resolver doing the queries).

With all this in place, I reduced the spam which SpamAssassin filtered
out from 75-80% to ~20-25%.

I had to remove SORBS, as they actually listed a lot of valid SMTP
relays ... and for those companies being hit here, it was just a too
costly operation to fix each time it happened.  On the other hand, the
other RBLs catch quite fine what SORBS blocked correctly.

In regards to SPF, that works pretty well.  I did it even stricter than
the default configuration (I use python-policyd-spf), where I set
PermError_reject = True.  That enforces that SPF rules which are
explicit much harder.

And with postgrey, I learned that you need at least a 10 minutes
threshold.  For one of the servers I maintain, postgrey blocks ~25% of
all mail attempts.  On antoher one (low traffic), the hit rate was so
low I actually removed.  So you need to test and see if it can match
your needs.

--
kind regards,

David Sommerseth

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV