|
|
|
|
|
|
| Author |
Message |
Steve at fivetrees
*nix forums addict
Joined: 21 May 2005
Posts: 82
|
 Posted: Wed Jun 07, 2006 7:26 am Post subject:
spamd etc - the sequel
|
|
|
Further to an earlier thread ("spamd tutorial?"), I gathered up my courage
and made some changes to my production servers as a first step in combatting
spam. (Well, maybe a second step - I already use the "access" table feature
in sendmail.) I read up everything I could find on pf's spamd feature, and
also on SpamAssassin. I was fairly happy with the first, less so with the
second (I redirect mail using virtusertable, and wasn't confident about mail
delivery to non-local mailboxes...)
I made the following changes (these are OpenBSD 3.7 systems):
- rc.conf.local: spamd_flags=""
- spamd.conf: changed the "all:\" line to reference spews1, as per the 3.8
default
- pf.conf: added:
table <spamd> persist
rdr pass on $ext_if proto tcp from <spamd> to port smtp -> 127.0.0.1
port spamd
- crontab: uncommented the spamd-setup entry
I also ran /usr/libexec/spamd-setup to prime the process. After a reboot I
could see spamd was running, and listing pf's filter rules shows the spamd
table in existence.
However: I'm not seeing any change in behaviour or any reduction in spam.
I'm wondering if I've missed something - in particular I'm not confident
that I know where the spamd table actually is, or whether it actually
contains any entries. Perhaps I expected too much...?
And clues or pointers gratefully received, and apologies if this is basic
stuff and I've missed something obvious.
Steve
http://www.fivetrees.com |
|
| Back to top |
|
 |
?
*nix forums beginner
Joined: 06 Jul 2005
Posts: 35
|
| Posted: Fri Jun 09, 2006 7:27 pm Post subject:
Re: spamd etc - the sequel
|
|
|
On Wed, 7 Jun 2006 08:26:21 +0100 in <GJadnUKi58A_4hvZRVnyvw@pipex.net> Steve at fivetrees <steve@NOSPAMTAfivetrees.com> wrote:
[Steve demonstrats that he setup spamd without greylisting support]
You just setup standard blacklisting and tarpitting.
As the bulk of the spam is going to come from a compromised Windoze
box that isn't on anything except the most overzealous blacklists,
you won't see much difference.
If you change the configuration to greylisting with blacklisting,
you may see a significant decrease in spam with current spam engines.
You will still need to audit for open relays, idiot ISPs that
transparently proxy all end user mail through their relays
but fail to check for spam, etc, etc.
You will also want to look into spamtrap addresses and
getting them out on USENET and the web for spammers to harvest.
And even then, I put mailscanner on the mailserver to catch virus
payloads.
--
Chris Dukes
"The key to effective management is properly timed hovering." |
|
| Back to top |
|
|
Steve at fivetrees
*nix forums addict
Joined: 21 May 2005
Posts: 82
|
| Posted: Sat Jun 10, 2006 4:31 am Post subject:
Re: spamd etc - the sequel
|
|
|
"?" <pakrat@localhost.private.neotoma.org> wrote in message
news:slrne8jisc.tjc.pakrat@mouse.private.neotoma.org...
| Quote: | On Wed, 7 Jun 2006 08:26:21 +0100 in <GJadnUKi58A_4hvZRVnyvw@pipex.net
Steve at fivetrees <steve@NOSPAMTAfivetrees.com> wrote:
[Steve demonstrats that he setup spamd without greylisting support]
You just setup standard blacklisting and tarpitting.
As the bulk of the spam is going to come from a compromised Windoze
box that isn't on anything except the most overzealous blacklists,
you won't see much difference.
If you change the configuration to greylisting with blacklisting,
you may see a significant decrease in spam with current spam engines.
You will still need to audit for open relays, idiot ISPs that
transparently proxy all end user mail through their relays
but fail to check for spam, etc, etc.
|
Aha. That's very helpful; thanks. Clearly my understanding of the term
"greylisting" was, errrr, incomplete. I've since been reading up on it and
am clearly missing the most important part  .
| Quote: | You will also want to look into spamtrap addresses and
getting them out on USENET and the web for spammers to harvest.
|
Yep, noted.
| Quote: | And even then, I put mailscanner on the mailserver to catch virus
payloads.
|
Again I'll look into that. Thanks.
Steve
http://www.fivetrees.com |
|
| Back to top |
|
|
Steve at fivetrees
*nix forums addict
Joined: 21 May 2005
Posts: 82
|
| Posted: Sun Jun 11, 2006 3:29 pm Post subject:
Re: spamd etc - the sequel
|
|
|
"?" <pakrat@localhost.private.neotoma.org> wrote in message
news:slrne8jisc.tjc.pakrat@mouse.private.neotoma.org...
| Quote: | On Wed, 7 Jun 2006 08:26:21 +0100 in <GJadnUKi58A_4hvZRVnyvw@pipex.net
Steve at fivetrees <steve@NOSPAMTAfivetrees.com> wrote:
[Steve demonstrats that he setup spamd without greylisting support]
You just setup standard blacklisting and tarpitting.
As the bulk of the spam is going to come from a compromised Windoze
box that isn't on anything except the most overzealous blacklists,
you won't see much difference.
If you change the configuration to greylisting with blacklisting,
you may see a significant decrease in spam with current spam engines.
|
Curious. I've now enabled greylisting, but am seeing no change in
performance. Watching maillog suggests no delays.
I'll investigate - perhaps my pf.conf is passing SMTP in somewhere else -
and report back.
Steve
http://www.fivetrees.com |
|
| Back to top |
|
|
Steve at fivetrees
*nix forums addict
Joined: 21 May 2005
Posts: 82
|
| Posted: Wed Jul 05, 2006 2:24 am Post subject:
Re: spamd etc - the sequel
|
|
|
"Steve at fivetrees" <steve@NOSPAMTAfivetrees.com> wrote in message
news:4fudnZZITdFaqxHZRVnytg@pipex.net...
| Quote: | "?" <pakrat@localhost.private.neotoma.org> wrote in message
news:slrne8jisc.tjc.pakrat@mouse.private.neotoma.org...
On Wed, 7 Jun 2006 08:26:21 +0100 in <GJadnUKi58A_4hvZRVnyvw@pipex.net
Steve at fivetrees <steve@NOSPAMTAfivetrees.com> wrote:
[Steve demonstrats that he setup spamd without greylisting support]
You just setup standard blacklisting and tarpitting.
As the bulk of the spam is going to come from a compromised Windoze
box that isn't on anything except the most overzealous blacklists,
you won't see much difference.
If you change the configuration to greylisting with blacklisting,
you may see a significant decrease in spam with current spam engines.
Curious. I've now enabled greylisting, but am seeing no change in
performance. Watching maillog suggests no delays.
I'll investigate - perhaps my pf.conf is passing SMTP in somewhere else -
and report back.
|
Wahay! It's all working.
The problem was.... me. There was a typo in my pf.conf (an IP address) which
resulted in the rdr rule, while still legal, doing nothing useful. D'oh!
What a superb system it is. Watching the logs and spamdb is *extremely*
satisfying . Finally I get to hit back!
Steve
http://www.fivetrees.com |
|
| Back to top |
|
|
Steve at fivetrees
*nix forums addict
Joined: 21 May 2005
Posts: 82
|
| Posted: Wed Jul 05, 2006 3:59 pm Post subject:
Re: spamd etc - the sequel
|
|
|
"Steve at fivetrees" <steve@NOSPAMTAfivetrees.com> wrote in message
news:BLOdnV6QL8NmvzbZRVny0A@pipex.net...
| Quote: |
What a superb system it is. Watching the logs and spamdb is *extremely*
satisfying . Finally I get to hit back!
|
14 hours on, and I'm even more impressed. I'd normally average around 150
spams during that time (I'm the webmaster for many, many sites). I've
received 2.
My hosting clients report similar results. No-one seems to mind the initial
delay - they understand and appreciate the benefits.
Superb. I'm a very, very happy bunny.
Steve
http://www.fivetrees.com |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
|
The time now is Sun Nov 23, 2008 10:25 am | All times are GMT
|
|
Problem Mortgage | iPhone Reviews | Mortgages | Mortgage Loans | Personal Loans
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
*nix
»
BSD
»
OpenBSD
