ich werde der Spamflut nicht Herr - postfix amavis-new dovecot

André Keller ak at list.ak.cx
Mo Mär 13 20:59:16 CET 2017


Hi,

was bei mir immernoch erstaunlich viel bringt ist greylisting (trotz
postscreen, spamassassin etc.). Ich hab das aber sehr selektiv in Betrieb:

smtpd_recipient_restrictions =
  reject_non_fqdn_recipient,
  reject_unknown_recipient_domain,
  reject_non_fqdn_sender,
  reject_unknown_sender_domain,
  permit_mynetworks,
  reject_invalid_helo_hostname,
  reject_non_fqdn_helo_hostname,
  reject_unauth_destination,
  reject_unverified_recipient,
  check_client_access pcre:$config_directory/greylisting.pcre,

smtpd_restriction_classes = greylisting

greylisting =
  permit_dnswl_client list.dnswl.org,
  permit_dnswl_client swl.spamhaus.org,
  check_policy_service inet:127.0.0.1:10026

/etc/postfix/greylisting.pcre:
# these look like IPs or are domain names with lots of labels
/(\-.+){4}$/ greylisting
/(\..+){4}$/ greylisting
# these look like dynamically assigned hostnames
/(^|[0-9.x_-])(abo|br(e|oa)dband|cabel|(hk)?cablep?|catv|cbl|cidr|d?client2?|cust(omer)?s?|dhcp|dial?(in|up)?|d[iu]p|[asx]?dsld?|dyn(a(dsl|mic)?)?|home|in-addr|modem(cable)?|(di)?pool|ppp|ptr|rev|static|user|YahooBB[0-9]{12}|c[[:alnum:]]{6,}(\.[a-z]{3})?\.virtua|[1-9]Cust[0-9]+|AC[A-Z][0-9A-F]{5}\.ipt|pcp[0-9]{6,}pcs|S0106[[:alnum:]]{12,}\.[a-z]{2})[0-9.x_-]/
greylisting
# these do not have a matching hostname->rdns mapping
/^unknown$/ greylisting
# these are countries with higher than average spam appearance
/\.br$/ greylisting
/\.cn$/ greylisting
/\.hk$/ greylisting
/\.id$/ greylisting
/\.in$/ greylisting
/\.kz$/ greylisting
/\.ru$/ greylisting
/\.th$/ greylisting
/\.tw$/ greylisting
/\.ua$/ greylisting
/\.vn$/ greylisting


And then there is a postgrey instance running on 127.0.0.1:10026

hth
André


Mehr Informationen über die Mailingliste postfix-users