From: "Shcherbina N. Timur" <timur@hlbprime.com>
To: "'ALT Linux sysadmin discuss'" <sysadmins@lists.altlinux.org>
Subject: Re: [Sysadmins] Борьба со спамом!!!
Date: Tue, 4 Mar 2008 11:52:23 +0300
Message-ID: <005301c87dd5$104dcf60$30e96e20$@com> (raw)
In-Reply-To: <f041fbd00803040019j1ad2443dyd72459a018162a5a@mail.gmail.com>
Mail.ru для меня сказка, с ним spamassasin вполне справляется, а так как
домен .com, то проблематично с предложениями увеличению органов и продажей
виагры, причем замечена одна закономерность, а именно:
Вот часть main.cf
smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks,
check_client_access hash:/etc/postfix/client_access, check_client_access
regexp:/etc/postfix/dul_checks, reject_rbl_client bl.spamcop.net,
reject_rbl_client cbl.abuseat.org, reject_rbl_client list.dsbl.org, permit
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,
check_helo_access hash:/etc/postfix/helo-access, check_helo_access
regexp:/etc/postfix/helo-regexp, reject_invalid_hostname,
reject_non_fqdn_hostname, reject_unknown_hostname, permit
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_unlisted_recipient, reject_unauth_destination, permit
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks,
check_sender_access regexp:/etc/postfix/sender_access,
reject_non_fqdn_sender, reject_unknown_sender_domain, permit
Файл /etc/postfix/dul_checks
/([0-9]*-){3}[0-9]*(\..*){2,}/i 553 SPAM_ip-add-rr-ess_networks
/([0-9]*\.){4}(.*\.){3,}.*/i 553 SPAM_ip-add-rr-ess_networks
Файл /etc/postfix/helo-regexp
/([0-9]{1,3}(\.|-)){3}[0-9]{1,3}/i REJECT IP-able helo SPAM
Вообщем весь этот конфиг говорит о том что запрещаем ИП-адрес в качестве
HELO.
Но каким то чудным образом пролезают письма с таким заголовком(см. ниже),
проанализировав логи и заголовки, пришел к выводу что с данного ИП создается
максимальное кол-во подключений и во всех практически заголовках первый
Received: from ИП (HELO ИП), также при анализе понял, что такие письма
проходят тока на алиасы, в примере внизу admin это алиас timur@hlbprime.com:
Mar 3 19:33:45 post postfix/anvil[12847]: statistics: max connection rate
7/60s for (smtp:190.50.106.101) at Mar 3 19:30:31
Received: by post.hlbprime.com (Postfix, from userid 121)
id 157842000342; Mon, 3 Mar 2008 19:30:03 +0300 (MSK)
X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on post.hlbprime.com
X-Spam-Level: **
X-Spam-Status: No, score=2.2 required=7.0 tests=AWL,HTML_EXTRA_CLOSE,
HTML_MESSAGE,RCVD_FORGED_WROTE2,RDNS_NONE autolearn=no version=3.2.1
Received: from ps-av.com (unknown [190.50.106.101])
by post.hlbprime.com (Postfix) with SMTP id 7EF16200034E
for <admin@hlbprime.com>; Mon, 3 Mar 2008 19:29:54 +0300 (MSK)
Received: from 67.39.166.4 (HELO nospam.ivnet.com)
by hlbprime.com with esmtp ({nChar[8-12]} {nChar[4-6]})
id GEJkZB-VhSSrV-7l
for admin@hlbprime.com; Mon, 03 Mar 2008 14:31:59 -0300
next prev parent reply other threads:[~2008-03-04 8:52 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-04 7:18 ` Максим Иванов
2008-03-04 7:32 ` ABATAPA
2008-03-04 7:46 ` Maks Re
2008-03-04 8:06 ` Shcherbina N. Timur
2008-03-04 8:19 ` Maks Re
2008-03-04 8:52 ` Shcherbina N. Timur [this message]
2008-03-04 8:32 ` Sergey
2008-03-04 11:55 ` Nikolay
2008-03-04 12:06 ` Shcherbina N. Timur
2008-03-04 8:40 ` Alexey Morsov
2008-03-04 8:53 ` Maxim Tyurin
2008-03-04 14:15 ` Максим Иванов
2008-03-04 14:33 ` ua2fgb
2008-03-04 14:45 ` Shcherbina N. Timur
2008-03-04 14:37 ` Shcherbina N. Timur
2008-03-04 15:05 ` Sergey
2008-03-04 15:33 ` Shcherbina N. Timur
2008-03-05 7:13 ` Sergey
2008-03-07 9:04 ` Максим Иванов
2008-03-07 9:07 ` Алексей Шенцев
2008-03-07 9:09 ` ua2fgb
2008-03-05 7:16 ` Sergey
2008-03-06 12:21 ` Maxim Tyurin
2008-03-04 8:34 ` Alexander Volkov
2008-03-04 9:12 ` Shcherbina N. Timur
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='005301c87dd5$104dcf60$30e96e20$@com' \
--to=timur@hlbprime.com \
--cc=sysadmins@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux sysadmins discussion
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sysadmins/0 sysadmins/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sysadmins sysadmins/ http://lore.altlinux.org/sysadmins \
sysadmins@lists.altlinux.org sysadmins@lists.altlinux.ru sysadmins@lists.altlinux.com
public-inbox-index sysadmins
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sysadmins
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git