Custom rules for spamassasin?

Andy Green andy at warmcat.com
Sun Nov 13 18:57:00 UTC 2005 

Craig McLean wrote:

> You might well be right. On high-load systems a caveat, however, is that
> if you do this with RDNS queries and it'll lead to a potential DoS.

I guess that's true if they are sending random hostnames all the time.

> I haven't tested whether my mailserver will allow me to HELO with the
> mailservers hostname but a phony IP. I suspect this will be covered
> (assuming sendmail) by confPRIVACY_FLAGS or local-host-names.

For the record Postfix allows you to specify a hashed text file that has
the rules for HELO.  I'm not a postfix expert, but here is my config
that works very well in allowing all legitimate mail through in my
experience.  In /etc/postfix/main.cf:

...
smtpd_helo_required = yes
smtp_sender_restrictions = reject_unknown_sender_domain
...
smtpd_helo_restrictions =
        permit_mynetworks,
        check_client_access hash:/etc/postfix/helo_access,
        check_helo_access hash:/etc/postfix/helo_access,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        permit
...

and then something like this in /etc/postfix/helo_access:

warmcat.com     REJECT Not who you say you are

(I believe this will reject [*.]warmcat.com too)

Once you create it, and every time you edit it, you need to run
postalias to interpret it into a database file used by postfix:

postalias /etc/postfix/helo_access

On changes to it:

service postfix reload

If you sit looking with

tail -f /var/log/maillog

as the mail comes it, you'll start seeing the lying sender MTA getting
thrown out before it even has a chance to give you the mail body:

... postfix/smtpd[15236]: NOQUEUE: reject: HELO from
cable-62-117-28-127.cust.blue-cable.de[62.117.28.127]: 554
<warmcat.com>: Helo command rejected: Not who you say you are;
proto=SMTP helo=<warmcat.com>

I also found that postgrey and rejecting mail that is not addressed to a
user on the system or in the alias table reduced spam and virus mails to
almost zero without needing probability-based tests.

-Andy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4492 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20051113/ef0a988e/attachment-0001.bin>

More information about the fedora-list mailing list