Skip to main content

Lose 25% of your spam with a few simple rules

Require a HELO and reject (at SMTP time) attempts to send without a HELO are not explicitly logged, only the connect/disconnect without anything happening in between.

Taking that to imply a no-HELO conversation, my server has seen ~72,000 unique conversations in the last 7 weeks, of which a mere 28 fall into this category. Not much love there, but I have no idea how many spammers try HELOless connections first then retry with a HELO on error, and it forces the caller to pass the next hurdle.

The next hurdle is to refuse HELOs claiming to be 127.0.0.1, localhost, localhost.localdomain, any of your external addresses or their reverse-DNS names, or any of your MX names. This doesn”t require any magic technology, the PostFix config for it is:

smtpd_helo_required = yes
smtpd_helo_restrictions =
    reject_invalid_hostname,
    check_helo_access hash:/etc/postfix/helo_access,
    reject_non_fqdn_hostname,
    permit

The file simply contains a list of unloved hosts accompanied by the word REJECT (and optionally a message):

127.0.0.1                  REJECT
localhost                  REJECT
localhost.localdomain      REJECT Your server's misconfigured, find Cw in /etc/mail/sendmail.cf
169.254.73.37              REJECT
smtp.somerandomdomain.net  REJECT

Remember to postmap it. These rules have so far snared 2 misconfigured SendMail installations (not bad for ~72,000 connections), and rejected ~18,000 pieces of spam, 25% of the incomings. If you wanted to get fancy, you could reject all known private IPs as well, with a handful of regexes.

If you add a reject for unknown hosts, you will rapidly build up a fine collection of misconfigured MS-Exchange servers (I have 19 so far), but reject a lot more spam (another ~28,000 pieces in my case — 39% for a running total of 64% rejected before even being queued, let alone handed to a computationally expensive spam or virus scanner). You can cope with the MSCE/MS-Exchange duds by making sure that the check_helo_access comes before the reject_unknown_hostname, and adding them to the list as they are discovered with ACCEPT instead of REJECT alongside them.

Interestingly, I scored another 2% by also blocking "ss" as a HELO, and another 1.2% by rejecting any recipient address that looks like a messageID (check_recipient_access pcre /[0-9]+\.[0-9]+\.[a-z0-9]+@/).

Comments

Post a Comment

Popular posts from this blog

every-application-is-part-of-a-toolkit at work

I have a LibreOffice Impress slideshow that I wish to turn into a narrated video. 1. export the slideshow as PNG images (if that is partially broken — as at now — at higher resolutions, Export Directly as PDF then use ‘pdftoppm’ (from the poppler-utils package) to do the same). 2. write a small C program (63 lines including comments) to display those images one at a time, writing a config file entry for Imagination (default transition: ‘cross fade’) based on when the image-viewer application (‘display,’ from the GraphicsMagick suite) is closed on each one; run that, read each image aloud, then close each image in turn. 3. run ‘Imagination’ over the config file to produce a silent MP4 video with the correct timings. 4. run ‘Audacity’ to record speech while using ‘SMPlayer’ to display the silent video, then export that recording as a WAV file. 4a. optionally, use ‘TiMIDIty’ to convert a non-copyright-encumbered MIDI tune to WAV, then import that and blend it with the speech (as a quiet b
1 comment
Read more

new life for an old (FTX) PSU, improved life for one human

the LEDs on this 5m strip happen to emit light centred on a red that does unexpectedly helpful things to (and surprisingly deeply within) a human routinely exposed to it. it has been soldered to a Molex connector, plugged into a TFX power supply from a (retired: the MoBo is cactus) Small Form Factor PC, the assorted PSU connectors (and loose end from the strip) have been taped over. the LED strip cost $10.24 including postage, the rest cost $0, the PSU is running at 12½% of capacity, consumes less power than a laptop plug-pack despite running a fan. trial runs begin today.
Post a Comment
Read more

boundaries

pushing the actual boundaries of the physical (not extremes, the boundaries themselves) can often remove barriers not otherwise perceived. one can then often resolve an issue itself, rather than merely stonewalling at the physical consequences of the issue.
Post a Comment
Read more