[Dovecot] what best for anti-spam filter?

Arnaud Abélard arnaud.abelard at univ-nantes.fr
Tue Jul 24 12:58:57 EEST 2012


On 07/24/2012 10:38 AM, Stan Hoeppner wrote:
> On 7/24/2012 2:16 AM, Arnaud Abélard wrote:
>
>> And first of all, even if this is not dovecot related, use a greylisting
>> solution.
>
> Greylisting only stops bots.  It is resource intensive, and causes
> delivery delays.  There exist bot spam killing solutions that are just
> as effective, with less downside.  Two are Postfix' postscreen daemon,
> and fqrdns.pcre, which rejects based on consumer/dynamic looking rDNS.
> Some users have modified the latter for use on HELO strings instead of
> client rDNS strings, with good success.  Either combined with CBL/ZEN
> should kill all your bot spam much more efficiently.  I'm surprised
> you're using greylisting (Postgrey?) with 72k mailboxes.

Greylisting only stops bots. Exactly. That's the whole point! We have 
been using sqlgrey for now 5 years and we only had one problem last 
month with OVH smtp infrastructure which sucks and we're happy to see 
mails bouncing from them, hoping their customers will complain.

But I can understand why you would think greylist is trouble. It depends 
on how you set it up. One mail delayed per domain and per month is 
really nothing compared to hundred thousands of bot spams we are rejecting.

dynamic/consumer ip range DNSBL are dangerous since they are rarely up 
to date, I can painfully remember that.

I guess it all depends on what kind of smtp traffic you get. As a large 
university we aren't getting the same traffic as a big corporate company 
which will mostly communicate with other business. We are getting tons 
of individual mails from local ISPs, lot of geeks hosting their servers 
at home (a lot of ppl do that here...), etc.


>> Indeed! Fighting spam is a continuous task.
>
> Unfortunately...
>
>> We (72,000 mailboxes) are currently using amavisd-new with spamassassin
>> and CRM114 via a custom plugin instead of the default bayesian filter.
>> Also like Noel, we're using DNSBLs, SPF (although we had to publish a
>> permissive record since some of our users are using their ISP smtp
>> instead of our own).
>
> Which of your countermeasures blocks spam from Orange/France Telecom
> VPS/colo sources?
>

Ahah.. that's a good question! since we are a french university we are 
also getting tons of clean mails from Orange/FT. But the problem isn't 
as bad as it used to be since Orange is now blocking direct outgoing 
traffic on port 25 for a few years now. Back then the DNSRBL were a good 
solution for spams coming from them. Now the new pain in the ass is OVH, 
the largest european hosting company which also has the worst smtp 
infrastructure that will not play well with greylist (tons of smtp 
servers, each on a different ip range so you can't even whitelist them 
by their networks).

Arnaud

-- 
Arnaud Abélard (jabber: arnaud.abelard at univ-nantes.fr)
Administrateur Système - Responsable Services Web
Direction des Systèmes d'Informations
Université de Nantes
-
ne pas utiliser: trapemail at univ-nantes.fr


More information about the dovecot mailing list