[Dovecot] what best for anti-spam filter?
Morten Stevens
mstevens at imt-systems.com
Tue Jul 24 14:18:18 EEST 2012
On 24.07.2012 12:51, Joseph Tam wrote:
> Morten Stevens <mstevens at imt-systems.com> writes:
>
>> So it is now RFC compliant. Anyway I think delaying mail traffic is
>> not
>> a good solution.
>
> Well, OK, if you not keen on greylisting, you can try greet pausing,
> which introduces a shorter delay.
>
> It tests a bot's patience by inserting a pre-HELO pause. RFC allows
> 5
> minutes before timeout. This is last week's stat for one of my mail
> server and the count of early-talker or early-disconnecter, almost
> all of which are bots. A greet pause of over 20s dumps a lot of
> bots.
> Expect to whitelist the odd server here and there because they've
> tuned
> their servers to some aggressively small RFC non-compliant timeouts.
Yes, something like greet_pause (sendmail) or postscreen (without deep
protocol tests) is a very good solution. In addition, several DNSBLs
with different scores.
This could for example look like this: (for postfix users)
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_action = drop
postscreen_greet_action = enforce
postscreen_dnsbl_sites =
ix.dnsbl.manitu.net*3
b.barracudacentral.org*3
zen.spamhaus.org*3
dnsbl.njabl.org*2
bl.spameatingmonkey.net*2
bl.spamcop.net
spamtrap.trblspam.com
list.dnswl.org=127.[0..255].[0..255].0*-2
list.dnswl.org=127.[0..255].[0..255].1*-4
list.dnswl.org=127.[0..255].[0..255].[2..255]*-6
Best regards,
Morten
More information about the dovecot
mailing list