fakessh put forth on 5/21/2010 7:22 AM:
hello list hello dovecot network hello all the reader
here is a sieve script
<snip>
I tested that emails are not from japan and korea I would like to add one condition: that is, the emails from japan or korea who are destined for which I am mailling subscriber does not end up in Junk and I do the same test in the header: contains "Content-Type"
First, why aren't you rejecting spam outright with your MTA at SMTP time instead of accepting it and filing into the junk folder? Always reject spam at SMTP if at all possible, or drop spam connections at the firewall.
Second, _never_ reject spam in a sieve script. It creates backscatter bounces to innocent 3rd parties whose addresses were forged as the sender or just clogs you with NDAs if the sender addresses are bogus.
For mailing list subscriptions filter on "List Id: xxxxxxx" and fileinto the appropriate list mail folders. Stick an entry in your MTA whitlist for the IP addresses or RHS domain names of the Japanese and Korean list servers you are subscribed to. Then block .jp and .kr with a REGEX, PCRE, or ipdeny cidr file. For a hash whitelist and pcre blacklist in Postfix, you can use something like this to whitelist the listservs and block all other sending hosts with rDNS ending in .jp and .kr:
/etc/postfix/main.cf smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination check_client_access hash:/etc/postfix/whitelist check_client_access pcre:/etc/postfix/ptr-tld.pcre ....
/etc/postfix/whitelist ... example.listserv.jp OK example.listserv.kr OK ...
/etc/postfix/ptr-tld.pcre ... /^.*?(kr|jp)$/i 550 We do not accept mail from .$1 domains ...
Doing this eliminates the possibility of backscatter spam because the inbound spam is rejected at SMTP time, returning an error code to the sending MTA, _NOT_ a bounce to the sender address, which is usually forged with an innocent third party's address.
I kill all my spam with Postfix, my MX MTA, at SMTP time, as you should. I use sieve strictly to sort mail into the proper folders. If you'd like tips on fighting spam with your MTA, I suggest joining the mailing list for your MTA, or joining a spam fighting or mail operators list such as spam-l, mailop, or maybe even NANAE, although from what I understand NANAE can require a thick skin, and there's ton 'o traffic. Also read the documentation and howto's for your MTA.
I guess I'm in a sharing mood this Friday. Below is my Postfix spam fighting config, not including lookup table contents for the draconian local black lists (which are _very_ large). The complete config kills over 97% of inbound spam _without_ using content filters of any kind. It rejects strictly based upon sending host IP address, rDNS characteristics, bad HELO, certain header stamps, for instance a 41.x.x.x IP anywhere in the received header, IP or domain listing in two Spamhaus zones, and finally via super selective greylisting.
Most of the magic is in 3 lookup tables, fqrdns.regexp, countries.cidr, and spammer.cidr. Countries is an ipdeny cidr list of about 8 or 9 countries' IP space, mostly in Eastern Europe and Asia, West Africa, one in Central America. Spammer.cidr is mostly US based snowshoe networks but probably paints with too broad a brush for general use at most sites. The regexp file is about 1500 fully qualified rDNS patterns matching mostly dynamic IP ranges worldwide and is very safe for anyone to use. The other two are pretty draconian. Here's a copy of the regexp table if anyone wants to try it out. I actually received it from another mail OP a while back and I'm pretty pleased with its performance and zero FP rate. It should work on any MTA with POSIX regular expression support: http://www.hardwarefreak.com/fqrdns.regexp
My Postfix anti spam config:
cidr=cidr:/etc/postfix/cidr_files smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination check_recipient_access hash:/etc/postfix/whitelist check_sender_access hash:/etc/postfix/whitelist check_client_access hash:/etc/postfix/whitelist check_client_access hash:/etc/postfix/blacklist check_client_access proxy:regexp:/etc/postfix/fqrdns.regexp check_client_access pcre:/etc/postfix/ptr-tld.pcre check_client_access proxy:${cidr}/countries check_client_access proxy:${cidr}/spammer check_client_access proxy:${cidr}/misc-spam-srcs reject_unknown_reverse_client_hostname reject_non_fqdn_sender reject_non_fqdn_helo_hostname reject_invalid_helo_hostname reject_unknown_helo_hostname reject_unlisted_recipient reject_rbl_client zen.spamhaus.org reject_rhsbl_client dbl.spamhaus.org reject_rhsbl_sender dbl.spamhaus.org reject_rhsbl_helo dbl.spamhaus.org check_policy_service inet:127.0.0.1:60000
Here's my sieve script, which strictly sorts valid mail, mostly list mail, after Postfix kills the spam:
require "fileinto";
if false {}
elsif header :contains "List-Id" "linux-ide.vger.kernel.org" { fileinto "1-Linux-IDE"; stop; } elsif header :contains "List-Id" "XFS" { fileinto "1-XFS"; stop; } elsif header :contains "List-Post" "postfix-users@postfix.org" { fileinto "1-Postfix-Users"; stop; } elsif header :contains "List-Id" "users.lists.roundcube.net" { fileinto "1-Roundcube"; stop; } elsif header :contains "List-Id" "dovecot.dovecot.org" { fileinto "1-Dovecot"; stop; } elsif address :contains "to" "postmaster@hardwarefreak.com" { fileinto "Postmaster"; stop; } elsif header :contains "Received" "for postmaster@hardwarefreak.com" { fileinto "Postmaster"; stop; } elsif header :contains "List-Id" "debian-user.lists.debian.org" { fileinto "1-Debian-Users"; stop; } elsif header :contains "List-Id" "spam-l.spam-l.com" { fileinto "1-Spam-l"; stop; } elsif header :contains "List-Id" "samba.lists.samba.org" { fileinto "1-Samba"; stop; } else { fileinto "INBOX"; }
-- Stan