如果想進一步直接的Reject掉SpamMail 可以參考以下的方法看看 Dropping Spam with Postfix and SpamAssassin on GoDaddy’s Dedicated ServersWe recently ran into a situation where one of our users was receiving a large amount of spam to their forwarded email account. Our setup is a dedicated server running Simple Control Panel at Godaddy. We handle email for a few clients and this one in particular was receiving 100’s of spam emails every hour. Pretty much as soon as we set up this client, we started hitting our 1,000 SMTP Relay limit which prevented us from sending any further emails for any other client on the server.
There is a simple fix to this that I had a difficult time finding so I decided to create a post on this for anyone else who might run into this issue.
The first thing I tried was to turn on SpamAssassin through the Simple Control Panel (log in to your control panel, choose “Email” from the “Server Configuration” section, and choose “Filter incoming email using SpamAssassin”). The result of this is that SpamAssassin started analyzing the emails coming in and marking them as Spam. This didn’t fix the problem because the emails were not being dropped, but were instead being forwarded onto the receipient, just now with the “SPAM” designation in the message subject.
The only solution I discovered was to utilize Postfix’s header_checks. This uses a regular expression to check the header of the email message and then apply a rule to the message accordingly. Here’s what we did.
edit the /etc/postfix/header_checks file.
add the following line to the bottom of the file:
/^X-Spam-Flag:.YES/ DISCARD spam
edit the /etc/postfix/main.cf file an make sure the following line is in your file (it may just be commented out):
header_checks = regexp:/etc/postfix/header_checks
Now restart your postfix process by using the following command:
postfix reload
What this does is look for the existence of “X-Spam-Flag” in the header of the message. This flag is put there by SpamAssassin, so it is important that SpamAssassin is running. Once it sees the “X-Spam-Flag”, it will discard the message. This will effectively prevent your server from forwarding any spam emails onto your user’s email accounts. So far this has worked out well for us.
Postfix is free and powerful MTA. You can easily configure Postfix to block spam. You need to add
following directives to /etc/postfix/main.cf file:
=> disable_vrfy_command = yes : Disable the SMTP VRFY command. This stops some techniques used to harvest email addresses.
=> smtpd_delay_reject = yes : It allows Postfix to log recipient address information when rejecting a client name/address or sender address, so that it is possible to find out whose mail is being rejected.
=> smtpd_helo_requi
red = yes : Require that a remote SMTP client introduces itself at the beginning of an SMTP session with the HELO or EHLO command. Many spam bot ignores HELO/EHLO command and you save yourself from spam. Following lines further restrictions on HELO command:
smtpd_helo_restrictions = permit_mynetworks,
reject_non_fqdn_hostname, Reject email if remote hostname is not in fully-qualified domain form. Usually bots sending email don’t have FQDN names.
reject_invalid_hostname, Reject all bots sending email from computers connected via DSL/ADSL computers. They don’t have valid internet hostname.
permit
You can put the following access restrictions that the Postfix SMTP server applies in the context of the RCPT TO command.
=> smtpd_recipient_restrictions =
reject_invalid_hostname, – Reject email if it not valid hostname
reject_non_fqdn_hostname, – Reject email if it not valid FQDN
reject_non_fqdn_sender, – Reject the request when the MAIL FROM address is not in fully-qualified domain form. For example email send from xyz or abc is rejected.
reject_non_fqdn_recipient, – Reject the request when the RCPT TO address is not in fully-qualified domain form
reject_unknown_sender_domain, – Reject email, if sender domain does not exists
reject_unknown_recipient_domain, Reject email, if recipient domain does not exists
permit_mynetworks,
reject_rbl_client list.dsbl.org, Configure spam black lists
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
permit
Open /etc/postfix/main.cf file :
# vi /etc/postfix/main.cf
Also force (highlighted using red color) Postfix to limit incoming or receiving email rate to avoid spam.
Save and close the file. Restart postfix:
# /etc/init.d/postfix restart
Watch out maillog file. Now you should see lots of spam email blocked by above configuration directive:
# tail -f /var/log/maillog
Output:
Jan 9 06:07:22 server postfix/smtpd[10308]: NOQUEUE: reject: RCPT from 183-12-81.ip.adsl.hu[81.183.12.81]: 554 Service unavailable; Client host [81.183.12.81] blocked using dul.dnsbl.sorbs.net; Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?81.183.12.81; from= to= proto=ESMTP helo=<183-12-230.ip.adsl.hu>
Jan 9 06:07:23 server postfix/smtpd[10308]: lost connection after RCPT from 183-12-81.ip.adsl.hu[81.183.12.81]
Jan 9 06:07:23 server postfix/smtpd[10308]: disconnect from 183-12-81.ip.adsl.hu[81.183.12.81]
Jan 9 06:10:43 server postfix/anvil[10310]: statistics: max connection rate 1/60s for (smtp:81.183.12.81) at Jan 9 06:07:17
Jan 9 06:10:43 server postfix/anvil[10310]: statistics: max connection count 1 for (smtp:81.183.12.81) at Jan 9 06:07:17
Jan 9 06:10:43 server postfix/anvil[10310]: statistics: max cache size 1 at Jan 9 06:07:17
Jan 9 06:16:58 server postfix/smtpd[10358]: warning: 81.92.197.249: address not listed for hostname unassigned.or.unconfigured.reverse.nfsi-telecom.net
Jan 9 06:16:58 server postfix/smtpd[10358]: connect from unknown[81.92.197.249]
Jan 9 06:17:00 server postfix/smtpd[10358]: NOQUEUE: reject: RCPT from unknown[81.92.197.249]: 550 : Recipient address rejected: User unknown in virtual alias table; from=<> to= proto=ESMTP helo=
Jan 9 06:17:00 server postfix/smtpd[10358]: disconnect from unknown[81.92.197.249]
Next time I will write about simple procmail and spamassassin combination to filter out spam
