設為首頁收藏本站

Hippies

 找回密碼
 立即註冊

掃一掃,訪問微社區

搜索
熱搜: 活動 交友 discuz
查看: 4882|回復: 2
打印 上一主題 下一主題

SpamAssassin 垃圾郵件刺客

[複製鏈接]
  • TA的每日心情
    開心
    2016-2-27 23:29
  • 簽到天數: 27 天

    [LV.4]偶爾看看III

    438

    主題

    611

    帖子

    705

    積分

    高級會員

    Rank: 4

    積分
    705
    跳轉到指定樓層
    樓主
    發表於 2016-8-16 11:08:17 | 只看該作者 回帖獎勵 |倒序瀏覽 |閱讀模式 简体中文繁體中文
    最近的郵箱被垃圾郵件煩的實在受不了,就是搞不清這些垃圾郵件發送者有沒有頭腦,現在的網絡行銷還考這郵件的方式是不是趕不上時代了,沒事一天下來要在你郵箱中塞個50封垃圾才高興,搞的沒事的伺服器還要處理個沒完沒了的,當然要管理的人就更煩了,所以只好在網上找尋專門處理垃圾郵件問題的套件來解決了。
    在Linux平台上開源的軟體中SpamAssassin套件是專門在處理這類問題的軟體,安裝與設定上又不困難,所以有這類問題的網管應該可以考慮來使用看看。
    官網請上SpamAssassin
    有關說明可以在WiKi上參考
    如果要了解各Linux分支的安裝及設定方式可以在Google上搜尋

    [發帖際遇]: kevinhu 樂于助人,獎勵 1 貢獻. 幸運榜 / 衰神榜
    最近訪問 頭像模式 列表模式
  • TA的每日心情
    開心
    2016-2-27 23:29
  • 簽到天數: 27 天

    [LV.4]偶爾看看III

    438

    主題

    611

    帖子

    705

    積分

    高級會員

    Rank: 4

    積分
    705
    沙發
     樓主| 發表於 2016-8-26 09:48:47 | 只看該作者 简体中文繁體中文
    本帖最後由 kevinhu 於 2016-8-26 10:19 編輯

    如果想進一步直接的Reject掉SpamMail 可以參考以下的方法看看
    Dropping Spam with Postfix and SpamAssassin on GoDaddy’s Dedicated Servers
    We recently ran into a situation where one of our users was receiving a large amount of spam to their forwarded email account. Our setup is a dedicated server running Simple Control Panel at Godaddy. We handle email for a few clients and this one in particular was receiving 100’s of spam emails every hour.  Pretty much as soon as we set up this client, we started hitting our 1,000 SMTP Relay limit which prevented us from sending any further emails for any other client on the server.
    There is a simple fix to this that I had a difficult time finding so I decided to create a post on this for anyone else who might run into this issue.
    The first thing I tried was to turn on SpamAssassin through the Simple Control Panel (log in to your control panel, choose “Email” from the “Server Configuration” section, and choose “Filter incoming email using SpamAssassin”).  The result of this is that SpamAssassin started analyzing the emails coming in and marking them as Spam.  This didn’t fix the problem because the emails were not being dropped, but were instead being forwarded onto the receipient, just now with the “SPAM” designation in the message subject.
    The only solution I discovered was to utilize Postfix’s header_checks.  This uses a regular expression to check the header of the email message and then apply a rule to the message accordingly.  Here’s what we did.
    • edit the /etc/postfix/header_checks file.
    • add the following line to the bottom of the file:
      /^X-Spam-Flag:.YES/ DISCARD spam
    • edit the /etc/postfix/main.cf file an make sure the following line is in your file (it may just be commented out):
      header_checks = regexp:/etc/postfix/header_checks
    • Now restart your postfix process by using the following command:
      postfix reload

    What this does is look for the existence of “X-Spam-Flag” in the header of the message.  This flag is put there by SpamAssassin, so it is important that SpamAssassin is running.  Once it sees the “X-Spam-Flag”, it will discard the message.  This will effectively prevent your server from forwarding any spam emails onto your user’s email accounts.  So far this has worked out well for us.

    Post from
    http://www.halfslide.com/droppin ... -dedicated-servers/
    [發帖際遇]: kevinhu 在論壇發帖時沒有注意,被小偷偷去了 4 金錢. 幸運榜 / 衰神榜
  • TA的每日心情
    開心
    2016-2-27 23:29
  • 簽到天數: 27 天

    [LV.4]偶爾看看III

    438

    主題

    611

    帖子

    705

    積分

    高級會員

    Rank: 4

    積分
    705
    板凳
     樓主| 發表於 2016-8-27 17:00:00 | 只看該作者 简体中文繁體中文
    Postfix configure anti spam with blacklist

    Postfix is free and powerful MTA. You can easily configure Postfix to block spam. You need to add
    following directives to /etc/postfix/main.cf file:
    => disable_vrfy_command = yes : Disable the SMTP VRFY command. This stops some techniques used to harvest email addresses.

    => smtpd_delay_reject = yes : It allows Postfix to log recipient address information when rejecting a client name/address or sender address, so that it is possible to find out whose mail is being rejected.

    => smtpd_helo_requi
    red = yes : Require that a remote SMTP client introduces itself at the beginning of an SMTP session with the HELO or EHLO command. Many spam bot ignores HELO/EHLO command and you save yourself from spam. Following lines further restrictions on HELO command:
    smtpd_helo_restrictions = permit_mynetworks,
    reject_non_fqdn_hostname, Reject email if remote hostname is not in fully-qualified domain form. Usually bots sending email don’t have FQDN names.
    reject_invalid_hostname, Reject all bots sending email from computers connected via DSL/ADSL computers. They don’t have valid internet hostname.
    permit

    You can put the following access restrictions that the Postfix SMTP server applies in the context of the RCPT TO command.
    => smtpd_recipient_restrictions =
    reject_invalid_hostname, – Reject email if it not valid hostname
    reject_non_fqdn_hostname, – Reject email if it not valid FQDN
    reject_non_fqdn_sender, – Reject the request when the MAIL FROM address is not in fully-qualified domain form. For example email send from xyz or abc is rejected.
    reject_non_fqdn_recipient, – Reject the request when the RCPT TO address is not in fully-qualified domain form
    reject_unknown_sender_domain, – Reject email, if sender domain does not exists
    reject_unknown_recipient_domain, Reject email, if recipient domain does not exists
    permit_mynetworks,
    reject_rbl_client list.dsbl.org, Configure spam black lists
    reject_rbl_client sbl.spamhaus.org,
    reject_rbl_client cbl.abuseat.org,
    reject_rbl_client dul.dnsbl.sorbs.net,
    permit

    Open /etc/postfix/main.cf file :
    # vi /etc/postfix/main.cf

    Set/modify configuration as follows

    disable_vrfy_command = yes
    smtpd_delay_reject = yes
    smtpd_helo_required = yes
    smtpd_helo_restrictions = permit_mynetworks,
         reject_non_fqdn_hostname,
         reject_invalid_hostname,
         permit
    smtpd_recipient_restrictions =
       permit_sasl_authenticated,
       reject_invalid_hostname,
       reject_non_fqdn_hostname,
       reject_non_fqdn_sender,
       reject_non_fqdn_recipient,
       reject_unknown_sender_domain,
       reject_unknown_recipient_domain,
       permit_mynetworks,
       reject_rbl_client sbl.spamhaus.org,
       reject_rbl_client cbl.abuseat.org,
       reject_rbl_client dul.dnsbl.sorbs.net,
       permit
    smtpd_error_sleep_time = 1s
    smtpd_soft_error_limit = 10
    smtpd_hard_error_limit = 20

    Also force (highlighted using red color) Postfix to limit incoming or receiving email rate to avoid spam.

    Save and close the file. Restart postfix:
    # /etc/init.d/postfix restart

    Watch out maillog file. Now you should see lots of spam email blocked by above configuration directive:
    # tail -f /var/log/maillog

    Output:

    Jan  9 06:07:22 server postfix/smtpd[10308]: NOQUEUE: reject: RCPT from 183-12-81.ip.adsl.hu[81.183.12.81]: 554 Service unavailable; Client host [81.183.12.81] blocked using dul.dnsbl.sorbs.net; Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?81.183.12.81; from= to= proto=ESMTP helo=<183-12-230.ip.adsl.hu>
    Jan  9 06:07:23 server postfix/smtpd[10308]: lost connection after RCPT from 183-12-81.ip.adsl.hu[81.183.12.81]
    Jan  9 06:07:23 server postfix/smtpd[10308]: disconnect from 183-12-81.ip.adsl.hu[81.183.12.81]
    Jan  9 06:10:43 server postfix/anvil[10310]: statistics: max connection rate 1/60s for (smtp:81.183.12.81) at Jan  9 06:07:17
    Jan  9 06:10:43 server postfix/anvil[10310]: statistics: max connection count 1 for (smtp:81.183.12.81) at Jan  9 06:07:17
    Jan  9 06:10:43 server postfix/anvil[10310]: statistics: max cache size 1 at Jan  9 06:07:17
    Jan  9 06:16:58 server postfix/smtpd[10358]: warning: 81.92.197.249: address not listed for hostname unassigned.or.unconfigured.reverse.nfsi-telecom.net
    Jan  9 06:16:58 server postfix/smtpd[10358]: connect from unknown[81.92.197.249]
    Jan  9 06:17:00 server postfix/smtpd[10358]: NOQUEUE: reject: RCPT from unknown[81.92.197.249]: 550 : Recipient address rejected: User unknown in virtual alias table; from=<> to= proto=ESMTP helo=
    Jan  9 06:17:00 server postfix/smtpd[10358]: disconnect from unknown[81.92.197.249]

    Next time I will write about simple procmail and spamassassin combination to filter out spam

    forward from http://www.cyberciti.biz/tips/po ... acklists-howto.html
    [發帖際遇]: 一個袋子砸在了 kevinhu 頭上,kevinhu 賺了 2 金錢. 幸運榜 / 衰神榜
    您需要登錄後才可以回帖 登錄 | 立即註冊

    本版積分規則

    小黑屋|手機版|Archiver|Hippies 手作皮革工作坊  

    GMT+8, 2024-12-22 11:57 , Processed in 0.104142 second(s), 16 queries , Apc On.

    Powered by Discuz! X3.2

    © 2001-2013 Comsenz Inc.

    快速回復 返回頂部 返回列表