Tuning spam defence
HI to all,
i need help tuning my mail system on OsX Server 10.4.11 about some particular spam messages that my box can't reject.
I followed all procedures written on osx.topicdesk.com paper "Frontline..." and 80% of spam messages are rejected but since 2-3 months (i live in Italy) the situation become different, no more spam in russian or chinese language, no more sex related (easily rejected by spamassassin rules or via RBL's) but a huge mass mailings about bank offers or related. The language used in these mails is italian (better than my english :-D) , html inside it
doesn't hide scripts or tricked codes, it seems a real and true mail message.
Whole of them coming from united states or england and the 80% of them report something like this:
------------
Content-Type: text/html; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-Msmail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-Mimeole: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <SERVERsyGh4DGSwiINI0000066e@ipg.uk.com>
X-Originalarrivaltime: 02 Oct 2008 12:03:08.0218 (UTC) FILETIME=[D574A9A0:01C92486]
X-Virus-Scanned: by amavisd-new at localhost
X-Amavis-Alert: BAD HEADER Non-encoded 8-bit data (char E0 hex) in message header 'Subject': Subject: ...premia il suo account con un bonus di fedelt\340\n
X-Spam-Status: No, hits=0.181 tagged_above=-999 required=4 tests=AWL
X-Spam-Level:
------------------------
I noticed that X-Spam-Level is blank so spamassassin didn't find anything wrong (maybe it was true because the content is clean)
Is there a way to block these mail for their Bad Header or 7bit Encoding? Could be a good idea adding postgrey to reject them?
I post also my postconf in case of needed modifications or suggestions..
----------------------
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug peerlevel = 2
disable vrfycommand = yes
enable serveroptions = yes
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailbox sizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps rbldomains =
message sizelimit = 0
mydestination = $myhostname,localhost.$mydomain,localhost,xxxxxx.it,mail.xxxxxxxxx.it
mydomain = xxxxxxxxx.it
mydomain_fallback = localhost
myhostname = mail.xxxxxxxxx.it
mynetworks = 127.0.0.1/32,192.168.0.0/24
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
owner requestspecial = no
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd clientrestrictions = permit saslauthenticated permit_mynetworks reject rblclient zen.spamhaus.org reject rblclient bl.spamcop.net reject rblclient dnsbl.sorbs.net reject rblclient psbl.surriel.com reject rblclient dnsbl.njabl.org permit
smtpd datarestrictions = permit_mynetworks, reject unauthpipelining, permit
smtpd helorequired = yes
smtpd helorestrictions = permit saslauthenticated, permit_mynetworks, check heloaccess hash:/etc/postfix/helo_access, reject non_fqdnhostname, reject invalidhostname, permit
smtpd pw_server_securityoptions = login,cram-md5,plain
smtpd recipientrestrictions = reject invalidhostname, reject non_fqdnsender, reject non_fqdnrecipient, permit sasl_authenticated,permit_mynetworks,reject_unauth_destination,reject_rblclient zen.spamhaus.org, permit
smtpd sasl_authenable = yes
smtpd tls_keyfile =
smtpd use_pwserver = yes
unknown local_recipient_rejectcode = 550
-------------------------------
thank you!
i need help tuning my mail system on OsX Server 10.4.11 about some particular spam messages that my box can't reject.
I followed all procedures written on osx.topicdesk.com paper "Frontline..." and 80% of spam messages are rejected but since 2-3 months (i live in Italy) the situation become different, no more spam in russian or chinese language, no more sex related (easily rejected by spamassassin rules or via RBL's) but a huge mass mailings about bank offers or related. The language used in these mails is italian (better than my english :-D) , html inside it
doesn't hide scripts or tricked codes, it seems a real and true mail message.
Whole of them coming from united states or england and the 80% of them report something like this:
------------
Content-Type: text/html; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-Msmail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-Mimeole: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <SERVERsyGh4DGSwiINI0000066e@ipg.uk.com>
X-Originalarrivaltime: 02 Oct 2008 12:03:08.0218 (UTC) FILETIME=[D574A9A0:01C92486]
X-Virus-Scanned: by amavisd-new at localhost
X-Amavis-Alert: BAD HEADER Non-encoded 8-bit data (char E0 hex) in message header 'Subject': Subject: ...premia il suo account con un bonus di fedelt\340\n
X-Spam-Status: No, hits=0.181 tagged_above=-999 required=4 tests=AWL
X-Spam-Level:
------------------------
I noticed that X-Spam-Level is blank so spamassassin didn't find anything wrong (maybe it was true because the content is clean)
Is there a way to block these mail for their Bad Header or 7bit Encoding? Could be a good idea adding postgrey to reject them?
I post also my postconf in case of needed modifications or suggestions..
----------------------
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug peerlevel = 2
disable vrfycommand = yes
enable serveroptions = yes
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailbox sizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps rbldomains =
message sizelimit = 0
mydestination = $myhostname,localhost.$mydomain,localhost,xxxxxx.it,mail.xxxxxxxxx.it
mydomain = xxxxxxxxx.it
mydomain_fallback = localhost
myhostname = mail.xxxxxxxxx.it
mynetworks = 127.0.0.1/32,192.168.0.0/24
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
owner requestspecial = no
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd clientrestrictions = permit saslauthenticated permit_mynetworks reject rblclient zen.spamhaus.org reject rblclient bl.spamcop.net reject rblclient dnsbl.sorbs.net reject rblclient psbl.surriel.com reject rblclient dnsbl.njabl.org permit
smtpd datarestrictions = permit_mynetworks, reject unauthpipelining, permit
smtpd helorequired = yes
smtpd helorestrictions = permit saslauthenticated, permit_mynetworks, check heloaccess hash:/etc/postfix/helo_access, reject non_fqdnhostname, reject invalidhostname, permit
smtpd pw_server_securityoptions = login,cram-md5,plain
smtpd recipientrestrictions = reject invalidhostname, reject non_fqdnsender, reject non_fqdnrecipient, permit sasl_authenticated,permit_mynetworks,reject_unauth_destination,reject_rblclient zen.spamhaus.org, permit
smtpd sasl_authenable = yes
smtpd tls_keyfile =
smtpd use_pwserver = yes
unknown local_recipient_rejectcode = 550
-------------------------------
thank you!
MBP 2.2GHz-C2D, 45 macs in lan, Mac OS X (10.5.2), 3 Gb Ram
