Last modified: 2005-08-08 06:29:36 UTC
Hi, I think it's urgent to set up a spamfilter on Wikimedia mail server. A lot of spams are sent. List admins have to clean the list queue, and it has become a burden. I am proposing the configuration below. This do NOT need any additional server ressources. It simply blocks invalid addresses and virus. /etc/postfix/main.cf: smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, reject_unauth_destination, permit smtpd_client_restrictions = permit_mynetworks, reject_unknown_client, reject_unknown_sender_domain, reject_non_fqdn_sender, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, permit smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_unknown_hostname, reject_non_fqdn_hostname smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, reject_unauth_destination, permit mime_header_checks = regexp:/etc/postfix/mime_header_checks == /etc/postfix/mime_header_checks: /.*name=".*\.(exe|pif|zip|scr|com|dat|vbs)"/ REJECT
Additionally, these services could be used to prevent more spams. I use them since 2 years. reject_rbl_client relays.ordb.org, reject_rbl_client opm.blitzed.org, reject_rbl_client list.dsbl.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client blackholes.easynet.nl, reject_rbl_client proxies.blackholes.wirehub.net, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.njabl.org,
Earlier proposed configuration: http://mail.wikipedia.org/pipermail/wikitech-l/2005-January/027301.html Earlier discussions: http://mail.wikipedia.org/pipermail/wikitech-l/2005-February/027770.html http://mail.wikipedia.org/pipermail/wikitech-l/2004-June/023315.html
I strongly advise against using the rbl_client rejection Even those who publish the blackhole lists (like spamcom.net) advise against using them for rejection instead of flagging. They tend to be quite aggressive and generate too many false positives. The problem is that in most cases the user never finds out My ISP uses such techniques and when I found out that they were rejecting valid e-mails intended for me because some bozo reported a sourceforge mail server to an rbl, and I couldn't even sign up because the sign-up verification message to me was being rejected. I couldn't convince my ISP that 1) it was blocking legitimate e-mail or 2) that this was a bad thing to do even though spamcop's policy pages say so. The best use of rbl's is as one symptom in a spam filter, not for outright rejection.
a subset of these rules are now implemented. RBLs are not used in postfix. mail is also run through clamav and spamassassin.
