[linux] antispamova ochrana

Lubomir Host rajo na Idea.Platon.SK
Úterý Říjen 12 09:48:46 CEST 2004


Zdravim!

Chcel by som vediet vas nazor a pripadne podelit sa o skusenosti
s tymto:

Mam nainstalovany postfix a od istej doby ma zacalo otravovat
pomerne velke mnozstvo spamu. Tak som do /etc/postfix/main.cf napisal:

--------------------------------%<--------------------------------
smtpd_recipient_restrictions =
        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        reject_unauth_pipelining,
        permit_mynetworks,
        reject_unauth_destination,
        check_recipient_access hash:/etc/postfix/rules/postmaster,
        check_sender_access hash:/etc/postfix/rules/sender_access,
        check_client_access hash:/etc/postfix/rules/client_access,
        reject_non_fqdn_recipient,
        reject_rbl_client relays.ordb.org,
        reject_rbl_client bl.spamcop.net,
        reject_rbl_client dnsbl.njabl.org,
        reject_rbl_client dynablock.njabl.org,
        reject_rbl_client sbl.spamhaus.org,
        reject_rbl_client sbl-xbl.spamhaus.org,
        reject_rbl_client dnsbl.sorbs.net
--------------------------------%<--------------------------------


Funguje to podla mna celkom dobre, vacsina spamu sa ani neprijme. Spam
od moondee na sjo-perfekt.pl, ackahn na netapp.com, george na reilly.org
a Mailer-Daemon na rage.buckobas.com som musel ale odstranit tak, ze som
ich napisal do /etc/postfix/rules/sender_access (posta s tymto
odosielatelom mi chodila z najroznejsich serverov):

----------------------------------------------%<----------------------------------------------
moondee na sjo-perfekt.pl 504 You are spammer or virus, your address is blacklisted !!
ackahn na netapp.com 504 You are spammer or virus, your address is blacklisted !!
george na reilly.org 504 You are spammer or virus, your address is blacklisted !!
Mailer-Daemon na rage.buckobas.com  504 You are spammer or virus, your address is blacklisted !!
----------------------------------------------%<----------------------------------------------


Vyskytla sa ale situacia, ked mi z domeny r2ar64.chello.upc.cz chcel
jeden clovek poslat mail:

---------------------------------------------------------------------%<---------------------------------------------------------------------
Oct 11 17:19:05 Idea postfix/smtpd[1775]: NOQUEUE: reject: RCPT from r2ar64.chello.upc.cz[62.245.107.64]: 554 Service unavailable; Client ho
st [62.245.107.64] blocked using dynablock.njabl.org; Dynamic/Residential IP range listed by NJABL dynablock - http://njabl.org/dynablock.ht
ml; from=<user na iny.server.cz> to=<premna na mojserver.sk> proto=ESMTP helo=<trific.ath.cx>
---------------------------------------------------------------------%<---------------------------------------------------------------------


Z domeny r3g96.chello.upc.cz (cize z podobnej domeny ako predchadzajuca) mi
vsach chodi vela spamu napr.:

---------------------------------------------------------------------%<---------------------------------------------------------------------
Oct  9 11:29:27 Idea postfix/smtpd[16128]: connect from r3g96.chello.upc.cz[213.220.198.96]
Oct  9 11:29:29 Idea postfix/smtpd[16128]: NOQUEUE: reject: RCPT from r3g96.chello.upc.cz[213.220.198.96]: 504 <moondee na sjo-perfekt.pl>: Sen
der address rejected: You are spammer or virus, your address is blacklisted !!; from=<moondee na sjo-perfekt.pl> to=<webmaster na platon.sk> proto
=SMTP helo=<stanice1.net>
Oct  9 11:29:29 Idea postfix/smtpd[16128]: lost connection after RCPT from r3g96.chello.upc.cz[213.220.198.96]
Oct  9 11:29:29 Idea postfix/smtpd[16128]: disconnect from r3g96.chello.upc.cz[213.220.198.96]
---------------------------------------------------------------------%<---------------------------------------------------------------------


Po prijati mailu sa mail filtruje este cez spamassassin.

Moja otazka je:
1. ci by ste na konfiguracii nieco zmenili
2. ci je chyba u mna alebo niekde v .chello.upc.cz
3. ake nastavenia pouzivate vy

Dost dolezite pre mna je, aby sa virusy/spam podla moznosti vobec
nedostaval ku mne na server, aby sa zbytocne neplytvalo vypoctovym
vykonom.

Diik, rajo

-- 
Lubomir Host 'rajo' <rajo AT platon.sk>        ICQ #:  257322664
Platon Software Development Group              http://platon.sk/
http://www.gnu.org/philosophy/no-word-attachments.html




Další informace o konferenci linux