[Postfixbuch-users] Spam, spam, spam ....

Matthias Haegele mhaegele at linuxrocks.dyndns.org
Do Jul 26 11:04:10 CEST 2007


Maximilian Thoma schrieb:
> Hallo Zusammen,
> 
> mein Spamfilter / Restrictions funktionieren mittlerweile super aber
> leider schaffen die spammer immernoch manche sachen zuzustellen.
> 
> -->
> 
> Return-Path: <demeter.dagg at boxenstop.at>
> X-Original-To: debianhowto at meine.domain.de
> Delivered-To: m at meine.domain.de
> Received: from localhost (localhost [127.0.0.1])
> 	by mein.mail.server (Postfix) with ESMTP id 14D351984236
> 	for <debianhowto at meine.domain.de>; Thu, 26 Jul 2007 10:34:17 +0200 (CEST)
> Received: from mein.mail.server ([127.0.0.1])
>  by localhost (mein.mail.server [127.0.0.1]) (amavisd-maia, port 10024)
>  with ESMTP id 04666-01 for <debianhowto at meine.domain.de>;
>  Thu, 26 Jul 2007 10:34:16 +0200 (CEST)
> Received: from cC3012A4A.xdsl.catch.no (cC3012A4A.xdsl.catch.no [195.1.42.74])
> 	by mein.mail.server (Postfix) with ESMTP id 083D31984229
> 	for <debianhowto at meine.domain.de>; Thu, 26 Jul 2007 10:34:15 +0200 (CEST)
> Received: from [195.1.42.74] by email.aon.at; Thu, 26 Jul 2007 08:35:40 -0100
> Date:	Thu, 26 Jul 2007 08:35:40 -0100
> From:	"Clark Graves" <demeter.dagg at boxenstop.at>
> X-Mailer: The Bat! (v2.00.0) Business
> Reply-To: demeter.dagg at boxenstop.at
> X-Priority: 3 (Normal)
> Message-ID: <130770797.04648621706975 at boxenstop.at>
> To: debianhowto at meine.domain.de
> Subject: Super pills for you and your wife
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
>   boundary="----------6EE7A509B094D318"
> X-Virus-Scanned: Helix Mailguard
> X-Spam-Status: No, hits=0 tagged_above=-1000 required=2.5 tests=none
> X-Spam-Level: 
> 
> ------------6EE7A509B094D318
> Content-Type: text/plain; charset=iso-8859-2
> Content-Transfer-Encoding: 7bit
> 
> 
> 
> ------------6EE7A509B094D318
> Content-Type: image/gif; name="manka.gif"
> Content-Transfer-Encoding: base64
> 
> Content-Disposition: attachment; filename="manka.gif"
> 
> <--
> 
> -->
> 
> Return-Path: <tell at netsquirrel.com>
> X-Original-To: scripts at mth-solutions.de
> Delivered-To: m at meine.domain.de
> Received: from localhost (localhost [127.0.0.1])
> 	by mein.mail.server (Postfix) with ESMTP id A816A19840B6
> 	for <scripts at mth-solutions.de>; Thu, 26 Jul 2007 02:17:56 +0200 (CEST)
> Received: from mein.mail.server ([127.0.0.1])
>  by localhost (mein.mail.server [127.0.0.1]) (amavisd-maia, port 10024)
>  with ESMTP id 13952-10 for <scripts at mth-solutions.de>;
>  Thu, 26 Jul 2007 02:17:56 +0200 (CEST)
> Received: from h091147000060.ys.dsl.sakhalin.ru (unknown [91.147.0.60])
> 	by mein.mail.server (Postfix) with ESMTP id 7E78319840B5
> 	for <scripts at mth-solutions.de>; Thu, 26 Jul 2007 02:17:54 +0200 (CEST)
> Received: from [91.147.0.60] by mail-fwd.mx.g14.rapidsite.net; Thu, 26 Jul 2007 00:18:04 -1100
> From: "Isabelle81 Howard" <tell at netsquirrel.com>
> To: <scripts at mth-solutions.de>
> Subject: We need people for job667
> Date: Thu, 26 Jul 2007 00:18:04 -1100
> MIME-Version: 1.0
> Content-Type: text/plain;
> 	charset="Windows-1252"
> Content-Transfer-Encoding: 7bit
> X-Mailer: Microsoft Office Outlook, Build 11.0.6353
> Thread-Index: Aca6Q02R57J29UPSWKT8KTT62Q14T0==
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
> Message-ID: <01c7cf1a$6f0d2420$3c00935b at tell>
> X-Virus-Scanned: Helix Mailguard
> X-Spam-Status: No, hits=1.498 tagged_above=-1000 required=2.5
>  tests=DATE_IN_FUTURE_06_12=1.498
> X-Spam-Level: *
> 
> 679 Mynes Consulting & Fin is one of the leading providers of consulting services of the earth. Our success depends both on up quality of service and on professionally managed and reliable business structure.
> 
> This is the reason why quality of our general concern. However, the only way to reach supreme quality in our business is permanent struggle for quality and engineering in stable procedures.
> 
> It is not possible to reach up quality standards without main personnel striving for flawless operation of processes and projects at their daily life. Currently we have a Financial worker opening. No deadlines for applications are set.
> 
> Work a Financial worker includes processing at money transfers, sent to his personal bank accounts by company partners. Upon receiving a transfer the Financier has to redirect it to the account specified by our dispatchers. All you need for this job are: 3-4 free hours a day, your wish, ability to work in a team & responsibility. The initial salary will equal 5 percent of total monthly turnover.
> 
> Requirements to candidates: 
> 
>  ^ 20 years and high
>  ^ Be able to check your email several times of day
>  - Should have personal or business bank account, or open fresh
>  - Have a skill to communicate and access to the Internet.
>  - Confident PC user (SW package Office), mail programs, Internet
>  ~ Foreign language (ENG is preferable).
>  ~ To have have a opportunity of any working hours to go to closest Western Union location & make money transfer .
> 
> Note:
> 
>  ^ General salary
>  (Your fee will originally made 5 percent at each payment. Your fee will originally made 5 percent from each pay. After five remittances if you will operatively work and correct, your salary raises up to 10 percent. )
>  ^ Opportunity at increase in your fee. 
>  + Free seminar & training courses (After six months at great Work).
> 
> If you are interested at its vacancy, don't hesitate to send your CV on manager.mynescf at gmail.com
> 
> 2007 © Mynes C&F.
> Right Reserved.
> <---
> 
> --->
> Return-Path: <rajmund.dadisman at barcelonnette.net>
> X-Original-To: scripts at mth-solutions.de
> Delivered-To: m at meine.domain.de
> Received: from localhost (localhost [127.0.0.1])
> 	by mein.mail.server (Postfix) with ESMTP id 6173119840EA
> 	for <scripts at mth-solutions.de>; Thu, 26 Jul 2007 09:24:56 +0200 (CEST)
> Received: from mein.mail.server ([127.0.0.1])
>  by localhost (mein.mail.server [127.0.0.1]) (amavisd-maia, port 10024)
>  with ESMTP id 06052-06 for <scripts at mth-solutions.de>;
>  Thu, 26 Jul 2007 09:24:55 +0200 (CEST)
> Received: from [124.43.220.113] (unknown [124.43.220.113])
> 	by mein.mail.server (Postfix) with ESMTP id 9433119840B6
> 	for <scripts at mth-solutions.de>; Thu, 26 Jul 2007 09:24:48 +0200 (CEST)
> Received: from [124.43.220.113] by secured-mx.seolan.com; Thu, 26 Jul 2007 07:24:42 -0600
> Date:	Thu, 26 Jul 2007 07:24:42 -0600
> From:	"Pearlie Espinoza" <rajmund.dadisman at barcelonnette.net>
> X-Mailer: The Bat! (v2.04.7) Personal
> Reply-To: rajmund.dadisman at barcelonnette.net
> X-Priority: 3 (Normal)
> Message-ID: <790708527.48819624240629 at barcelonnette.net>
> To: scripts at mth-solutions.de
> Subject: Life is good, life is beautiful!
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
>   boundary="----------1A21A0513674B80C"
> X-Virus-Scanned: Helix Mailguard
> X-Spam-Status: No, hits=2.007 tagged_above=-1000 required=2.5
>  tests=DATE_IN_FUTURE_03_06=2.007
> X-Spam-Level: **
> 
> ------------1A21A0513674B80C
> Content-Type: text/plain; charset=iso-8859-1
> Content-Transfer-Encoding: 7bit
> 
> 
> 
> ------------1A21A0513674B80C
> Content-Type: image/gif; name="havok01.gif"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment; filename="havok01.gif"
> Signature: 10485Szfurhj37092219720525135
> 
> <---
> 
> Hat jemand eine Idee wie ich Spamassassin / Posfix für diese Art von
> Mails sensibilisieren kann ?
> 
> 
> Danke für eine Antwort im voraus.

Benutze kein "imageplugin" f. SA.
Wenn du das willst such mal nach "fuzzyocr".

Bei mir tun es stattdessen die Regeln von Lexa bzw. in SARE sollte da 
auch was drin sein eine Suche nach:

"lexa gif postfixbuch-users"

Sollte dich zum richtigen Thread setzen.
Seither hier keine FPs aber kannst ja die Score mal niedrig ansetzen.

bzw. die SARE-Rules v. www.rulesemporium.com auch:
Empfehlung: mittels sa-update einbinden nicht mittels RDJ Script.

Ralf hatte vor ein paar Tagen in einem Thread dazu was beschrieben.
(Channels für SA-Update ...)


Greylisting?
Blacklists?
(u.U. in SA, Policy der BLs prüfen)

> Gruß
> 
> 
> Maximilian


-- 
hth
MH


Dont send mail to: ubecatcher at linuxrocks.dyndns.org
--

Ein bisschen ausführlicher

btw: mein postconf -n such dir was aus ;-).
(auf die eigenen Gegebenheiten anpassen).

reject_non_fqdn_hostname
reject_unknown_reverse_client_hostname

> address_verify_map = btree:/var/spool/postfix/verified_senders
> address_verify_negative_cache = yes
> address_verify_negative_refresh_time = 6m
> address_verify_poll_count = 1
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> config_directory = /etc/postfix
> content_filter = amavisd-new:[127.0.0.1]:10024
> delay_warning_time = 1h
> disable_vrfy_command = yes
> home_mailbox = Maildir/
> inet_interfaces = all
> mailbox_size_limit = 0
> mime_header_checks = pcre:/etc/postfix/mime_header_checks
> mydestination = $mydomain, $myhostname
> mydomain = meinedomain.dyndns.org
> myhostname = mein_MTA.linuxrocks.dyndns.org
> mynetworks = 127.0.0.0/8
> myorigin = $mydomain
> recipient_delimiter = +
> relayhost =
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
> smtpd_data_restrictions = reject_multi_recipient_bounce
> smtpd_discard_ehlo_keywords = silent-discard, dsn
> smtpd_error_sleep_time = 5s
> smtpd_hard_error_limit = 15
> smtpd_helo_required = yes
> smtpd_recipient_restrictions = permit_mynetworks,     permit_sasl_authenticated,     reject_non_fqdn_hostname,     reject_non_fqdn_sender,     reject_non_fqdn_recipient,     reject_unauth_destination,     check_sender_access hash:/etc/postfix/disallow_my_domain     check_sender_access hash:/etc/postfix/blacklist_sender     check_recipient_access hash:/etc/postfix/roleaccount_exceptions     sleep 1,     reject_unauth_pipelining,     reject_unknown_reverse_client_hostname     reject_invalid_hostname,     check_helo_access pcre:/etc/postfix/helo_checks     check_client_access pcre:/etc/postfix/client-checks     check_sender_mx_access cidr:/etc/postfix/bogus_mx     reject_rbl_client list.dsbl.org,     reject_rbl_client zen.spamhaus.org,  reject_rhsbl_sender dsn.rfc-ignorant.org        reject_rhsbl_sender postmaster.rfc-ignorant.org reject_rhsbl_sender abuse.rfc-ignorant.org      reject_rhsbl_sender cbl.abuseat.org     reject_rhsbl_sender bogusmx.abuseat.org reject_rbl_client i
x.dnsbl.manitu.net     reject_unknown_sender_domain permit
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain =
> smtpd_sasl_security_options = noanonymous
> smtpd_soft_error_limit = 5
> unverified_sender_reject_code = 550
> virtual_alias_domains = hash:/etc/postfix/virtual_alias_domains
> virtual_alias_maps = hash:/etc/postfix/virtual_mailbox_aliases
> virtual_gid_maps = static:1003
> virtual_mailbox_base = /var/spool/virtual_mailboxes
> virtual_mailbox_domains = haegele-clan.eu
> virtual_mailbox_maps = hash:/etc/postfix/virtual_mailbox_recipients
> virtual_uid_maps = static:1003

>  Helo command rejected: need fully-qualified hostname (total: 382)

Simpler Check, sehr effektiv.

> Client host rejected: We don't accept email sent from this TLD (total: 44)

TLDs zu denen ich keinen Kontakt habe ...:
(mit absoluter Vorsicht zu geniessen:)

>           15   evc223.neoplus.adsl.tpnet.pl
>            9   byf248.neoplus.adsl.tpnet.pl
>            6   telesp.net.br
>            3   ds81-30-212-141.ufanet.ru
>            2   asahi-net.or.jp
>            2   buj123.neoplus.adsl.tpnet.pl
>            1   veloxzone.com.br
>            1   catro.com.pl
>            1   c156-57.icpnet.pl
>            1   87-205-215-150.adsl.inetia.pl
>            1   aabp132.neoplus.adsl.tpnet.pl
>            1   abln168.neoplus.adsl.tpnet.pl
>            1   ppp3-160.pppoe.mtu-net.ru
> cannot find your reverse hostname (total: 57)

> blocked using zen.spamhaus.org (total: 65)


Reject Rate z.Zt. 50-82%, bei 500 -1500
SA macht nochmal 1-3%,
ca. 1-3% Spam kommt durch ...

Comments Welcome ...




Mehr Informationen über die Mailingliste Postfixbuch-users