[Mdlug] Test message

Rich Clark <rrclark@rrclark.net> rrclark at rrclark.net
Thu Sep 28 12:20:27 EDT 2006


On Thu, 28 Sep 2006, Raymond McLaughlin wrote:

> Rich Clark <rrclark at rrclark.net> wrote:
>> Hello... all subscribed properly now...
>
> Yup I see that, did you also subscribe to any of the other www2 lists?

I've not yet.  I've been watching and it looks like everything is good to 
go.  Now for the fun part, moving all the stuff over.  I still have to 
dump the addresses from mailman on the main server.

> Now if we could get some of the other officers on board we could do some real
> testing.

Hopefully they'll read their mail today and participate.  Reminds me of an 
old adage, something about horses and water.

> A couple of questions about the gray-listing. Do you pull an SBL from SpamHaus?
> I was getting blocked hours after SpamHaus.org denyed that my ISP's IP was on
> any sbl.

The blocks that looked like a spamhaus.org block in the reject messages 
you were receiving were caused by my fat fingers misspelling spamhaus.org 
in /etc/postfix/main.cf.  Corrected that.

To bring you fully up to speed, here's what I've done on that server:

Postgrey greylisting

 	A sending host will connect to port 25 of our machine, which is 
handled by postfix.  Postfix then compares the message to our internal 
access list and also checked against the spamhaus.org XBL/SBL combined 
list.  If it passes those checks, it's then passed to postgrey.  If it's a 
message that has not been seen before, it is temporarily delayed for 300 
seconds with a 450 smtp response to the sending server. All MTA software 
knows to defer delivery on receipt of a 450 code.  Spamware, however, 
won't bother to resend as it is too wasteful of the spammer's resources. 
It just moves on to the next address on the list.  I've seen most MTA 
software retry several times before the postgrey timeout expires, though 
I'm not certain if it will reject messages after too many retries before 
the timeout expires.  I'll have to reread up on whether it has that 
capability.  There's another rate-limiting feature in postfix that I'll 
detail further on in this explanation.

Postfix/amavisd-new/spamassassin/clamav filtering.

 	Once the greylisted message has passed the 300 second greylist 
timeout, it's passed through to postfix.  Postfix then passes the message 
to amavisd-new, which runs checks against spamassassin and clamav. 
Spamassassin is set to tag-only; clamav will toss anything that it finds 
with a virus to a quarantine directory.  The mail that passes these tests 
is then returned to postfix for final delivery.

 	While setting this all up, I noted a new feature in postfix 2.2 
that I'd not seen in earlier releases, a servlet called anvil, which 
rate-limits incoming messages.  Anvil will be useful to me at home as I'm 
still getting little mailbombs from some spammer or two that I've pissed 
off over the years.  I'll rate limit down to 30 connections and/or 30 
messages per minute and simply drop connection on him.  I don't think 
those kinds of limits for the LUG server would be a bad idea, either, so 
it's in place there already.

Questions?  Lemme know.

-- 
Rich Clark

Summary of IBM's 04/04/2006 reply in support of
its Motion to Limit SCO's Claims Relating to 
Allegedly Misused Material, with apologies to 
Monty Python:

IBM: It's not much of a case, is it?

SCO: Finest in the district!

IBM: Explain the logic underlying that conclusion.

SCO: It's so clean!

IBM: It's certainly uncontaminated by evidence.

--thanks to Juggler9 on Groklaw.net


A good way to deal with stage fright is to first
imagine yourself naked, then imagine yourself
laughing at your naked self and pointing.  Then
you yell to yourself dressed as a cop to "Arrest
that pervert!" before beating your naked body
with a truncheon. -- nu-monet v8.0



More information about the mdlug mailing list