[ale] Dealing with spam and phishin.

Fri Jun 16 11:19:28 EDT 2006

Terry Lee Tucker wrote:

>On Friday 16 June 2006 05:44 am, Keith Hopkins <hne at hopnet.net> thus 
>communicated:
>--> H. A. Story wrote:
>--> > I just got another phishin email for a bank that I have no part of.
>--> > Recently, I have been looking at the email headers to see where the
>--> > email comes from.  I usually forward the email to who ever is listed in
>--> > the abuse and to whomever they are trying to pose as.   As of late
>--> > ebay, paypal and yahoo are good about responding and taking action.
>--> > Such as closing the account in yahoo case.   Mind you I don't get much
>--> > spam after I stopped using outlook and running Mozzila email client and
>--> > setting up filters.  Just can't help but wonder if reporting phishin
>--> > helps.  Maybe I should look into blacklist, but do those real help with
>--> > the seeming random domains?
>--> >
>--> > Now this last email.  The domain is hosted on godaddy according to
>--> > whois.  And they allowed the phone number to be registered as
>--> > 1231231234. (WTF?) I think that is just wrong.   So I went to the
>--> > website link in the email put in made up info and in the email address
> I --> > put that goofs email address.   Maybe, I should send him a FAX on
> --> > 1231231234.  Just unreal.
>--> >
>--> > Adrin
>-->
>--> I made a couple of recent changes to my postfix config which reduced my
> spam intake from about 200 a day to about 20 a day. -->
>--> smtpd_sender_restrictions = reject_unknown_sender_domain,
> reject_unverified_sender -->
>--> smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname,
> reject_unknown_hostname, reject_non_fqdn_hostname -->
>--> reject_unverified_sender seems to have done the most good.  It delays
> delivery until it can verify the sender addr can itself accept mail (and
> then caches the sender's address).  Fine for my home mail server ( < 1 msg /
> sec ), but probably too much overhead to a high volume mail server. -->
>--> --Keith
>-->
>--> _______________________________________________
>--> Ale mailing list
>--> Ale at ale.org
>--> http://www.ale.org/mailman/listinfo/ale
>-->
>
>Do you know if there is a sendmail equivalent the controls you mention?
>
>Thanks...
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://www.ale.org/mailman/listinfo/ale
>
>  
>
I will have to try this.  But I use fetchmail to get my mail from a few 
pop accounts and only use postfix for local mail,( I think).  That is to 
say, postfix sends the mail to bellsouth.  I decide that since I can't 
keep up with the hacks and script kiddies that it would be best to just 
block that port incoming.  As of right now I only have 2 ports open on 
my Firewall.  And once I figure out an easy way to do sftp or ftp 
through ssh on client computers with putty easily, ftp will be blocked also.

Adrin
P.S.  I still remember a not so good email filter,  in the aliases file  
point all local mail to /dev/null.