anti spam

8 月 16 2008

用 Postfix 擋偽造來源位址的信件

現在許多廣告信件都是亂丟,配合來源位址的偽造,可能造成主機在發信上有所阻礙。
例如這種狀況:

廣告信偽造的寄件位址是 [email protected],寄給 [email protected]。如果 example-host.com 沒有 no-this-user 這個使用者,那信件會被退到 [email protected],久而久之,example-host.com 可能會被 yahoo.com.tw 擋掉。

之前的文章 只提過 exim 上面的擋法,最近是摸出了 Postfix 的設定方式。

  1. 讓系統進行檢查,main.cf 要有這些片段:
    smtpd_restriction_classes =
        fakemail_yahoo
        fakemail_gmail
        ...
#
fakemail_yahoo = check_client_access pcre:/usr/local/etc/postfix/fake/yahoo
fakemail_gmail = check_client_access pcre:/usr/local/etc/postfix/fake/gmail
#
smtpd_sender_restrictions =
        ...,
        check_sender_access hash:/usr/local/etc/postfix/fake/CHECK,
        ...
  2. 製作規則對應檔(/usr/local/etc/postfix/fake/CHECK),內容大致如下(中間的大空格用 tab 隔開):
    yahoo.com       fakemail_yahoo
yahoo.com.tw    fakemail_yahoo
gmail.com       fakemail_gmail
...
  3. 製作規則檔(以 /usr/local/etc/postfix/fake/yahoo 為例),內容如下(中間的大空格用 tab 隔開):
    /(^|\.)yahoo\.com$/     DUNNO
/./                     REJECT Fake address
  4. 用 postmap 產生規則對應檔的 hash map,接著讓 postfix 重新讀入設定檔。

對了,如果有 MX server 的話,都得一起上,不然沒用。
跑了一段時間後,效果還真的蠻顯著的。 :-P

By 1 • Tags: , ,

12 月 17 2007

在 exim 上面作 anti spam

在網路上看了一堆網頁,也摸索了好一陣子,剛才弄出這些設定:

  • 在 HELO 或 EHLO 指令時作檢查的 acl name 是 check_hello:

    check_hello:

    deny message = HELO/EHLO with my ip address. You are not me.
    log_message = HELO/EHLO my.ip
    condition = ${if eq {$sender_helo_name}{###.###.###.###} {yes}{no}}

    deny message = Fine, then the mail I accept is also none
    log_message = HELO/EHLO none
    condition = ${if match {$sender_helo_name}{none} {yes}{no}}

    accept

  • MAIL 用的 acl name 是 check_mail :

    check_mail:

    deny message = $sender_host_address is listed in $dnslist_domain
    hosts = !+relay_hosts
    !authenticated = *
    dnslists = bl.spamcop.net : \
    sbl.spamhaus.org : \
    list.dsbl.org : \
    cbl.anti-spam.org.cn

    deny message = Fake Yahoo, so you must be spam.
    log_message = Fake Yahoo
    senders = *@yahoo.com
    condition = ${if match {$sender_host_name}{\Nyahoo.com$\N}{no}{yes}}

    deny message = Fake hotmail, so you must be spam.
    log_message = Fake hotmail
    senders = *@hotmail.com
    condition = ${if match {$sender_host_name}{\Nhotmail.com$\N}{no}{yes}}

    deny message = Fake MSN, so you must be spam.
    log_message = Fake MSN
    senders = *@msn.com
    condition = ${if match {$sender_host_name}{\N(hotmail|msn).com$\N}{no}{yes}}

    deny message = Fake AOL, so you must be spam.
    log_message = Fake AOL
    senders = *@aol.com
    condition = ${if match {$sender_host_name}{\Nmx.aol.com$\N}{no}{yes}}

    deny message = Fake Gmail, so you must be spam.
    log_message = Fake Gmail
    senders = *@gmail.com
    condition = ${if match {$sender_host_name}{\Ngoogle.com$\N}{no}{yes}}

    accept

  • DATA 用的 acl name 是 check_data:

    check_data:

    deny message = Message SHOULD have Message-ID: but does not
    condition = ${if !def:h_Message-ID: {1}}

    deny message = Message SHOULD have Date: but does not
    condition = ${if !def:h_Date: {1}}

    accept

要讓 exim 在 HELO(或 EHLO)、MAIL 與 DATA 指令時作檢查,設定檔裡面要有這三行:

acl_smtp_mail = check_mail
acl_smtp_helo = check_hello
acl_smtp_data = check_data

目前在 log 看到的成效還不錯。 XD

參考網址:

By 0 • Tags: ,