。DNSBL
smtpd_client_restrictions = reject_rbl_client sbl-xbl.spamhaus.org
ref: http://plog.longwin.com.tw/post/1/493
spamhaus官網: www.spamhaus.org
SBL: verified spam sources and spam operations (including spammers, spam gangs and spam support services),
XBL: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of illegal 3rd party exploits, including open proxies (HTTP, socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Quote: http://blog.gslin.org/archives/2006/10/27/849/
Spamhaus 是一個在英國提供 DNSBL 服務的單位,主要提供兩份名單:SBL (Spamhaus Block List) 與 XBL (Exploits Block List)。SBL 列出了 Spam Source 的機器 (Direct UBE sources, verified spam services and ROKSO spammers)。而 XBL 則是列出被 crack 當作跳板的機器 (Illegal 3rd party exploits, including proxies, worms and trojan exploits)。
查詢工具
http://spamlinks.net/filter-dnsbl-lookup.htm
也可在 http://www.dnsstuff.com/ 的Spam Database Lookup查詢
www.spamhaus.org也可查
至於怎麼用
Quote: http://www.spamhaus.org/sbl/howtouse.html
DNSBL Zone to Query Returns Contains
SBL sbl.spamhaus.org 127.0.0.2 Direct UBE sources, verified spam services and ROKSO spammers
XBL xbl.spamhaus.org 127.0.0.4-6 Illegal 3rd party exploits, including proxies, worms and trojan exploits
SBL+XBL sbl-xbl.spamhaus.org 127.0.0.2-6 Combined zone to reduce queries Includes both SBL and XBL zones
什麼是 PBL
Quote: http://cpro.com.tw/channel/news/content/index.php?news_id=53541
PBL (Policy Block List) 乃是一個IP位址資料庫,可用以阻止以「direct-to-mx」方式寄信給其它ISP的行為。
。Postgrey
ref: http://ssorc.tw/?p=594
ref: http://blog.t-times.net/ada/space/start/2006-12-25/1#對抗垃圾信,使用_Postgrey
ref: http://linux.vbird.org/linux_server/0380mail.php#adv_postgrey
。拒絕來自未知的寄件人顉域的郵件
smtpd_sender_restrictions = xxxxx, reject_unknown_sender_domain
smtpd_reciptient_restrcitions = xxxxx, reject_unknown_sender_domain
。procmail 過濾只有自家人才可寄信給特定帳號,而外部寄進來的話,丟到/dev/null
vi /etc/postfix/main.cf
mailbox_command = /usr/bin/procmail
vi /etc/procmailrc
:0 Hw
* ^[Tt]o.*cross@test.xports.idv.tw.*
* !^[Ff]rom.*test.xports.idv.tw.*
/dev/null
ref: http://phorum.study-area.org/viewtopic.php?t=11673&highlight=procmailrc
。讀清單裡的帳號位址,符合的放到另定義的 maillistbox
vi ~/.procmailrc
LOGFILE=./.procmail.log
LOGABSTRACT=all
VERBOSE=onURGMATCH=`cat $HOME/.maillist.txt`
:0:
* $^From.*${URGMATCH}
maillistbox
touch .procmail.log && chmod o+w .procmail.log
vi .maillist.txt
cros2s@ssorc.tw
。Postfix內建的 header_checks與 body_checks
[1.] vi /etc/postfix/main.cf
header_checks = regexp:/etc/postfix/header_checks
body_checks = regexp:/etc/postfix/body_checks
postfix reload
[2.] 編輯 /etc/postfix/header_checks或者 /etc/postfix/body_checks建立規則
# /規則/ 動作 顯示在maillog檔裡的訊息
/^from.*root/ DISCARD from root be droped# 多重條件時
if /xxx/
if /xxx/
/xxx/ DISCARD the spam mail
endif
endif
[3.] 測試
postmap -q – regexp:/etc/postfix/header_checks < /etc/postfix/header_checks
(無任何訊息顯示,代表正確無誤)
。拒絕動態 ip
vi /etc/postfix/main.cf
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
vi /etc/postfix/access
dynamic.hinet.net REJECT We can't allow dynamic IP to relay!
postmap hash:/etc/postfix/access
。參考一下這篇文章吧
ref: http://www.howtoforge.com/block_spam_at_mta_level_postfix
留言