Categories
Email

gmail: no third-party DSNs

Be careful if you forward email to a gmail account. Gmail doesn’t like receiving mail delivery status notices or reports. This server filled up overnight with tens of thousands of email reports bouncing back and forth between it and gmail. If you emailed me in the last 24 hours and I haven’t replied, I may not have received it (yet).

postfix/cleanup[12107]: 9FE58326C1: reject: header Content-Type: multipart/report; report-type=delivery-status;??boundary=”A507733AD3.1188834275/mail.ocaoimh.ie” from local; from=<donncha_@_ocaoimh.ie> to=<xxxx@gmail.com>: no third-party DSNs

I really haven’t had any luck with email recently …

How I fixed everything

  • First of all I disabled the forward to my gmail accounts by moving .procmailrc out of the way.
  • Then I deleted a lot of log files to make more breathing space for everything and watched the mail spool into my mail file.
  • That was taking too long so I shutdown Postfix and went into /var/spool/postfix/ and into the active, incoming and maildrop folders where I moved every file with the string “Undelivered Mail Returned to Sender” out of the way:

    for i in `grep "Undelivered Mail Returned to Sender" * -rl`; do mv $i /tmp/xxx/ -vi; done

  • After restoring the .procmailrc, I restarted Postfix and lots of legitimate email started flowing again!
  • I added the following recipe to my .procmailrc which I hope will stop bounced messages getting to Google:

    :0:
    * ^Subject: Undelivered Mail Returned to Sender
    POSTMASTER.txt

What caused the problem in the first place? A bounced email from Yahoo. Someone left a comment with a fake email address, subscribed to the post and when another comment was left on that post the subscription email bounced. It’s worked before fine so I’m not sure why Google are complaining now! Over 2GB of bounced mail. My poor server.

Update! It happened again but I stopped Postfix at 9.5MB free on the filesystem and this time I found out what went wrong. I implemented these Postfix rules Justin blogged about without running Spamassassin. Well, I used to run SA but then when I started using Gmail I stopped, which is probably why I didn’t see this earlier. Not Justin’s fault, my own for playing with fire!

Categories
Email

Why not let Google filter your spam?

I’ve been running Spamassassin and Postgrey on my mail server for the past few months. It was only since the server was upgraded that I had enough juice to run the very intensive SA processes (even using spamd), but still on occasion the server would grind to a stop when a particularly nasty Rumpelstiltskin attack was underway.

So, last week I met Mark for a coffee and he showed me his Nokia N90 (or N80, I can’t remember) and the gmail app that was installed on it. He collects his gmail email on his phone, after it’s filtered for spam, and what with the cost of GPRS data, that’s quite a saving. I don’t intend reading my email on my phone (I hate my W810i anyway), but he did give me the idea of sending my email through Google and then popping it off into Thunderbird!

googlespam.gif

Now, I have a simple .forward to send on my email. I was able to shut down Postgrey and Spamassassin and email is delivered quickly and with few false positives or spams getting through. When I think of it, I can use the web interface to check what’s due to come down the line. You also get the added bonus of encrypted pop3 data, useful when you’re at a conference or simply on public wifi.

I’m sure everyone else has been doing this for ages and ages but hopefully this will inspire at least one person to follow suit and rid themselves of spam once and for all!

Categories
Email Linux

Postgrey – Postfix Greylisting Policy Server

Greylisting is an anti-spam and virus measure you can use on your mail servers. When a remote server connects for the first time it’s automatically disconnected and can’t connect for a set time limit (default is 5 minutes). If it’s a real mail server it should keep trying to deliver the mail but viruses and spam will more than likely be stopped cold.

Postgrey is a greylisting server for Postfix that Colm Buckley installed on the machine that runs linux.ie
On Debian, it’s as easy as apt-get install postgrey but then you have to configure Postfix to use it:
Edit /etc/postfix/main.cf and modify the line that starts with:
smtpd_client_restrictions = ...
and add inet:127.0.0.1:60000 to the end of it.
Now, you probably want to enable white listing of clients too so edit /etc/default/postgrey and change so it looks like this:
POSTGREY_OPTS="--inet=127.0.0.1:60000 --delay=300 --auto-whitelist-clients"
You might want to add the IP range for your local network to /etc/postgrey/whitelist_clients so they’re not greylisted:
/^192\.168\.1\..*/ does the job for my situation I think.
Now, restart Postfix and Postgrey and you should see the following message appear in /var/log/mail.info:
Client host rejected: Greylisted for 300 seconds (see http://isg.ee.ethz.ch/tools/postgrey/help)
If you don’t, it’s not working!
Much later… It’s been active for about 20 hours now and I’ve only received about 10 spams, down from well over 200 usually! The delay in delivery is annoying, but it’s something we can hopefully live with!

Categories
Email

Thank you SpamAssassin, again!

Every Monday morning it’s the same. There’s a pile of spam and it numbers in the hundreds of emails. Thankfully almost all of it was caught by SpamAssassin.
So, for those of you interested:

  1. Regular email: 1.3MB
  2. Spam email: 4.2MB
  3. Total spam: 507 emails.
  4. Spam that auto-trained: 400.
  5. Spam to my inbox: 3

Gives one a good feeling when you’re winning the battle on a daily basis. The war is another matter unfortunately.

Categories
Email General

Spamassassin – scoring on DSL lines

Since upgrading to Spamassassin 2.60 yesterday I’ve noticed a (small) increase in false positives. There were only 4 out of 132 spams caught overnight, but almost all were from dsl or dynamic IP addresses. The default score for this test is 2.5, but if you add the following to /etc/mail/spamassassin/local.cf you can change the score:

score RCVD_IN_DYNABLOCK 0 1 0 1

That’ll give it a ‘1’ instead of 2.5 which is probably more reasonable. (Ironically, most of the emails caught were from “Karsten M. Self”, a critic of TMDA, who posts directly from his dial-up machine!)

Categories
Email

Spamassassin – Bayesian autolearn

Just noticed the Spam Assassin auto learn rules. Look up perldoc Mail::SpamAssassin::Conf and search for auto_learn, auto_learn_threshold_nonspam, auto_learn_threshold_spam.
I’ve changed the auto_spam threshold down, as 15 is probably a bit high considering the small number of false positives I usually get.

Categories
Email

New SpamAssassin Out!

Version 2.55 of SA is out. The release notes are a bit terse, but the notes for 2.54 indicate this is a release worth installing. It adjusts some spam rules spammers were using to get past SA!

spammers have been targeting our nice rules to get themselves negative overall scores, so those rules are now much less strongly-scored. also added a “TOO_MANY_MUA” rule that will catch multiple user agent headers.

Go download it now!

Categories
Email

SpamAssassin

Yet another release of SpamAssassin is out. Spam is definetly getting harder to track. I got one this afternoon that simply asked me to click on a url. How can you defend against that? Maybe the tmda folks have a point..

Categories
Email

SpamAssassin 2.51

Note to self, install this at work on Monday: SpamAssassin 2.51 (via Dangerous Meta)
Over the last few days a lot more spam has got through to my inbox, and it seems to be after I installed version 2.50 of SA. This could be because I was still training the Bayesian filters. I also blacklisted *@artist-server.com as they were very persistent in spamming me. That helped, and putting the threshold down to 4.5 caught 2-3 spams. Today was better. Perhaps the Bayesian filters are working now!
On another related matter, I configured Goldmine to filter out spam, but it’s unusable. Goldmine has to create a new identity for each new email address so it’s easier to delete the email “online” before it’s downloaded. (If you knew Goldmine you’d know what I mean, it sucks!)

Categories
Email

SpamAssassin – web based Bayesian training?

The latest release of SpamAssassin has support for Bayesian analysis. You have to train it and it gets better.
The only problem is SpamAssassin uses a command line app, sa-learn, to learn about your mail. Who’ll volunteer to create a web-based form to copy and paste spam/legitimate mail to train it? Adding an “upload file” button would be great too to for those mass-mail learning situations when you come into work in the morning..
It should be easy enough, although you’ll have to use su-exec or something to add rules to different user’s accounts. So, who’s up for it then?