[TriLUG] Spamassassin to filter non-US

Cristóbal Palmer cmp at cmpalmer.org
Wed Oct 1 11:45:24 EDT 2008


On Wed, Oct 1, 2008 at 11:08 AM, Christopher L Merrill
<chris at webperformance.com> wrote:
> I'd like something similar - mark any mail with cyrillic or asian
> characters as spam.

We tried to blacklist some charsets for awhile, but that didn't help
much. often spammers will base-64 encode or use a rendering flaw in
(usually MS) software to say they're sending one thing when they're
sending another.

We've had the largest improvements in filtering quality with a mix of
approaches:

* strict HELO checking (done in postfix)
* more SA rules from more places (more Channels [0])
* handling different types of mail on different servers (eg. lists,
main domain) with different rules
* greylisting (postgrey)

The HELO checking was the big one for killing most of the weird
charset stuff. The downside has been the occasional ticket from a user
who isn't getting mail from a contact at, say, example.net... usually
the mail admin on the example.net end has mail going out with
something like "example.local" as the HELO address. For domains like
that (where the admin on the other end refuses to make a change), we
have:

smtpd_helo_restrictions =
  [...]
  check_client_access hash:/etc/postfix/client_access

in the /etc/postfix/main.cf file, and then in
/etc/postfix/client_access you would have a line:

example.net OK

You could also use a bare IP instead of the domain name. Don't forget
to use postmap to generate the client_access.db file.

Cheers,
-- 
Cristóbal M. Palmer
"Small acts of humanity amid the chaos of inhumanity provide hope. But
small acts are insufficient."
    -- Paul Rusesabagina

[0] http://wiki.apache.org/spamassassin/RuleUpdates#head-612bf6b3bb5d01d608f59869f29630fbf46476fa


More information about the TriLUG mailing list