E-Scribe New Media

Paul Bissex • Literate and Dynamic Web Development

Antispam: Technical Details

Back to spam stats

This server hosts about a dozen domains, many forwarding addresses, and a small number of mailboxes. For every legitimate message received, the server denies 50 or more attempts at sending spam -- thousands per day. A tiny amount of spam does manage to reach a user's inbox (and it's an interesting subset), but 99.9% of it is blocked. Here's how.

I run Postfix with the following anti-spam measures:

Greylisting (via TumgreySPF)
Rejection of malformed or non-resolving sender domains
Rejection of forged HELOs
Custom sender-checking rules to reject mail from freemail addresses (e.g. yahoo.com, hotmail.com, mail.com) that is not actually sent via those companies' servers
SPF checking
Blacklists. I do my best to avoid power-trippers and vigilantes. Lists I use (or have used) are:
- dnsbl.njabl.org
- dynablock.njabl.org
- sbl-xbl.spamhaus.org
- dul.dnsbl.sorbs.net
- list.dsbl.org
- relays.ordb.org
- dul.ru
- bogons.dnsiplists.completewhois.com

All rejections are accompanied by explanatory messages, rather than discarded, so that in the event a legitimate message is caught by one of the server's anti-spam rules the sender will be able to take corrective action. (Assuming they read the rejection message!)

These measures are in place for all system users.

I used to gather spam via about 300 "spam collectors" -- addresses which have never sent mail, and have never been published, yet have ended up on spammers' lists through mutation and dictionary attacks. Messages received at these addresses were automatically reported to the Pyzor network, then discarded. Now I simply reject messages to these nonexistent addresses.

The spam statistics graph is generated from Postfix logs with the help of pflogsumm.pl and my own custom graphing script. The data is updated every five minutes.

Other Spam Statistics and Resource Pages

home • blog