Quantcast

Do not forward spam

classic Classic list List threaded Threaded
36 messages Options
12
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Do not forward spam

azurIt
Hi,

i'm having problems with spam forwarding - lot's of our users enabled forwarding to gmail and every spam they receive is also forwarded. Today gmail block us because of spam (which we were just forwarding, not sending). Any tips how can i disable forwarding in case of a spam (for example, when message has X-Spam-Status: Yes) ? Thanks.

azur
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Do not forward spam

Robert Schetterer-2
Am 20.09.2013 16:42, schrieb azurIt:
> Hi,
>
> i'm having problems with spam forwarding - lot's of our users enabled forwarding to gmail and every spam they receive is also forwarded. Today gmail block us because of spam (which we were just forwarding, not sending). Any tips how can i disable forwarding in case of a spam (for example, when message has X-Spam-Status: Yes) ? Thanks.
>
> azur
>

you should reject and/or filter ( quarantaine ) incomming spam at
incomming smtp stage

what about using clamav-milter with sane-security antispam signatures
and/or spamass-milter, perhaps amavis-milter




Best Regards
MfG Robert Schetterer

--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Do not forward spam

Jim Wright
In reply to this post by azurIt
On 2013-09-20 09:42, azurIt wrote:
> i'm having problems with spam forwarding - lot's of our users enabled
> forwarding to gmail and every spam they receive is also forwarded.
> Today gmail block us because of spam (which we were just forwarding,
> not sending). Any tips how can i disable forwarding in case of a spam
> (for example, when message has X-Spam-Status: Yes) ? Thanks.

You may first want to look at why you are receiving the spam in the
first place and not rejecting it.  There are many ways to fight this,
much of which will come down to what your policies are regarding
rejecting mail, false positives, etc.

You could always turn off the ability of your users to forward mail to
other services, problem solved.

If you absolutely must be able to forward mail, then you will want to
work with Google so they understand what you are doing, and allow this
mail to pass without blocking your system.  But I would still work on
blocking the spam from being received in the first place.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Do not forward spam

azurIt
>On 2013-09-20 09:42, azurIt wrote:
>> i'm having problems with spam forwarding - lot's of our users enabled
>> forwarding to gmail and every spam they receive is also forwarded.
>> Today gmail block us because of spam (which we were just forwarding,
>> not sending). Any tips how can i disable forwarding in case of a spam
>> (for example, when message has X-Spam-Status: Yes) ? Thanks.
>
>You may first want to look at why you are receiving the spam in the
>first place and not rejecting it.  There are many ways to fight this,
>much of which will come down to what your policies are regarding
>rejecting mail, false positives, etc.
>
>You could always turn off the ability of your users to forward mail to
>other services, problem solved.


This is not an option, we are offering commercial services and users demands this feature.



>If you absolutely must be able to forward mail, then you will want to
>work with Google so they understand what you are doing, and allow this
>mail to pass without blocking your system.  But I would still work on
>blocking the spam from being received in the first place.



Blocking emails based on spam filters are always wrong. Spam recognition will NEVER be 100%, there are always false positives. We are accepting all emails and filter them after. I just need to tell Postfix to NOT forward particular messages and only deliver them locally (for example, as mentioned before, based on headers).

azur
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Do not forward spam

Mehul Sanghvi
In reply to this post by azurIt

On Fri, Sep 20, 2013 at 10:42 AM, azurIt <[hidden email]> wrote:
Hi,

i'm having problems with spam forwarding - lot's of our users enabled forwarding to gmail and every spam they receive is also forwarded. Today gmail block us because of spam (which we were just forwarding, not sending). Any tips how can i disable forwarding in case of a spam (for example, when message has X-Spam-Status: Yes) ? Thanks.

azur


As a first line of defence, maybe use postscreen to cut down the spam before it reaches smtpd ? 

The postscreen documentation (http://www.postfix.org/POSTSCREEN_README.html) mentions four layers of defence, if you have some of that implemented, or all of it, you would be able to cut down on your incoming spam, before anything gets forwarded to Google or any other place.


cheers,

      mehul


--
Mehul N. Sanghvi
email: [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Do not forward spam

azurIt
> CC: [hidden email]
>On Fri, Sep 20, 2013 at 10:42 AM, azurIt <[hidden email]> wrote:
>
>> Hi,
>>
>> i'm having problems with spam forwarding - lot's of our users enabled
>> forwarding to gmail and every spam they receive is also forwarded. Today
>> gmail block us because of spam (which we were just forwarding, not
>> sending). Any tips how can i disable forwarding in case of a spam (for
>> example, when message has X-Spam-Status: Yes) ? Thanks.
>>
>> azur
>>
>
>
>As a first line of defence, maybe use postscreen to cut down the spam
>before it reaches smtpd ?
>
>The postscreen documentation (http://www.postfix.org/POSTSCREEN_README.html)
>mentions four layers of defence, if you have some of that implemented, or
>all of it, you would be able to cut down on your incoming spam, before
>anything gets forwarded to Google or any other place.


Looks fine but i NEED to deliver also spams locally, i just don't want to forward them away.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Do not forward spam

DTNX Postmaster
On Sep 20, 2013, at 18:21, azurIt <[hidden email]> wrote:

>> CC: [hidden email]
>> On Fri, Sep 20, 2013 at 10:42 AM, azurIt <[hidden email]> wrote:
>>
>>> Hi,
>>>
>>> i'm having problems with spam forwarding - lot's of our users enabled
>>> forwarding to gmail and every spam they receive is also forwarded. Today
>>> gmail block us because of spam (which we were just forwarding, not
>>> sending). Any tips how can i disable forwarding in case of a spam (for
>>> example, when message has X-Spam-Status: Yes) ? Thanks.
>>>
>>> azur
>>
>> As a first line of defence, maybe use postscreen to cut down the spam
>> before it reaches smtpd ?
>>
>> The postscreen documentation (http://www.postfix.org/POSTSCREEN_README.html)
>> mentions four layers of defence, if you have some of that implemented, or
>> all of it, you would be able to cut down on your incoming spam, before
>> anything gets forwarded to Google or any other place.
>
> Looks fine but i NEED to deliver also spams locally, i just don't want to forward them away.


No one 'needs' to deliver spam locally. On a properly configured system, the vast majority of spam bounces off the before-queue defenses, and never reaches the stage where a decision about forwarding or local storage needs to be made. If you are running into trouble with Gmail it is quite likely that you are accepting too much garbage from bots and zombies.

This is a problem you should solve at the earliest possible stage, which is where postscreen comes in. Read the documentation again, and understand why it should be part of your defenses.

If you think your problem can be solved using header checks, read the appropriate documentation;

http://www.postfix.org/header_checks.5.html

But really, start by cutting down on what you accept.

Mvg,
Joni

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Do not forward spam

azurIt
>On Sep 20, 2013, at 18:21, azurIt <[hidden email]> wrote:
>
>>> CC: [hidden email]
>>> On Fri, Sep 20, 2013 at 10:42 AM, azurIt <[hidden email]> wrote:
>>>
>>>> Hi,
>>>>
>>>> i'm having problems with spam forwarding - lot's of our users enabled
>>>> forwarding to gmail and every spam they receive is also forwarded. Today
>>>> gmail block us because of spam (which we were just forwarding, not
>>>> sending). Any tips how can i disable forwarding in case of a spam (for
>>>> example, when message has X-Spam-Status: Yes) ? Thanks.
>>>>
>>>> azur
>>>
>>> As a first line of defence, maybe use postscreen to cut down the spam
>>> before it reaches smtpd ?
>>>
>>> The postscreen documentation (http://www.postfix.org/POSTSCREEN_README.html)
>>> mentions four layers of defence, if you have some of that implemented, or
>>> all of it, you would be able to cut down on your incoming spam, before
>>> anything gets forwarded to Google or any other place.
>>
>> Looks fine but i NEED to deliver also spams locally, i just don't want to forward them away.
>
>
>No one 'needs' to deliver spam locally. On a properly configured system, the vast majority of spam bounces off the before-queue defenses, and never reaches the stage where a decision about forwarding or local storage needs to be made. If you are running into trouble with Gmail it is quite likely that you are accepting too much garbage from bots and zombies.
>
>This is a problem you should solve at the earliest possible stage, which is where postscreen comes in. Read the documentation again, and understand why it should be part of your defenses.
>
>If you think your problem can be solved using header checks, read the appropriate documentation;
>
>http://www.postfix.org/header_checks.5.html
>
>But really, start by cutting down on what you accept.



I don't believe in rejecting e-mails based on spam checks - there are and always be false positives. I will rather accept 100 spams than reject single legitimate e-mail message.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Do not forward spam

Robert Schetterer-2
In reply to this post by azurIt
Am 20.09.2013 18:12, schrieb azurIt:
> Blocking emails based on spam filters are always wrong. Spam recognition will NEVER be 100%, there are always false positives. We are accepting all emails and filter them after. I just need to tell Postfix to NOT forward particular messages and only deliver them locally (for example, as mentioned before, based on headers).
>
> azur

you might use amavis-new with quarantaine, so you might inspect
suspicious mails by human admins or the users themselfs for release or
reject, after all, my false postives rate with clamav/spamass milter is
nearly null ,about 10000 users , so thats good enough in real, if really
something goes wrong ( mail bounced at smtp income stage), sender may
contact postmaster ( configure some contact in the bounce notice ) fix
the problem




Best Regards
MfG Robert Schetterer

--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Do not forward spam

Robert Schetterer-2
In reply to this post by azurIt
Am 20.09.2013 19:31, schrieb azurIt:
> I don't believe in rejecting e-mails based on spam checks - there are and always be false positives. I will rather accept 100 spams than reject single legitimate e-mail message.

ok ,so why cry about your own decisions ?


Best Regards
MfG Robert Schetterer

--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Do not forward spam

DTNX Postmaster
In reply to this post by azurIt
On Sep 20, 2013, at 18:12, azurIt <[hidden email]> wrote:

>> On 2013-09-20 09:42, azurIt wrote:
>>> i'm having problems with spam forwarding - lot's of our users enabled
>>> forwarding to gmail and every spam they receive is also forwarded.
>>> Today gmail block us because of spam (which we were just forwarding,
>>> not sending). Any tips how can i disable forwarding in case of a spam
>>> (for example, when message has X-Spam-Status: Yes) ? Thanks.
>>
>> You may first want to look at why you are receiving the spam in the
>> first place and not rejecting it.  There are many ways to fight this,
>> much of which will come down to what your policies are regarding
>> rejecting mail, false positives, etc.
>>
>> You could always turn off the ability of your users to forward mail to
>> other services, problem solved.
>
> This is not an option, we are offering commercial services and users demands this feature.

Gmail offers POP3 retrieval, which is a perfectly servicable option if
users DEMAND every spam message, plus forwarding.

> Blocking emails based on spam filters are always wrong. Spam recognition will NEVER be 100%, there are always false positives. We are accepting all emails and filter them after. I just need to tell Postfix to NOT forward particular messages and only deliver them locally (for example, as mentioned before, based on headers).

Has it occurred to you that the reason lots of your users enable
forwarding to Gmail may be the fact that you accept everything? And
that they are essentially using Gmail as the spam filter they need
because of this?

You are creating this problem yourself. No spam filtering is 100%
without false positives, but properly configured before-queue defenses
generally cut out ~90% of the garbage you get from bots and zombies. Or
more, depending on how tight of a ship you can afford to run. It also
presents a traceable error path to any senders that may be caught with
their pants down because of configuration issues, compromised systems
and what have you.

This means that anything that actually reaches the stage where you
decide whether to store or forward is about 10% of what you are
accepting now, and much less likely to cause trouble with forwarding.

If you must do your own thing, figure out how to use the quarantine
features of your chosen content filtering software, and do forwarding
from there based on rules you specify. Or dig into the Postfix
documentation and figure out how you might achieve what you are after
without backscattering, or discarding mail.

Mvg,
Joni

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Do not forward spam

Kris Deugau
In reply to this post by azurIt
azurIt wrote:

> I don't believe in rejecting e-mails based on spam checks - there are and always be false positives. I will rather accept 100 spams than reject single legitimate e-mail message.

Spam volume these days is such that accepting, processing, and storing
**all** mail is becoming more and more unworkable, especially with a
situation like you're asking about where that stream of garbage is
forwarded out of your system to a system that *does* reject some volume
of spam (or blocks your system outright if you send them too much spam).

Depending on how you count, we reject anywhere from 50% to 90% of our
total mail volume based on a Spamhaus lookup.  Aside from an incident
where a Postini netblock got listed for a little while, I don't think I
recall *any* false positives over several years.

To more directly answer your original question, it would help if you
posted an overview of your mail flow.  It sounds like your forwarding is
done via alias rather than .forward or some similar processing on final
local delivery;  choosing a different place for your forwarding may help
cut the volume of forwarded spam.

-kgd
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Do not forward spam

lists@rhsoft.net
In reply to this post by azurIt

Am 20.09.2013 18:12, schrieb azurIt:
> Blocking emails based on spam filters are always wrong

says who?

> Spam recognition will NEVER be 100%

nothing will 100%, nowehere

> there are always false positives

yes, and there are some 100 times more spam

> We are accepting all emails and filter them after

than accept that you are considered as a spammer and backscatter

> I just need to tell Postfix to NOT forward particular messages

no, you need to realize that they way you are acting you are
considered as spammer for good reasons and the wrong handling
accepting anything is nothing postfix can fix after that
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Do not forward spam

Charles Marcus
In reply to this post by azurIt
On 2013-09-20 1:31 PM, azurIt [hidden email] wrote:
I don't believe in rejecting e-mails based on spam checks

Then don't allow blanket forwarders, or just accept it when someone blocks you for good cause because of your silly decisions.

- there are and always be false positives.

For CONTENT filter based spam checks, yes, certainly, but there are a ton of NON-CONTENT pre-queue anti-spam checks that will block or reject 90-95%+ of the garbage with a FP rate of as close to 100% as you can get, the best of which are available in postscreen.

Failure to take advantage of such options is just plain foolish.

I will rather accept 100 spams than reject single legitimate e-mail message.

Would you rather accept 1000 spams than reject one legitimate message? 10,000? A million?

If someone is using a server that is spewing out spam, I am absolutely happy to reject their LEGITIMATE mail unless/until they fix their server, as should anyone.

--

Best regards,

Charles
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Do not forward spam

azurIt
In reply to this post by Robert Schetterer-2
>Am 20.09.2013 19:31, schrieb azurIt:
>> I don't believe in rejecting e-mails based on spam checks - there are and always be false positives. I will rather accept 100 spams than reject single legitimate e-mail message.
>
>ok ,so why cry about your own decisions ?


Where exacly i was 'crying'? I was just friendly ASKING, if Postfix is able to _not_ forward a message based on it's headers.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Do not forward spam

azurIt
In reply to this post by Kris Deugau
>azurIt wrote:
>
>> I don't believe in rejecting e-mails based on spam checks - there are and always be false positives. I will rather accept 100 spams than reject single legitimate e-mail message.
>
>Spam volume these days is such that accepting, processing, and storing
>**all** mail is becoming more and more unworkable, especially with a
>situation like you're asking about where that stream of garbage is
>forwarded out of your system to a system that *does* reject some volume
>of spam (or blocks your system outright if you send them too much spam).
>
>Depending on how you count, we reject anywhere from 50% to 90% of our
>total mail volume based on a Spamhaus lookup.  Aside from an incident
>where a Postini netblock got listed for a little while, I don't think I
>recall *any* false positives over several years.
>
>To more directly answer your original question, it would help if you
>posted an overview of your mail flow.  It sounds like your forwarding is
>done via alias rather than .forward or some similar processing on final
>local delivery;  choosing a different place for your forwarding may help
>cut the volume of forwarded spam.



Thank you for a first post which tries to answer my original question.

I'm doing forwards with 'virtual_alias_maps'. I will be, probably, able to implement all forwarding features of postfix with, for example, maildrop but it will be really lots of work. But it's a good idea anyway, thanks.

azur
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Do not forward spam

azurIt
In reply to this post by DTNX Postmaster
>>> On 2013-09-20 09:42, azurIt wrote:
>>>> i'm having problems with spam forwarding - lot's of our users enabled
>>>> forwarding to gmail and every spam they receive is also forwarded.
>>>> Today gmail block us because of spam (which we were just forwarding,
>>>> not sending). Any tips how can i disable forwarding in case of a spam
>>>> (for example, when message has X-Spam-Status: Yes) ? Thanks.
>>>
>>> You may first want to look at why you are receiving the spam in the
>>> first place and not rejecting it.  There are many ways to fight this,
>>> much of which will come down to what your policies are regarding
>>> rejecting mail, false positives, etc.
>>>
>>> You could always turn off the ability of your users to forward mail to
>>> other services, problem solved.
>>
>> This is not an option, we are offering commercial services and users demands this feature.
>
>Gmail offers POP3 retrieval, which is a perfectly servicable option if
>users DEMAND every spam message, plus forwarding.
>
>> Blocking emails based on spam filters are always wrong. Spam recognition will NEVER be 100%, there are always false positives. We are accepting all emails and filter them after. I just need to tell Postfix to NOT forward particular messages and only deliver them locally (for example, as mentioned before, based on headers).
>
>Has it occurred to you that the reason lots of your users enable
>forwarding to Gmail may be the fact that you accept everything? And
>that they are essentially using Gmail as the spam filter they need
>because of this?



No, we have our own spam filters but they are NOT rejecting e-mails, only putting them in Spam folder. There are no complains about spam from users at all.



>You are creating this problem yourself. No spam filtering is 100%
>without false positives, but properly configured before-queue defenses
>generally cut out ~90% of the garbage you get from bots and zombies. Or
>more, depending on how tight of a ship you can afford to run. It also
>presents a traceable error path to any senders that may be caught with
>their pants down because of configuration issues, compromised systems
>and what have you.



We are, of course, not accepting every garbage:
smtpd_sender_restrictions =
 reject_non_fqdn_sender
 reject_unknown_sender_domain

I just meant that we are not rejecting e-mails based on spam filters.


>This means that anything that actually reaches the stage where you
>decide whether to store or forward is about 10% of what you are
>accepting now, and much less likely to cause trouble with forwarding.
>
>If you must do your own thing, figure out how to use the quarantine
>features of your chosen content filtering software, and do forwarding
>from there based on rules you specify. Or dig into the Postfix
>documentation and figure out how you might achieve what you are after
>without backscattering, or discarding mail.


We are not backscatters, our systems are configured correctly.



One note to all fans of 'spam filters rejecting' here: Did you even notice that NO ONE of big e-mail providers are rejecting messages based on standard spam filter techniques? Google, Yahoo, Microsoft, AT&T, ... No one is doing it, most of them have developed their own filtering systems and you must be really big spammer to be blocked permanently. The best of them is Google, just try their filters and you will see (even blocking which was used to us was targeted only to particular messages).
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Do not forward spam

Wietse Venema
In reply to this post by azurIt
azurIt:
> I was just friendly ASKING, if Postfix is able to _not_ forward a
> message based on it's headers.

Assumung that these headers are added by a spam filter, this would
require a Milter plugin that examines messages after your spam
filter, and that dynamically adds a forwarding address to the message
envelope (i.e. in addition to the existing local mailbox address).

Milters can be implemented in a variety of languages including
Perl and Python. If all they do is inspect message headers, then
the performance impact should be limited.

        Wietse
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Do not forward spam

lists@rhsoft.net
In reply to this post by azurIt
Am 20.09.2013 22:03, schrieb azurIt:
> One note to all fans of 'spam filters rejecting' here: Did you even notice that
> NO ONE of big e-mail providers are rejecting messages based on standard spam filter techniques?
> Google, Yahoo, Microsoft, AT&T, ... No one is doing it, most of them have developed their own
> filtering systems and you must be really big spammer to be blocked permanently.
> The best of them is Google, just try their filters and you will see (even blocking which
> was used to us was targeted only to particular messages)

that must be why you started this with "Today gmail block us because of spam (which we were
just forwarding, not sending)" :-)

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Do not forward spam

azurIt
>Am 20.09.2013 22:03, schrieb azurIt:
>> One note to all fans of 'spam filters rejecting' here: Did you even notice that
>> NO ONE of big e-mail providers are rejecting messages based on standard spam filter techniques?
>> Google, Yahoo, Microsoft, AT&T, ... No one is doing it, most of them have developed their own
>> filtering systems and you must be really big spammer to be blocked permanently.
>> The best of them is Google, just try their filters and you will see (even blocking which
>> was used to us was targeted only to particular messages)
>
>that must be why you started this with "Today gmail block us because of spam (which we were
>just forwarding, not sending)" :-)
>


Please read my whole message. Thank you.
12
Loading...