spam from own email address

classic Classic list List threaded Threaded
30 messages Options
12
Reply | Threaded
Open this post in threaded view
|

spam from own email address

Ian Jones
Hello,

I am getting emails like the one below, in which the header from is my own address. The emails contain text in a jpg image and claims my account has been hacked and demands $1000 paid to a bitcoin account. I would like to find a way to reject emails from my own addresses except from my own servers, but so far I have not succeeded. :-( The relevant parts of my configuration are below. I am probably duplicating some actions, since I have recently added restrictions in the hope of preventing these emails.

Assistance would be appreciated!

Regards

Ian

smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        check_helo_access hash:/etc/postfix/helo_access,
        reject_invalid_hostname,
        reject_non_fqdn_helo_hostname,
        permit
smtpd_recipient_restrictions =
        reject_unauth_pipelining,
        reject_non_fqdn_recipient,
        reject_unknown_recipient_domain,
        permit_mynetworks,
        permit_sasl_authenticated,
        #permit_auth_destination, #Use only for testing!
        reject_unauth_destination,
        check_recipient_access hash:/etc/postfix/recipient_access,
        permit
policy-spf_time_limit = 3600s
smtpd_client_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        check_helo_access hash:/etc/postfix/helo_access,
        reject_unauth_destination,
        check_policy_service unix:private/policy-spf,
        reject_rbl_client zen.spamhaus.org,
        reject_rbl_client all.spam-rbl.fr,
        reject_rbl_client cbl.abuseat.org,
        reject_rbl_client bl.blocklist.de,
        reject_unknown_client

smtpd_sender_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_sender_login_mismatch,
        reject_unauth_pipelining,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain,
        reject_unlisted_sender,
        check_sender_access hash:/etc/postfix/sender_access,
        permit




Return-Path: [hidden email]
X-Original-To: [hidden email]
Delivered-To: [hidden email]
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=91.102.224.58; helo=mail.adacity.net; [hidden email]; receiver=<UNKNOWN>
Authentication-Results: red0.crumjones.net; dmarc=none (p=none dis=none) header.from=iljones.net
Authentication-Results: red0.crumjones.net; spf=pass [hidden email]
Authentication-Results: red0.crumjones.net; dkim=none; dkim-atps=neutral
Received: from mail.adacity.net (mail.adacity.net [91.102.224.58]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by red0.crumjones.net (Postfix) with ESMTPS id 0D076C01C1 for [hidden email]; Tue, 23 Apr 2019 08:47:30 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by mail.adacity.net (Postfix) with ESMTP id 4308018AE31D for [hidden email]; Tue, 23 Apr 2019 14:25:04 +0200 (CEST)
Received: from mail.adacity.net ([127.0.0.1]) by localhost (mail.adacity.net [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id aB8mQQGGkYlX for [hidden email]; Tue, 23 Apr 2019 14:25:03 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by mail.adacity.net (Postfix) with ESMTP id E25A565F570 for [hidden email]; Tue, 23 Apr 2019 13:20:13 +0200 (CEST)
X-Virus-Scanned: amavisd-new at mail.adacity.net
Received: from mail.adacity.net ([127.0.0.1]) by localhost (mail.adacity.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id fkEgjqwfsnrz for [hidden email]; Tue, 23 Apr 2019 13:20:13 +0200 (CEST)
Received: from [host114.190-226-46.telecom.net.ar] (host117.190-226-46.telecom.net.ar [190.226.46.117]) by mail.adacity.net (Postfix) with ESMTPSA id 3FB5D1761420 for [hidden email]; Tue, 23 Apr 2019 12:30:07 +0200 (CEST)
X-CSA-Complaints: [hidden email]
Message-ID: [hidden email]
List-Subscribe: <https://adacity.net/lists/?p=subscribe>
Errors-To: [hidden email]
X-Abuse-Reports-To: [hidden email]
Date: Tue, 23 Apr 2019 12:30:09 +0200
Abuse-Reports-To: [hidden email]
Subject: pmlco
Content-Type: multipart/related; boundary="81736114377633610-DEDDA362CBDF286C47"
MIME-Version: 1.0
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-Sender: [hidden email]
To: [hidden email]
List-Unsubscribe: [hidden email],
List-ID: <335211.adacity.net>
User-Agent: Outlook 260/wryuw
From: [hidden email]



Reply | Threaded
Open this post in threaded view
|

Re: spam from own email address

Nick Howitt
On 23/04/2019 15:02, Ian Jones wrote:

> Hello,
>
> I am getting emails like the one below, in which the header from is my
> own address. The emails contain text in a jpg image and claims my
> account has been hacked and demands $1000 paid to a bitcoin account. I
> would like to find a way to reject emails from my own addresses except
> from my own servers, but so far I have not succeeded. :-( The relevant
> parts of my configuration are below. I am probably duplicating some
> actions, since I have recently added restrictions in the hope of
> preventing these emails.
>
> Assistance would be appreciated!
>
> Regards
>
> Ian
>
> smtpd_delay_reject = yes
> smtpd_helo_required = yes
> smtpd_helo_restrictions =
>         permit_mynetworks,
>         permit_sasl_authenticated,
>         check_helo_access hash:/etc/postfix/helo_access,
>         reject_invalid_hostname,
>         reject_non_fqdn_helo_hostname,
>         permit
> smtpd_recipient_restrictions =
>         reject_unauth_pipelining,
>         reject_non_fqdn_recipient,
>         reject_unknown_recipient_domain,
>         permit_mynetworks,
>         permit_sasl_authenticated,
>         #permit_auth_destination, #Use only for testing!
>         reject_unauth_destination,
>         check_recipient_access hash:/etc/postfix/recipient_access,
>         permit
> policy-spf_time_limit = 3600s
> smtpd_client_restrictions =
>         permit_mynetworks,
>         permit_sasl_authenticated,
>         check_helo_access hash:/etc/postfix/helo_access,
>         reject_unauth_destination,
>         check_policy_service unix:private/policy-spf,
>         reject_rbl_client zen.spamhaus.org,
>         reject_rbl_client all.spam-rbl.fr,
>         reject_rbl_client cbl.abuseat.org,
>         reject_rbl_client bl.blocklist.de,
>         reject_unknown_client
>
> smtpd_sender_restrictions =
>         permit_sasl_authenticated,
>         permit_mynetworks,
>         reject_sender_login_mismatch,
>         reject_unauth_pipelining,
>         reject_non_fqdn_sender,
>         reject_unknown_sender_domain,
>         reject_unlisted_sender,
>         check_sender_access hash:/etc/postfix/sender_access,
>         permit
>
>
>
>
> Return-Path: <[hidden email]>
> X-Original-To: [hidden email]
> Delivered-To: [hidden email]
> Received-SPF: Pass (mailfrom) identity=mailfrom;
> client-ip=91.102.224.58; helo=mail.adacity.net;
> envelope-from=[hidden email]; receiver=<UNKNOWN>
> Authentication-Results: red0.crumjones.net; dmarc=none (p=none
> dis=none) header.from=iljones.net
> Authentication-Results: red0.crumjones.net; spf=pass
> smtp.mailfrom=[hidden email]
> Authentication-Results: red0.crumjones.net; dkim=none; dkim-atps=neutral
> Received: from mail.adacity.net (mail.adacity.net [91.102.224.58])
> (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client
> certificate requested) by red0.crumjones.net (Postfix) with ESMTPS id
> 0D076C01C1 for <[hidden email]>; Tue, 23 Apr 2019 08:47:30 -0400 (EDT)
> Received: from localhost (localhost [127.0.0.1]) by mail.adacity.net
> (Postfix) with ESMTP id 4308018AE31D for <[hidden email]>; Tue, 23
> Apr 2019 14:25:04 +0200 (CEST)
> Received: from mail.adacity.net ([127.0.0.1]) by localhost
> (mail.adacity.net [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id
> aB8mQQGGkYlX for <[hidden email]>; Tue, 23 Apr 2019 14:25:03 +0200
> (CEST)
> Received: from localhost (localhost [127.0.0.1]) by mail.adacity.net
> (Postfix) with ESMTP id E25A565F570 for <[hidden email]>; Tue, 23
> Apr 2019 13:20:13 +0200 (CEST)
> X-Virus-Scanned: amavisd-new at mail.adacity.net
> Received: from mail.adacity.net ([127.0.0.1]) by localhost
> (mail.adacity.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id
> fkEgjqwfsnrz for <[hidden email]>; Tue, 23 Apr 2019 13:20:13 +0200
> (CEST)
> Received: from [host114.190-226-46.telecom.net.ar]
> (host117.190-226-46.telecom.net.ar [190.226.46.117]) by
> mail.adacity.net (Postfix) with ESMTPSA id 3FB5D1761420 for
> <[hidden email]>; Tue, 23 Apr 2019 12:30:07 +0200 (CEST)
> X-CSA-Complaints: [hidden email]
> Message-ID: <ik78p8ezfq47$5o713nzm$0g2b55t2$@adacity.net>
> List-Subscribe: <https://adacity.net/lists/?p=subscribe>
> Errors-To: [hidden email]
> X-Abuse-Reports-To: [hidden email]
> Date: Tue, 23 Apr 2019 12:30:09 +0200
> Abuse-Reports-To: <[hidden email]>
> Subject: pmlco
> Content-Type: multipart/related;
> boundary="81736114377633610-DEDDA362CBDF286C47"
> MIME-Version: 1.0
> X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
> X-Sender: <[hidden email]>
> To: [hidden email]
> List-Unsubscribe:
> <mailto:[hidden email]>,
> List-ID: <335211.adacity.net>
> User-Agent: Outlook 260/wryuw
> From: [hidden email]
>
>
>
>
I was trying to sort the same issue in this thread:
http://postfix.1071664.n5.nabble.com/Is-it-possible-to-use-header-checks-on-multiple-headers-tp101022.html

This reply:
http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=user_nodes&user=6129 
looks really interesting but I have not had the time to try it out yet.

Nick


Reply | Threaded
Open this post in threaded view
|

Re: spam from own email address

Wietse Venema
In reply to this post by Ian Jones
Ian Jones:

> Hello,
>
> I am getting emails like the one below, in which the header from is my
> own address. The emails contain text in a jpg image and claims my
> account has been hacked and demands $1000 paid to a bitcoin account. I
> would like to find a way to reject emails from my own addresses except
> from my own servers, but so far I have not succeeded. :-( The relevant
> parts of my configuration are below. I am probably duplicating some
> actions, since I have recently added restrictions in the hope of
> preventing these emails.

I have not seen bitcoin ransom email sent from 'myself' after I
started requiring that the From: header with my email address also
contains my full name.

PCRE header_checks entry:

if /^From:.+\buser@example\.com\b/
!/Firstname Lastname|Cron Daemon/ reject 4.7.1 forged sender address in From: message header: [hidden email]
endif

With of course suitable values for the email address and fullname.

The 4.7.1 is for safety. If the client is a spambot they won't come
back, but if the client keeps coming back, then the email might be
legitimate and it may be time to update the pattern (like I had to
add 'Cron Daemon'). This is why this approach works only for small
domains.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: spam from own email address

Kevin A. McGrail
In reply to this post by Ian Jones
On 4/23/2019 10:02 AM, Ian Jones wrote:
> I am getting emails like the one below, in which the header from is my
> own address.

Ian, are you using Apache SpamAssassin or something in the mix?  I've
published a lot of rules for these sexploitation scams in KAM.cf and
with an SPF record, you really shouldn't get these in your inbox.


Regards,

KAM

Reply | Threaded
Open this post in threaded view
|

Re: spam from own email address

Paul C
Yes I agree with Kevin here, the best solution to this problem is an spf record set to reject mail from any ip that’s not in your allowed list of ips for your domain. Forging a from address is very easy and is one of the main purposes of why spf was created.

Sent from my iPhone

> On Apr 23, 2019, at 11:26 AM, Kevin A. McGrail <[hidden email]> wrote:
>
>> On 4/23/2019 10:02 AM, Ian Jones wrote:
>> I am getting emails like the one below, in which the header from is my
>> own address.
>
> Ian, are you using Apache SpamAssassin or something in the mix?  I've
> published a lot of rules for these sexploitation scams in KAM.cf and
> with an SPF record, you really shouldn't get these in your inbox.
>
>
> Regards,
>
> KAM
>
Reply | Threaded
Open this post in threaded view
|

Re: spam from own email address

Wietse Venema
Paul:
> Yes I agree with Kevin here, the best solution to this problem is
> an spf record set to reject mail from any ip that?s not in your
> allowed list of ips for your domain. Forging a from address is
> very easy and is one of the main purposes of why spf was created.

How does SPF block an address in the From: header (see original post
in this thread).

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: spam from own email address

John Peach
In reply to this post by Paul C
On 4/23/19 11:39 AM, Paul wrote:
> Yes I agree with Kevin here, the best solution to this problem is an spf record set to reject mail from any ip that’s not in your allowed list of ips for your domain. Forging a from address is very easy and is one of the main purposes of why spf was created.

There is no need to go to those lengths - assuming that all your own
email is being submitted over port 587, include -o
receive_override_options=no_header_body_checks in the master.cf entry
for submission and use a PCRE header checks file for port 25.

/^From:.*\@example\.com/    REJECT

>
> Sent from my iPhone
>
>> On Apr 23, 2019, at 11:26 AM, Kevin A. McGrail <[hidden email]> wrote:
>>
>>> On 4/23/2019 10:02 AM, Ian Jones wrote:
>>> I am getting emails like the one below, in which the header from is my
>>> own address.
>>
>> Ian, are you using Apache SpamAssassin or something in the mix?  I've
>> published a lot of rules for these sexploitation scams in KAM.cf and
>> with an SPF record, you really shouldn't get these in your inbox.
>>
>>
>> Regards,
>>
>> KAM
>>




--
John
PGP Public Key: 412934AC
Reply | Threaded
Open this post in threaded view
|

Re: spam from own email address

Ralph Seichter-2
* John Peach:

> /^From:.*\@example\.com/ REJECT

This header check will not catch the envelope sender, so I suggest
adding "check_sender_access pcre:/path/to/sender_access" to the mix
(file content according to your needs, of course).

-Ralph
Reply | Threaded
Open this post in threaded view
|

Re: spam from own email address

John Peach
On 4/23/19 11:54 AM, Ralph Seichter wrote:
> * John Peach:
>
>> /^From:.*\@example\.com/ REJECT
>
> This header check will not catch the envelope sender, so I suggest
> adding "check_sender_access pcre:/path/to/sender_access" to the mix
> (file content according to your needs, of course).

It is not meant to catch the envelope sender. That should be in your
normal checks. This is specifically for the data From:, which is what
these are using.


>
> -Ralph
>




--
John
PGP Public Key: 412934AC
Reply | Threaded
Open this post in threaded view
|

Re: spam from own email address

Ian Jones

Thanks for all the suggestions:

- I have an SPF record, but postfix not rejecting these, presumably because the enveloper sender is valid

- I am not using SpamAssassin, but I'm coming round to the idea!

- John: this idea seems simple and effective, I will give it a try.

Many thanks,

Ian

Le 23/04/2019 à 18:02, John Peach a écrit :
On 4/23/19 11:54 AM, Ralph Seichter wrote:
* John Peach:

/^From:.*\@example\.com/ REJECT

This header check will not catch the envelope sender, so I suggest
adding "check_sender_access pcre:/path/to/sender_access" to the mix
(file content according to your needs, of course).

It is not meant to catch the envelope sender. That should be in your normal checks. This is specifically for the data From:, which is what these are using.



-Ralph





Reply | Threaded
Open this post in threaded view
|

Re: spam from own email address

Benny Pedersen-2
In reply to this post by Kevin A. McGrail
Kevin A. McGrail skrev den 2019-04-23 17:26:
> On 4/23/2019 10:02 AM, Ian Jones wrote:
>> I am getting emails like the one below, in which the header from is my
>> own address.
>
> Ian, are you using Apache SpamAssassin or something in the mix?  I've
> published a lot of rules for these sexploitation scams in KAM.cf and
> with an SPF record, you really shouldn't get these in your inbox.

// maintainer hat on

why are this rules not added to spamasassin core :(

\\ maintainer hat off

or atleast a real spamassassin channel repo

blacklist_from [hidden email]
whitelist_auth [hidden email]

if both hits, i neutralize scores, but only if both hits

or keep it just blacklist, but do skip milters in postfix when sender ip
is maillist ip, works well for me :=)

reject local domains as envelope senders in mta stage is a must
Reply | Threaded
Open this post in threaded view
|

Re: spam from own email address

Benny Pedersen-2
In reply to this post by John Peach

> It is not meant to catch the envelope sender. That should be in your
> normal checks. This is specifically for the data From:, which is what
> these are using.

this will reject maillist posttings of your own

unless the maillists takes over From: header and claims maillists breaks
spf and dkim / dmarc, with all the no needed mess with it, now in future
openarc will seel it so opendmarc does not reject mangled mails on
maillist

we all wins :(
Reply | Threaded
Open this post in threaded view
|

Re: spam from own email address

Kevin A. McGrail
In reply to this post by Benny Pedersen-2
On 4/23/2019 12:20 PM, Benny Pedersen wrote:
> // maintainer hat on
>
> why are this rules not added to spamasassin core :(
>
Because masscheck and rule qa takes too long for the purposes we need
the rules for.

> \\ maintainer hat off
>
> or atleast a real spamassassin channel repo

Time/money/energy for a solution that doesn't benefit our firm which has
provided the rules at no charge to the world for ~15 years.

We are always looking for sponsors to help with the work though.

Regards,

KAM

Reply | Threaded
Open this post in threaded view
|

Re: spam from own email address

Ralph Seichter-2
In reply to this post by John Peach
* John Peach:

> It is not meant to catch the envelope sender. That should be in your
> normal checks.

Which is why I mentioned check_sender_access as an addition, for the
OP's benefit.

-Ralph
Reply | Threaded
Open this post in threaded view
|

Re: spam from own email address

Bernardo Reino
In reply to this post by Ian Jones
On Tue, 23 Apr 2019, Ian Jones wrote:

> I am getting emails like the one below, in which the header from is my own
> address. The emails contain text in a jpg image and claims my account has
> been hacked and demands $1000 paid to a bitcoin account. I would like to find
> a way to reject emails from my own addresses except from my own servers, but
> so far I have not succeeded. :-( The relevant parts of my configuration are
> below. I am probably duplicating some actions, since I have recently added
> restrictions in the hope of preventing these emails.

In case you find this interesting, I think most such e-mails always
include a bogus List-Id header. Given that the number of mailing lists
(and hence possible valid List-Id fields) is usually limited and rather
static, one could use header checks to implement a kind of white list for
this.

(I haven't tried this myself, since I rarely receive such e-mails, and
just can just delete them..)

Cheers.

Reply | Threaded
Open this post in threaded view
|

Re: spam from own email address

Bill Cole-3
In reply to this post by John Peach
On 23 Apr 2019, at 11:46, John Peach wrote:

> On 4/23/19 11:39 AM, Paul wrote:
>> Yes I agree with Kevin here, the best solution to this problem is an
>> spf record set to reject mail from any ip that’s not in your
>> allowed list of ips for your domain. Forging a from address is very
>> easy and is one of the main purposes of why spf was created.
>
> There is no need to go to those lengths - assuming that all your own
> email is being submitted over port 587, include -o
> receive_override_options=no_header_body_checks in the master.cf entry
> for submission and use a PCRE header checks file for port 25.
>
> /^From:.*\@example\.com/    REJECT
>

So you don't want to accept messages you or anyone else in your domain
posts to a mailing list such as this one?

Seems risky...

--
Bill Cole
[hidden email] or [hidden email]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole
Reply | Threaded
Open this post in threaded view
|

Re: spam from own email address

lists@lazygranch.com
In reply to this post by Ian Jones
I would investigate using rspamd rather than spamassassin. At the moment I run neither since I have settled upon a nice mix of RBLs and check the reverse pointer. That Perl code to get rid of dynamic domains really helps nuke spammers.

Spamassassin tends to use a lot of memory. When I was using it, I had it on a rather memory limited VPS and actually needed to use VM.

I get a fake email from my address about once a week. I can tolerate that. 

Sent: April 23, 2019 9:11 AM
Subject: Re: spam from own email address

Thanks for all the suggestions:

- I have an SPF record, but postfix not rejecting these, presumably because the enveloper sender is valid

- I am not using SpamAssassin, but I'm coming round to the idea!

- John: this idea seems simple and effective, I will give it a try.

Many thanks,

Ian

Le 23/04/2019 à 18:02, John Peach a écrit :
On 4/23/19 11:54 AM, Ralph Seichter wrote:
* John Peach:

/^From:.*\@example\.com/ REJECT

This header check will not catch the envelope sender, so I suggest
adding "check_sender_access pcre:/path/to/sender_access" to the mix
(file content according to your needs, of course).

It is not meant to catch the envelope sender. That should be in your normal checks. This is specifically for the data From:, which is what these are using.



-Ralph





Reply | Threaded
Open this post in threaded view
|

Re: spam from own email address

Phil Stracchino
On 4/23/19 2:40 PM, lists wrote:
> I would investigate using rspamd rather than spamassassin. At the moment
> I run neither since I have settled upon a nice mix of RBLs and check the
> reverse pointer. That Perl code to get rid of dynamic domains really
> helps nuke spammers.
>
> Spamassassin tends to use a lot of memory. When I was using it, I had it
> on a rather memory limited VPS and actually needed to use VM.


I'm using rspamd myself, though it's clear I still have a lot to learn
about configuring and training it.  I used to use DSpam, and was getting
excellent results with it — something over 99.97% accuracy — but it was
abandoned and eventually became unmaintainable.


--
  Phil Stracchino
  Babylon Communications
  [hidden email]
  [hidden email]
  Landline: +1.603.293.8485
  Mobile:   +1.603.998.6958
Reply | Threaded
Open this post in threaded view
|

Re: spam from own email address

lists@lazygranch.com
All these filtering schemes are like the old Christmas tree lights where if one bulb fails, the whole thing stops working. Well sort of. I believe the RBLs can fail, say time out, and postfix keeps working. My point though is you need to consider the possibility of the mail server going down due to too many tools in the chain.

I run on a VPS. I have a single point of failure. I manage the server and really don't want to drop everything to fix a clogged email queue. (Amavisd would do that to me.) I may not have a computer handy.

You will never achieve spam blocking perfection, and false positives are an issue. I would just mark the email as spam when I ran spamassassin, so I ended up looking at the spam email anyway.






          Original Message  



From: [hidden email]
Sent: April 23, 2019 11:50 AM
To: [hidden email]
Subject: Re: spam from own email address


On 4/23/19 2:40 PM, lists wrote:
> I would investigate using rspamd rather than spamassassin. At the moment
> I run neither since I have settled upon a nice mix of RBLs and check the
> reverse pointer. That Perl code to get rid of dynamic domains really
> helps nuke spammers.
>
> Spamassassin tends to use a lot of memory. When I was using it, I had it
> on a rather memory limited VPS and actually needed to use VM.


I'm using rspamd myself, though it's clear I still have a lot to learn
about configuring and training it.  I used to use DSpam, and was getting
excellent results with it — something over 99.97% accuracy — but it was
abandoned and eventually became unmaintainable.


--
  Phil Stracchino
  Babylon Communications
  [hidden email]
  [hidden email]
  Landline: +1.603.293.8485
  Mobile:   +1.603.998.6958
Reply | Threaded
Open this post in threaded view
|

Re: spam from own email address

John Stoffel-2
In reply to this post by Phil Stracchino
>>>>> "Phil" == Phil Stracchino <[hidden email]> writes:

Phil> On 4/23/19 2:40 PM, lists wrote:
>> I would investigate using rspamd rather than spamassassin. At the moment
>> I run neither since I have settled upon a nice mix of RBLs and check the
>> reverse pointer. That Perl code to get rid of dynamic domains really
>> helps nuke spammers.
>>
>> Spamassassin tends to use a lot of memory. When I was using it, I had it
>> on a rather memory limited VPS and actually needed to use VM.

Phil> I'm using rspamd myself, though it's clear I still have a lot to
Phil> learn about configuring and training it.  I used to use DSpam,
Phil> and was getting excellent results with it — something over
Phil> 99.97% accuracy — but it was abandoned and eventually became
Phil> unmaintainable.

I used to use dspam too and it worked great.  Then when I setup my own
VPS and postfix I tried using rspam, but I ended up dropping it
because it never seemed to actually work.  Once I put spamassassin in
place, it just got better.  It's still not perfect of course... but
not terrible either.

John

12