Pt cei ce au servere - cum sa reduceti mesajele spam.

[Netul]

Poate va e de ajutor in reducerea mesajelor spam.
Trebuie sa aveti acces la server. Aceste setari sunt la nivel global, adica nu trebuie sa scrieti aceste randuri la fiecare cont. Regulile se aplica tuturor conturilor gazduite pe server.

Deschideti fisierul /etc/antivirus.exim
Adaugati la sfarsit:

# START
# Filters all incoming an outgoing mail

logfile /var/log/filter.log 0644
## Common Spam

if
# Header Spam
$header_subject: contains "Pharmaceutical"
or $header_subject: contains "Viagra"
or $header_subject: contains "Penis"
or $header_subject: contains "Pen!s"
or $header_subject: contains "Cialis"
or $header_subject: is "The Ultimate Online Pharmaceutical"
or $header_subject: contains "***SPAM***"
or $header_subject: contains "[SPAM]"
or $header_subject: contains "ephedra"
or $header_subject: contains "microcap"
or $header_subject: contains "slimmer"
or $header_subject: contains "mortgage"
or $header_subject: contains "t-shirts"
or $header_subject: contains "refinance"
or $header_subject: contains "0em"
or $header_subject: contains "oem"
or $header_subject: contains "herb"
or $header_subject: contains "4ve"
or $header_subject: contains "s0ftw4re"
or $header_subject: contains "0ff"
or $header_subject: contains "overdose"
or $header_subject: contains "%o!<"


# Body Spam
or $message_body: contains "Cialis"
or $message_body: contains "Viagra"
or $message_body: contains "V!agra"
or $message_body: contains "Leavitra"
or $message_body: contains "St0ck"
or $message_body: contains "Viaagrra"
or $message_body: contains "s'e_xual"
or $message_body: contains "Cia1iis"
or $message_body: contains "URGENT BUSINESS PROPOSAL"
or $message_body matches "angka[^s]+[net|com|org|biz|info|us|name]+?"
or $message_body matches "v(i|1)agra|vag(i|1)n(a|4)|pen( i|1)s|asu|seks|l(o|0)l(i|1)ta|dewacolok"



then
# Log Message - SENDS RESPONSE BACK TO SENDER
# SUGGESTED TO LEAVE OFF to prevent fail loops
# and more work for the mail system
#fail text "Message has been rejected because it hasn
# triggered our central filter."
logwrite "$tod_log $message_id from $sender_address contained spam keywords"

seen finish
endif


# END
# Filters all incoming an outgoing mail


# START
# All outgoing mail on the server only - what is sent out

#Check forwarders so it doesn't get blocked
#Forwarders still work =)

## FINANCIAL FAKE SENDERS
## Log all outgoing mail from server that matches rules
logfile /var/log/filter.log 0644
if (
$received_protocol is "local" or
$received_protocol is "esmtpa"
) and (
$header_from contains "@citibank.com" or
$header_from contains "@bankofamerica.com" or
$header_from contains "@wamu.com" or
$header_from contains "@ebay.com" or
$header_from contains "@chase.com" or
$header_from contains "@paypal.com" or
$header_from contains "@wellsfargo.com" or
$header_from contains "@bankunited.com" or
$header_from contains "@bankerstrust.com" or
$header_from contains "@bankfirst.com" or
$header_from contains "@capitalone.com" or
$header_from contains "@citizensbank.com" or
$header_from contains "@jpmorgan.com" or
$header_from contains "@wachovia.com" or
$header_from contains "@bankone.com" or
$header_from contains "@suntrust.com" or
$header_from contains "@amazon.com" or
$header_from contains "@banksecurity.com" or
$header_from contains "@visa.com" or
$header_from contains "@mastercard.com" or
$header_from contains "@mbna.com"
)
then
logwrite "$tod_log $message_id from $sender_address is fraud"
seen finish
endif

## OTHER FAKE SENDERS SPAM
## Enable this to prevent users using @domain from addresses
## Not recommended since users do use from addresses not on the server
## Log all outgoing mail from server that matches rules
logfile /var/log/filter.log 0644
if (
$received_protocol is "local" or
$received_protocol is "esmtpa"
) and (
$header_from contains "@hotmail.com" or
$header_from contains "@yahoo.com" or
$header_from contains "@aol.com"


)
then
logwrite "$tod_log $message_id from $sender_address is forged fake"
seen finish
endif



## KNOWN FAKE PHISHING
### Log all outgoing mail from server that matches rules
logfile /var/log/filter.log 0644
if (
$received_protocol is "local" or
$received_protocol is "esmtpa"
) and (
#Paypal
$message_body: contains "Dear valued PayPal member" or
$message_body: contains "Dear valued PayPal customer" or
$message_body: contains "Dear Paypal" or
$message_body: contains "The PayPal Team" or
$message_body: contains "Dear Paypal Customer" or
$message_body: contains "Paypal Account Review Department" or


#Ebay
$message_body: contains "Dear eBay member" or
$message_body: contains "Dear eBay User" or
$message_body: contains "The eBay team" or
$message_body: contains "Dear eBay Community Member" or


#Banks
$message_body: contains "Dear Charter One Customer" or
$message_body: contains "Dear wamu.com customer" or
$message_body: contains "Dear valued Citizens Bank member" or
$message_body: contains "Dear Visa" or
$message_body: contains "Dear Citibank" or
$message_body: contains "Citibank Email" or
$message_body: contains "Dear customer of Chase Bank" or
$message_body: contains "Dear Bank of America customer" or


#ISPs
$message_body: contains "Dear AOL Member" or
$message_body: contains "Dear AOL Customer"


)
then
logwrite "$tod_log $message_id from $sender_address is phishing"
seen finish
endif

# END
# All outgoing mail on the server only - what is sent out

-------------------------------

Bineinteles, puteti adauga si voi mai multe filtre.
Sistemul chiar merge. Am testat, trimitind de pe alta adresa un mesaj cu niste oferte de "viagra" si nu am primit nici un mesaj, a fost automat sters.

Sper sa va fie de ajutor.

[Savage]

nici macar nu am acest fisier, ce program il foloseste, sorry, dar chiar nu imi dau seama... mai multe detalii ar fi indicat!

[Netul]

Trebuie sa ai acces direct la server. Ai?
Eu am instalat CentOS, poate la alte sisteme de operare difera directoarele.
Vezi ca ma refeream la fisierul din /root/etc/antivirus.exim si nu la cel din /home/contul-tau/etc/ , poate ai cautat in cel de al doilea.
Ieri am adaugat chestia aia si pot sa zic ca s-a redus considerabil nr de mesaje spam. Dar ai grija ce filtre pui pt ca efectul e pe tot serverul, pt toti clientii gazduiti pe server. Poate unii chiar au nevoie de viagra si o sa se intrebe de ce nu primesc mail

[dacian]

Netul , tutorialul tau e bun dar trebuia sa specifici si ce antivirus folosesti pentru serverul de mail ( si sa nu uitam ce server de mail ) .Si inca ceva , serverul tau de mail ruleaza cu drepturi de root ? Daca da atunci sa stii ca nu e bine Serverul meu de mail ruleaza sub userul lui si directorul etc are o alta cale

[Netul]

Sunt curios la altii daca ati implementat ce am scris mai sus si s-au vazut rezultate. La mine sincer simt diferenta. Inainte primeam cel putin 30 mailuri spam, acum primesc mai putin de jumate.

[Netul]

Folosesc si ConfigServer Security & Firewall - www.configserver.ro
Pt mail: exim

[dacian]

Eu la serverul de mail folosesc qmail cu spamassasin si clam antivirus , sistemul de operare este si la mine tot CentOS.

[stefan]

Cei care au Debian, pot incerca acest tutorial. Partea de anti-spam este eficienta dar, din pacate, nu stiu in ce masura poate fi implementata pe serverele shared care nu au root access. Eu folosesc solutia pe un server dedicat si sunt multumit.
Netul, vad ca ai firma de hosting... Parerea mea este ca daca folosesti solutia din link o sa reduci si mai mult mesajele spam. Cred ca merita sa incerci.. eventual pe un server de test si dupa aia sa ne zici si noua care sunt diferentele .

[Tomoiaga]

/etc/antivirus.exim e prezent doar daca ai cPanel pe server. Plesk foloseste QMail de exemplu.
Ce ma ajuta pe mine mult: filtre pe HELO (ajuta foarte mult) + greylist (selectiv) + RBL,SBL etc + MailScanner/Spamassassin.
Doar la HELO si Greylist se filtreaza aproximativ 70% din spam.
Exemplu de filtru simplu pe care nu l-am gasit in tutorialele de pe net (inca nu stiu de ce):
if helo=cuvant si client nu e autentificat: pune-l in greylist.
Clientii, majoritatea au la HELO numele calculatorului (in nici un caz host) iar cei ce spameaza profita de asta.