Personal tools
Document Actions
Mailsetup
Describes current SPI mailsetup
Mail Exchanger
Main MX is chic.spi-inc.org, backup is frida.spi-inc.org
Both run postfix form backports.org, greylisting with postgrey, Virus-and mailscanning through amavisd-new and spamassassin and policyd-weight for the DNS Blacklist and HELO Checks. Postfix also does sender verify.
They permit TLS certificates for relaying, in case someone from SPI needs it, and also for our other SPI hosts that send mail. No password auth is used.
Policyd-weight
We use the following dns lists in policyd-weight:
| NSBL | BAD SCORE | GOOD SCORE | LOGNAME |
|---|---|---|---|
| dynablock.njabl.org | 3.25 | 0 | DYN_NJABL |
| sbl-xbl.spamhaus.org | 4.35 | -1.5 | SBL_XBL_SPAMHAUS |
| dnsbl.njabl.org | 4.25 | -1.5 | BL_NJABL |
| list.dsbl.org | 4.35 | 0 | DSBL_ORG |
| ix.dnsbl.manitu.net | 4.35 | 0 | IX_MANITU |
| multi.surbl.org | 4 | 0 | SURBL |
| rhsbl.ahbl.org | 1.8 | 0 | AHBL |
| dsn.rfc-ignorant.org | 3.2 | 0 | DSN_RFCI |
| postmaster.rfc-ignorant.org | 0.5 | 0 | PM_RFCI |
| abuse.rfc-ignorant.org | 0.5 | 0 | ABUSE_RFCI |
| blackhole.securitysage.com | 1.5 | 0 | BLACKHOLE |
Then there are the following checks:
| Check | Bad Score | Good Score |
|---|---|---|
| client_ip_eq_helo_score | 1.5 | -1.25 |
| helo_score | 1.5 | -2 |
| helo_from_mx_eq_ip_score | 1.5 | -3.1 |
| helo_numeric_score | 1.5 | 0 |
| from_match_regex_verified_helo | 1 | -2 |
| from_match_regex_unverified_helo | 1.6 | -1.5 |
| from_match_regex_failed_helo | 2.5 | 0 |
| helo_seems_dialup | 1 | 0 |
| failed_helo_seems_dialup | 2 | 0 |
| helo_ip_in_client_subnet | 0 | -1.2 |
| helo_ip_in_cl16_subnet | 0 | -0.41 |
| client_seems_dialup_score | 3.75 | 0 |
| from_multiparted | 1.09 | 0 |
| from_anon | 1.17 | 0 |
| bogus_mx_score | 2.1 | 0 |
| random_sender_score | 0.25 | 0 |
| rhsbl_penalty_score | 3.1 | 0 |
We reject if mails score above 7 points or if a client hits 2 or more of the DNS lists. policyd-weight adds a header to every mail describing why it does its action, look for X-policyd-weight in your mails, if you think it should have been kicked out and talk to an admin if you want some score changed. Configuration is in /etc/policyd-weight.conf
Amavisd-new, Spamassassin, clamav
This is configured via /etc/amavis/conf-d/, only edit 50-user there!
We run spamassassin from within amavis, it kills spam mails with a score greater 4.2.
Amavis also bans all mails that contain any form of windows executable files.
Our antivirus scanner has some additional signatures to sort out Malware, Phishing and Scam mails, those are updated every 4 hours, the spamassassin score files are also updated every 4 hours to the newest edition.Spamtrap
Somewhere on the SPI website is a mailaddress, well hidden from normal users. If a spambot discovers it and sends mail there, it will train our spamassassin bayes db.
mailgraph
We run mailgraph for some statistics on our mail, visit our mailgraph to see them.