Block Spam Menggunakan Postfix

From SpeedyWiki

Jump to: navigation, search

Memblokir spam menggunakan spamassasin untuk 1000 mail / menit bisa membuat CPU tewas. Cara yang lebih cerdas untuk memblokir spam sebelum mencapai spamassasin adalah menggunakan RBL (Realtime Blacklists) dan RHBL (sama tapi beda dengan RBL), Greylistings dan Helo Checks.

Kita ubah sedikit konfigurasi /etc/postfix/main.cf agar menambahkan pertahanan di smtpd dan cek seluruh host,

### Checks to remove badly formed email
smtpd_helo_required          = yes
strict_rfc821_envelopes      = yes
disable_vrfy_command         = yes
unknown_address_reject_code  = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code   = 554
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, regexp:/etc/postfix/helo.regexp, permit
### When changing sender_checks, this file must be regenerated using postmap <file>, to generate a Berkeley DB
smtpd_recipient_restrictions = 
  check_client_access hash:/etc/postfix/helo_client_exceptions
  check_sender_access hash:/etc/postfix/sender_checks,
    reject_invalid_hostname,
### Can cause issues with Auth SMTP, so be weary!
    reject_non_fqdn_hostname,
##################################
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_sender_domain,
    reject_unknown_recipient_domain,
    permit_mynetworks,
    reject_unauth_destination,
# Add RBL exceptions here, when changing rbl_client_exceptions, this
# file must be regenerated using postmap <file>, to generate a Berkeley DB
  check_client_access hash:/etc/postfix/rbl_client_exceptions,
    reject_rbl_client cbl.abuseat.org,
    reject_rbl_client sbl-xbl.spamhaus.org,
    reject_rbl_client bl.spamcop.net, 
    reject_rhsbl_sender    dsn.rfc-ignorant.org,
  check_policy_service inet:127.0.0.1:60000
     permit 


Kita perlu membuat file baru

vi /etc/postfix/helo.regexp
/^subdomain\.host\.com$/           550 Don't use my own hostname
/^xxx\.yyy\.zzz\.xxx$/             550 Don't use my own IP address
/^\[xxx\.yyy\.zzz\.xxx\]$/         550 Don't use my own IP address
/^[0-9.]+$/                        550 Your software is not RFC 2821 compliant
/^[0-9]+(\.[0-9]+){3}$/            550 Your software is not RFC 2821 compliant

Dengan cara ini lumayan untuk membuang spammer yang berusaha mengirim perintah helo dengan IP address, hostname yang kacau yang tidak memenuhi RFC 2821.

[edit] Cara yang lebih sederhana

Untuk memblok mail spam menggunakan postfix dapat ditambahkan baris berikut di /etc/postfix/main.cf

check_helo_access hash:/etc/postfix/maps/helo_access,
 reject_rhsbl_sender cbl.abuseat.org,
 reject_rhsbl_sender dnsbl.njabl.org,
 reject_rhsbl_sender list.dsbl.org,
 reject_rhsbl_sender bl.spamcop.net,
 reject_rhsbl_sender cbl.abuseat.org,
 reject_rhsbl_sender dul.dnsbl.sorbs.net,
 reject_rhsbl_sender rhsbl.sorbs.net,
 permit
smtpd_client_restrictions=
 reject_rbl_client cbl.abuseat.org,
 reject_rbl_client dnsbl.njabl.org,
 reject_rbl_client list.dsbl.org,
 reject_rbl_client bl.spamcop.net,
 reject_rbl_client cbl.abuseat.org,
 reject_rbl_client dul.dnsbl.sorbs.net,
 reject_rbl_client rhsbl.sorbs.net,
 permit_mynetworks,
 permit


[edit] Referensi

[edit] Pranala Menarik

Personal tools