My server hosts several mail domains (including my own one – vdachev.net) and is also a secondary mail exchanger for others. In an effort to reduce the spam traffic sent to and passing through my server I strenghtened the anti-spam policy of my servers. I’ve also moved many mail domains to Google Apps as it turned out to be a great solution and deals pretty well with spam.
There were a few things that I paid attention to:
- Spammers predominantly use secondary mail exchangers. Quote clever decision – secondary mail exchangers often have no way to check if a mailbox is not available or not and accept the e-mail for delivery. They usually don’t do the spam filtering as it is often a local delivery task so it’s not their job. What I mean… spam is more likely to be accepted by a secondary mail exchanger. Even if a message gets bounced by the primary mail exchanger it is not of importance to the spammer;
- In my setup I had disabled DNS blacklist checks in Postfix as SpamAssassin did them. However my SpamAssassin marks unsolicited e-mails as spam but lets them pass through. So blacklisted senders were able to send spam to domains I relay for instead of being sent a “554 Transaction failed.” error code. That’s why I added DNS blacklist checks in Postfix itself (a main.cf snippet below);
- A few weeks after moving a domain to Google Apps and changing the MX records accordingly I still have receive spam relayed through my servers for this domain. I intentionally didn’t remove the domain from the list of domains I relay for because I don’t want a mail to be lost because of unexpired DNS entries. It seems spammers are aware of such techniques and save old MX records. Fine! I removed the obsolete domains out of my relay list…
- … but the last one presupposes there are system that keeps sending spam for a very long period of time (a few weeks!). If they are hacked why the f*ck their administrators get paid for?! If not, it’s intentional… and their ISPs obviously support spam. I suppose it’s the latter and that’s why wide ranges are blacklisted. Hah! And that’s why my mail queue has almost no requests in it after the change in Postfix.
For those of you interested in the Postfix setting (or just the DNS blacklist I use) here is what my “smtpd_recipient_restrictions” option in main.cf looks like: