Mark J Bradakis writes:

So my mailing lists are getting hit by spam that goes to the lists since it claims to be from some poor subscriber whose email got hijacked. But to be more general, what are some of the current best practices to filter out spam in a postfix mailman environment on Linux?

Run SpamAssassin or similar as a milter from Postfix.

One hint that may help is that on many lists there's a short list of keywords that allow you to whitelist content when they appear in a text/* part. Eg, on Python lists, almost no spam contains the word "python" (except perhaps in the greeting "Dear python-list@python.com"). SpamAssassin and similar filters allow you to add rules for this kind of thing.

Mark J Bradakis wrote:

But to be more general, what are some of the current best practices to filter out spam in a postfix mailman environment on Linux?

I use greylisting with Postgrey and spam/virus/other scanning via MailScanner.

Also to increase protection against hijacked list member's accounts, on my largest, highest traffic list I have set Privacy options... -> Recipient filters -> max_num_recipients to 5 although this does result in some held posts due to the recipient list growing after multiple reply-alls.

I also hold messages with no or empty Subject: header. I happen to do this with a custom handler that also holds messages that quote digest boilerplate, but it can be done with header_filter_rules.

Other things I hold with header_filter_rules are these:

^Sender:.*linkedin.com>?$ ^Return-Path:.*linkedin.com>?$ ^Sender:.*homerunmail.com>?$ ^Return-Path:.*homerunmail.com>?$ ^Reply-To:.*homerunmail.com>?$ ^Sender:.*facebookmail.com>?$ ^Return-Path:.*facebookmail.com>?$

I also have

^.*[@.]apot(mail)?\.com$

in all my lists' ban_list. This is not anti-spam, but is to prevent answerpot from subscribing to lists for the purpose of archiving them.

If MailScanner seems too heavy a hammer for spam/malware filtering, alternatives are <http://sourceforge.net/apps/trac/fuglu/> or simply running spamassassin and clamav via milters.

-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan

Mark J Bradakis writes:

So my mailing lists are getting hit by spam that goes to the lists since it claims to be from some poor subscriber whose email got hijacked. But to be more general, what are some of the current best practices to filter out spam in a postfix mailman environment on Linux?

Run SpamAssassin or similar as a milter from Postfix.

One hint that may help is that on many lists there's a short list of keywords that allow you to whitelist content when they appear in a text/* part. Eg, on Python lists, almost no spam contains the word "python" (except perhaps in the greeting "Dear python-list@python.com"). SpamAssassin and similar filters allow you to add rules for this kind of thing.

Mark J Bradakis wrote:

But to be more general, what are some of the current best practices to filter out spam in a postfix mailman environment on Linux?

I use greylisting with Postgrey and spam/virus/other scanning via MailScanner.

Also to increase protection against hijacked list member's accounts, on my largest, highest traffic list I have set Privacy options... -> Recipient filters -> max_num_recipients to 5 although this does result in some held posts due to the recipient list growing after multiple reply-alls.

I also hold messages with no or empty Subject: header. I happen to do this with a custom handler that also holds messages that quote digest boilerplate, but it can be done with header_filter_rules.

Other things I hold with header_filter_rules are these:

^Sender:.*linkedin.com>?$ ^Return-Path:.*linkedin.com>?$ ^Sender:.*homerunmail.com>?$ ^Return-Path:.*homerunmail.com>?$ ^Reply-To:.*homerunmail.com>?$ ^Sender:.*facebookmail.com>?$ ^Return-Path:.*facebookmail.com>?$

I also have

^.*[@.]apot(mail)?\.com$

in all my lists' ban_list. This is not anti-spam, but is to prevent answerpot from subscribing to lists for the purpose of archiving them.

If MailScanner seems too heavy a hammer for spam/malware filtering, alternatives are <http://sourceforge.net/apps/trac/fuglu/> or simply running spamassassin and clamav via milters.

-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan