Gentoo Archives: gentoo-user

From: Laurence Perkins <lperkins@×××××××.net>
To: "gentoo-user@l.g.o" <gentoo-user@l.g.o>
Subject: RE: [gentoo-user] Handling a sizable amount of spam and Dovecote question
Date: Thu, 20 Jan 2022 17:31:43
Message-Id: MW2PR07MB405874009E39923EFB704291D25A9@MW2PR07MB4058.namprd07.prod.outlook.com
In Reply to: Re: [gentoo-user] Handling a sizable amount of spam and Dovecote question by Marco Rebhan
1 > -----Original Message-----
2 > From: Marco Rebhan <me@××××××××.net>
3 > Sent: Thursday, January 20, 2022 6:07 AM
4 > To: gentoo-user@l.g.o
5 > Subject: Re: [gentoo-user] Handling a sizable amount of spam and Dovecote question
6 >
7 > On Thursday, 20 January 2022 14:22:02 CET Dale wrote:
8 > > What do others do with spam to minimize it?
9 >
10 > Hi Dale,
11 >
12 > I'm not sure if you're talking about self-hosted mail because you mention dovecot, if you do:
13 >
14 > I use postfix's smtp_recipient_restrictions to block mail coming from servers marked as spam by RBLs:
15 >
16 > smtpd_recipient_restrictions =
17 > reject_rbl_client zen.spamhaus.org,
18 > reject_rbl_client bl.spamcop.net
19 >
20 > I'm not sure if this is doable through Dovecot configuration, but without an MTA like Postfix you can't receive mail anyway. This alone seems to block most of the spam I get. And additionally I have rspamd and some filters set up because some stuff does get through. I think Postfix also lets you block IP ranges directly in case you get spammed by some network that isn't listed on spamhaus but I haven't needed that yet.
21 >
22 > > I'm considering setting
23 > > up another email address and switching then closing current account.
24 > > Yea, it's that annoying. Is there someone I can report them too? Is
25 > > there something I'm not recognizing in the message headers that I can
26 > > use to report them too?
27 >
28 > In case you're using some other email provider (is this about your Gmail address?), what you can do regardless is set up filters (ideally server- side if they provide the capability...) filtering mails by e.g. From header (I have a whole list of those), and if they have a well configured spam filter you should be able to move the spam mail into your spam folder and it should eventually start to classify similar mail as spam automatically. (but this is specific to the service so I can't tell you a way that works everywhere)
29 >
30 > > By the way, I have dovecote set up and the service seems to start.
31 > > What do I do after getting the service to start to set up where to get
32 > > email etc?
33 >
34 > If you aren't self-hosting your mail but want to (be warned, it's a fair bit of setup connecting it all together), you first need a domain, a server with a static IP address (don't use some box in your home) that has the correct rDNS record set in addition to DNS, so the hostname can be resolved from its public IP. To actually be able to receive mail, you also need an MTA. Dovecot is just a way to access a mailbox, it doesn't actually handle receiving mail from other servers or sending mail.
35 > Postfix is what I use for that, they work well together. I followed these wiki articles among some others I can't find right now to set it up initially:
36 > https://wiki.archlinux.org/title/Mail_server
37 > https://wiki.archlinux.org/title/Postfix
38 > https://wiki.archlinux.org/title/Dovecot
39 >
40 > I hope this helps!
41 >
42 > -Marco
43 >
44
45 Note that you don't technically need a static IP address, and a box in your home works just fine as long as you have sufficient bandwidth. But most residential ISPs in the USA at least block port 25 due to a technically flawed recommendation from the federal government that was made in the '90s when everybody was on dialup. The recommendation, of course, is that *everybody* should block both incoming and outgoing port 25 *all* the time... Which *would* meet the stated goal of eliminating spam email...
46
47 Fortunately you can generally pay an ISP an extra fee to get port 25 unblocked. This usually also includes getting a static IP address. But the system will work with dynamic IP addresses just fine as long as your dynamic DNS client is configured correctly.
48
49 Note that if you're going to host your own email you need to test the security of your DNS provider. There have been some notable cases where a few of them were more than willing to help a scammer with vague knowledge of their victim's personal info guess their way into the account and then start intercepting mail. Specifically password reset emails. So find a DNS provider that will let you set up strong security on the account, like all password reset requests needing to be notarized or something.
50
51 LMP