|
Postfix & Spamassassin, post queue filter without amavis
Hello,
If you are looking for an effective spam filter where you don't waste your users' time and you don't worry about false positives, try this: smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, # I removed this because of too many false positives with lazy admins # reject_unknown_client, permit smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, # Surprisingly got false positives with this : # check_policy_service unix:private/spfpolicy, reject_non_fqdn_recipient, # Read spamhaus terms of use before using their service! reject_rbl_client zen.spamhaus.org, reject_rbl_client list.dsbl.org, permit # This is used , see further down header_checks = regexp:/etc/postfix/header_checks I find that these restrictions cut out a decent percentage of spam. I have tried postgrey, but I don't like having my messages delayed. I found that using spamassassin as a proxy works well. I installed spampd and spamassassin and added this to master.cf : smtp inet n y n - 10 smtpd -o smtpd_client_connection_count_limit=2 -o smtpd_proxy_filter=127.0.0.1:10025 10026 inet n - - - - smtpd and finally in header_checks I added this : /^X-Spam-Status: Yes/ reject This setup is to me the perfect setup. No Spam folder, users don't waste time rechecking spam. No false positives, if a email is rejected the sender will know immediatly ( or very quickly depending on his/her server setup ) No back scatter, we bounce the message before accepting it, so we are not sending back scatter. There will still be some spam that gets passed this, but little enough that I am ok with it. David |
You can stop the backscatter with before queue milters as well.
|
Quote:
|
| All times are GMT -5. The time now is 01:34 PM. |