Hello,
If you are looking for an effective spam filter where you don't waste your users' time and you don't worry about false positives, try this:
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
# I removed this because of too many false positives with lazy admins
# reject_unknown_client,
permit
smtpd_sender_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
# Surprisingly got false positives with this :
# check_policy_service unix
rivate/spfpolicy,
reject_non_fqdn_recipient,
# Read spamhaus terms of use before using their service!
reject_rbl_client zen.spamhaus.org,
reject_rbl_client list.dsbl.org,
permit
# This is used , see further down
header_checks = regexp:/etc/postfix/header_checks
I find that these restrictions cut out a decent percentage of spam. I have tried postgrey, but I don't like having my messages delayed. I found that using spamassassin as a proxy works well.
I installed spampd and spamassassin and added this to master.cf :
smtp inet n y n - 10 smtpd
-o smtpd_client_connection_count_limit=2
-o smtpd_proxy_filter=127.0.0.1:10025
10026 inet n - - - - smtpd
and finally in header_checks I added this :
/^X-Spam-Status: Yes/ reject
This setup is to me the perfect setup.
No Spam folder, users don't waste time rechecking spam.
No false positives, if a email is rejected the sender will know immediatly ( or very quickly depending on his/her server setup )
No back scatter, we bounce the message before accepting it, so we are not sending back scatter.
There will still be some spam that gets passed this, but little enough that I am ok with it.
David
