(postfix) SPAM filter?

Preston Hagar prestonh at gmail.com
Fri Dec 14 13:44:42 PST 2007

> > I have found spam assassin with nightly updates of the helpful (there
> > are other people developing new regexs daily).
> >
> > 48 5 * * * /usr/local/bin/sa-update  --channel updates.spamassassin.org
> > && /usr/local/etc/rc.d/sa-spamd restart
> >
> > There are other channels you can subscribe to.
> >
> > Another super helpful bocker is to block all inbound connections from
> > IPs without reverse DNS. Don't forget to virus check your email while
> > you are at it -- there are several packages (clamav is one).  And
> > finally, a couple of RBLs added into the mix are helpful.
> Awesome, i didn't see the subscriptions on their website.
> This is exactly what i need.
> --
> Sten Daniel Soersdal

Something else I would recommend if you end up going the spamassassin
route is to look at rules emporium and rules du jour


Rules Du Jour is a nice bash script that can automatically download
and update the latest rules emporium rules for several different
categories of spam.  You just choose which rule lists you want to use
(there are a lot of categories and then different levels of spam
caught vs false positives within rule sets) and then set rules du jour
as a nightly cron job to update your rule sets automatically.  As some
one else said, this lets you have other people keep your regexs up to
date.  I also added these lines to the top of the Rules Du Jour script
to download a couple of other nice clamAV spam signatures:

#update extra clam spam defs
if [[ -d /var/lib/clamav/ ]]; then
     cd /var/lib/clamav/ && wget --timestamping
     cd /var/lib/clamav/ && wget --timestamping
         gunzip -cdf scam.ndb.gz > scam.ndb
#end update extra clam spam defs

I also use these smtpd restrictions in main.cf:

smtpd_helo_required = yes
smtpd_helo_restrictions =

smtpd_sender_restrictions =
   check_sender_access hash:/etc/postfix/client_restrictions,

smtpd_recipient_restrictions =
   check_sender_access hash:/etc/postfix/client_restrictions,
   reject_rbl_client list.dsbl.org,
   reject_rbl_client zen.spamhaus.org,
   reject_rbl_client bl.spamcop.net,
   reject_rbl_client dnsbl.njabl.org,

Most of that came from here:

Greylisting is great, and usually doesn't delay mail more than 5
minutes, but in some rare cases it can lead to mail delays of
sometimes up to 4 or 5 hours (which is within RFC specs for resending
after a 302 message).  For my personal server, that is no problem, so
I have implemented postgrey (with the stuff above) and get almost no
spam ever.  For a few businesses I run mail servers for, they expect
email to be instant (I know it doesn't have to be technically, but
that is what a lot of people expect now a days).  For them 20 extra
spam a day by not doing grey listing is an okay trade off so that one
contact from the new client shows up in time, instead of 3 hours too

Anyway, I hope this helps.  I am always trying to find new great spam
solutions (using postfix), so I will continue watching this tread with
great interest.  Most of the companies I setup mail servers for would
rather have 30 spam delivered per user per day than have even 1 false
positive or 1 significantly delayed mail, so it is always a tricky
line to walk (at least for me) to block as much spam as I can, without
ever delaying or blocking a ham message, so I am always looking for
new ideas and solutions.


More information about the freebsd-questions mailing list