(postfix) SPAM filter?
jorn at wcborstel.com
Sun Dec 16 05:43:14 PST 2007
Heiko Wundram (Beenic) wrote:
> Am Donnerstag, 13. Dezember 2007 03:12:53 schrieb Chuck Swiger:
>> Install the following:
> Just as an added suggestion: these two (very!) lightweight packages suffice to
> keep SPAM out of our company pretty much completely. Both are best used to
> reject mails before they even have to be delivered (in Postfix, this is a
> sender or recipient restriction, see the websites of the two projects for
> more details on how to set them up), so as a added bonus, people don't have
> to scroll through endless lists of mails marked as "***SPAM***".
Greylisting only works so-so nowadays. There was a couple of months it
was very effective, but that is long gone. Spammers aren't stupid, and
they follow the development of anti-spam techniques as much as e-mail
admins do. Greylisting is a start, but from my experience it is not
Also I believe that rejecting e-mail is a big point of discussion. We
had an internet e-mail environment built about 3 years ago, and there
the users were terrorized by spam. We had some users getting 30 spam
mails a day at least. This setup was running amavis, spamassassin,
postfix, postgrey, dcc and razor. Unfortunately, over time the bayes
filter got incorrectly trained, and it sometimes rejected valid e-mails.
If there's something you DON'T want to happen it's that. And also
troubleshooting those kind of things can be quite hard ...
We rebuilt the environment from scratch. Right now we are running
OpenBSD spamd + OpenBSD Packetfilter. This functions as greylisting /
greptrapping in combination with the PF firewall. We made a couple of
scripts to trap invalid / forged e-mail addresses that are greylisted.
Also we make use of the uatraps / nixspam traplists, and our own
generated blacklist generated from spam being sent to the postmaster. We
had some problems with blacklisted entries in the past, but we worked
around that. It goes further then that, but I will spare you all the
On the second line we run Postfix / ClamSMTP / Clamd / Spamassassin. We
removed Amavis because it was annoying to upgrade and we wanted to get
rid of it, as we had problems with it in the past. With SpamAssassin we
use sa-update and sa-learn to keep the rules up-to-date and make sure
bayes gets properly trained. So we are marking e-mail as spam and no
longer block it. Why? Simple ... we no longer want to block false
positives. Again, there is more to this, but I will spare you all the
Right now we have 2500 happy users. Their local helpdesks helped them
with getting an Outlook rule in place to automatically move tagged
e-mails to a spam folder. Just like their gmail, hotmail or Yahoo
account does at home.
The environment we have is certainly not the easiest one, but we
automated many things, leaving us with practically no work on it. All
the updating of rulesets / blacklists / whitelists /whatever goes by
itself. Downside of an environment like this is that you will need quite
some knowledge of all the components and how they work together. But
hey, I got it running at home as well (a bit simpler though) and didn't
had a single spam mail in my mailbox the last 4 months. Sure, the ones I
do get are getting tagged and moved to my spam folder automatically,
which I do with maildrop (though procmail does the job nicely too). All
in all it works like a charm.
Well a long story, but maybe it is of use for someone else. As always, YMMV.
> I've had a setup with amavisd-new, spamassassin and clamav on another mail
> server (basically the same thing Chuck described), but for our current usage,
> these two are efficient enough not to warrant the upgrade to more powerful
> hardware (which would be required to run SpamAssassin properly).
More information about the freebsd-questions