We use Spamassassin, Exim, and Exim-sa to reject spam at SMTP DATA time.
THis has the advantage that if there is a false positive, the sender knows
that the message did not go through.
Steve Gaarder
System Administrator, Dept of Mathematics
Cornell University, Ithaca, NY, USA
[log in to unmask]
On Tue, 11 Feb 2014, James Rogers wrote:
> I've always wanted to deploy DCC:
> http://www.rhyolite.com/dcc/
>
> I haven't gotten around to it yet, but it's always struck me as a great idea.
>
>
>
>
> On Tue, Feb 11, 2014 at 10:57 AM, David Sommerseth
> <[log in to unmask]> wrote:
> On 11/02/14 02:13, Yasha Karant wrote:
> > Our site has been edicted to Microsoft Exchange server with a
> Barracuda
> > spam filter. There are numerous difficulties, one of which is
> spam not
> > being filtered and non-spam being so filtered (significant
> increase in
> > mission critical false positives). At present, the
> administrative
> > authorities (all of whom appear to be management professionals,
> not
> > internals nor systems folks) insist on Exchange, allowing open
> systems
> > standards compliant end-users to have IMAP service. Given
> this, what
> > are the best server-side spam filters, either hardware or
> software?
> > "Best" should be based upon current field-deployed experience
> and/or
> > unsolicited external reviews (not vendor-supported
> "independent" reviews).
>
> I've put up a fairly simple Postfix + Amavis-new + SpamAssasin server
> in
> front of some of my Zimbra servers to get rid of the "worst" trash (we
> also had some other requirements too, but that's not important in this
> thread). I configured Postfix with several RBLs, SPF and postgrey. In
> addition I added these smtpd_recipient_restrictions:
>
> reject_unknown_reverse_client_hostname,
> reject_invalid_hostname,
> reject_non_fqdn_hostname,
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unknown_sender_domain,
>
> The RBLs I have had great success with are:
>
> reject_rbl_client bl.spamcop.net,
> reject_rbl_client zen.spamhaus.org,
> reject_rbl_client bl.blocklist.de,
> reject_rbl_client b.barracudacentral.org,
> reject_rbl_client bl.spamcannibal.org,
> reject_rbl_client cidr.bl.mcafee.com,
>
> The two first ones and barracudacentral.org seems to be those being
> triggered most. Barracudacentral requires a registration (they want
> the
> IP of your DNS resolver doing the queries).
>
> With all this in place, I reduced the spam which SpamAssassin filtered
> out from 75-80% to ~20-25%.
>
> I had to remove SORBS, as they actually listed a lot of valid SMTP
> relays ... and for those companies being hit here, it was just a too
> costly operation to fix each time it happened. On the other hand, the
> other RBLs catch quite fine what SORBS blocked correctly.
>
> In regards to SPF, that works pretty well. I did it even stricter than
> the default configuration (I use python-policyd-spf), where I set
> PermError_reject = True. That enforces that SPF rules which are
> explicit much harder.
>
> And with postgrey, I learned that you need at least a 10 minutes
> threshold. For one of the servers I maintain, postgrey blocks ~25% of
> all mail attempts. On antoher one (low traffic), the hit rate was so
> low I actually removed. So you need to test and see if it can match
> your needs.
>
>
> --
> kind regards,
>
> David Sommerseth
>
>
>
>
|