Need a spam filter suggestion

dpalme · #1 August 17th, 2012, 00:04

I used to use spamassassin back in the day but it wasn't exactly the easiest to keep configured and running.

Any suggestions on a package that will cut down the amount of spam?

I have multiple domains that I need to filter for all with different IP addresses.

cpu82 · #2 August 17th, 2012, 00:17

You should try mail/dspam.

ecazamir · #3 August 17th, 2012, 19:28

Use greylisting + RBL Checks + more strict SMTP restrictions: reverse DNS record existence, proper HELO, etc + amavisd-new + spamassassin + SPF checks + DKIM signing/verifying.
greylisting alone will cut at least 80% of the SPAM volume.

**wblock@** · #4 August 17th, 2012, 20:31

sendmail's GreetPause is another option that won't hurt. mail/dspam looks interesting, being lighter weight than things like spamassassin.

If you use or are considering pf(4), look at mail/spamd. It's kind of delightfully evil. Because it tarpits spam senders, it benefits the community.

mwatkins · #5 August 17th, 2012, 23:47

I used to use grey-listing but found it was causing me more admin headaches. Some surprisingly large organizations run mail servers that don't behave as they should.

policyd-weight (incorporating RBL checks, some country weighting... my users do not deal with China or Africa all that much) with Postfix properly configured to reject bad mail senders - very little actual spam makes it through the gauntlet and what does is tagged.

The remaining mail gets passed through bogofilter for spam tagging and (optional) moving to spam folders; we only provide IMAP access to clients.

spamassassin I found too heavy and maybe because of its popularity seemed to need more on-going tweaking as the bad guys alter their approaches.

ecazamir · #6 August 18th, 2012, 08:29

Quote:

Originally Posted by mwatkins

I used to use grey-listing but found it was causing me more admin headaches. Some surprisingly large organizations run mail servers that don't behave as they should.

I agree, some organizations (most of them small, in my experience) don't use proper SMTP servers.
In the past 7 years, I took care of the corporate email server. I started using greylisting 4 years ago. During this 4 years, I had less than four events related to greylisting per year.
So, I don't need a so-called lightweight solution (DSPAM) and I don't need to tune SpamAssassin every day, or week. Keep in mind that a SPAM sender need _speed_, and greylisting hits the spammers just at this point.
IMO, it's fine to add 4 exceptions per year to a table, instead of upgrading hardware/spam signatures/etc and keeping the server more busy than it is required, because few "systems admins" don't know protocol requirements or forgot about SMTP queues.

I forgot in my previous post to mention fail2ban. It is possible to instruct fail2ban to block IP addresses which insist on sending mail
- 1 - from RBL blocked addresses
- 2 - for non-existing mail accounts
Also, it is possible to add exceptions to 'unconfigurable remote SMTP servers', using postfix's 'smtpd_client_restrictions' combined with a hash table with 'excepted' IP addresses.

kpa · #7 August 18th, 2012, 09:20

There's a lot of plain ignorance when it comes to email server setups. There are still many servers that do not support empty return paths (MAIL FROM: <>) on bounced messages even if it's required by RFC 1123 to avoid bounce loops.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Spam Filter	danaeckel	General	1	March 3rd, 2012 23:55
Vmware Appliance called freebsd spam filter	anthony911	Installation and Maintenance of FreeBSD Ports or Packages	3	July 28th, 2010 14:47
spam filter doubts?	klabacita	Web & Network Services	9	May 18th, 2010 15:58
Recommendation on Spam Filter	dpalme	Web & Network Services	30	April 6th, 2010 22:14
spam filter reject email to unknown user	klabacita	Web & Network Services	2	March 23rd, 2010 15:00

The Following User Says Thank You to cpu82 For This Useful Post:
wblock@ (August 17th, 2012)