Recommendation on Spam Filter

I'll have to admit that I found my first non-conforming server I wanted an email from yesterday.. I ordered a new SCSI card for my server and the mail server on the other end tried twice within 3 minutes and after Postgrey kicked it out, it never tried again.. So, I lost my order confirmation with my order number,etc.. I had to call the company up and ask for the order #.. Ugg.. They later send a tracking # update and it did the same thing -- the end result was no email from them at all.. They must be using some odd Windoze mail server that likes to cut corners... (all their pages are ASP, so I might be generalizing).
 
MS Exchange is known to be quite allergic to greylisting, though I have to say that with my greylisting (milter-greylist for Sendmail using a single 3-minute backoff that continues to count down when retries are done in that period) I've never lost email from anyone that I know of (and that certainly includes Exchange servers, also older versions).

I'd go so far as to say that any greylisting (even a one-minute backoff) is enough by itself. Zombies and other malware senders simply never come back after a 4xx, so introducing lengthy delays bites you and legitimate senders, not the spammers.

A long greylisting period (e.g. more than 30 minutes) may cause even legitimate mailservers to introduce a much longer resend interval (backoff delay) when they bump their heads a few times in a row. They may even give up altogether, though they shouldn't.

I say: if you use greylisting (which is a formidable spam stopper), use a very short retry interval, in the 1-3 minute range.
 
One small addition: when using a short backoff time (like 1-3 minutes), you should use auto-whitelisting only on a unique sender/recipient/IP combination.

Simply auto-whitelisting an IP address after one minute of greylisting (regardless of who sends email to whom from that particular IP) may open you up to any spam run that happens to last more than one minute.

So: greylist for a short period, but be very precise. Every unique sender/recipient/IP combination should have "their own grey minute"; with that in place, you can easily auto-whitelist for several days (I use seven myself).
 
Ok.. One more question.. I've got Postfix + Postgrey + Policyd-weight all running without problems but still find ~50+ spam per day getting through the seive.. I've got SpamAssassin ready and able but only want to use it AFTER the existing strainers have been used (e.g. all policy servers).. Is there a way to do that w/ Postfix? I don't know the order that the 'content_filter' runs at compared to the policy filters (e.g. does the policy filters go first)? I'd hate to put SA in front of the policy servers if at all possible.. Anyone know? I'd love to ditch about 50+ email per day of pure crap!

Hmm.. After poking around further, I wonder if SpamAssassin should be setup as a Postfix proxy as described here?
 
Ok.. Just to reply to myself if it might help someone else.. I installed spampd from ports and it is only called after the policy daemons are done first .. So, it seems to help as a extra step quite nicely..
 
Back
Top