On 03/12/2012 10:06 PM, Nataraj wrote:
On 03/12/2012 09:08 PM, Ron Loftin wrote:
I'm going to chuck in my 2 cents worth here, as I've been using Postfix as a first-line filter for some years now.
All of the above suggestions are very useful. The only point that I haven't seen in this thread is that mail server/filter configs are extremely user-dependent. I started out with some of the more restrictive options discussed here, but I had to relax a few of them for the client involved. It seems that they were doing business with some folks ( both customers and suppliers ) who were using poorly-configured mail servers, and some of the options given above can cause "legitimate" traffic from such poorly-configured servers to be rejected.
In short, like you should do for any application, do the appropriate research so that you UNDERSTAND what the recommended options are doing for you ( or TO you ) and tailor your selection(s) to meet YOUR specific needs. In the case of using Postfix to filter mail to reduce the inbound spam to an old, feature-poor mail server, it took some research and some experimenting with different recommendations to achieve the solution that met the needs of a particular user community.
Like I said, this is just my $0.02 (US) worth. Enjoy. ;^>
pbl.spamhaus.org (dynamic IP address RBL) is generally quite safe for most sites to use from postfix. The rest of the spamhaus RBL's such as the combination that you get from zen.spamhaus.org are mostly safe (better than all others that I've tried), but not 100%. Most others that I've tried I have gotten a fair number of false positives over time (This includes dul.dnsbl.sorbs.net, the sorbs dynamic IP RBL). Many people feel that most other RBL's need to be used with a scoring mechanism, such as that provided by spamassasin, instead of directly from postfix to avoid getting too many false positives.
Nataraj