On Sun, 2006-03-05 at 00:04 -0500, Joe Klemmer wrote: > Anyway, I want to try swapping out sendmail for postfix to see if that > makes any kind of difference. Now, I promise to hit the HOW-TO's and > FAQ's and google/A9 myself blue in the face, but if someone has already > done this could you kindly post a quick message with any "gotchas" you > found or any config issues you ran into it would be greatly appreciated. Did this a while back. I used the basic sendmail+spamassassin setup that comes with FC4 and decided to move to Postfix because I wanted more powerful tools to fight spam. First thing I did was buy "the definitive guide" postfix book from Kyle Dent. There is now also another book called "the book of postfix" by Hildebrandt and Koetter. Dunno which is better. I enjoyed reading Kyle's book and it was very helpful. Next, I googled for "postfix amavis clamav pyzor razor dcc" and found two links that were very useful (not at home right now and couldn't find the links. They were aimed at FC4 iirc). I grabbed a box not doing any mail stuff to setup the postifx-amavis-clamav-pyzor-razor-dcc combo and worked from there. Once I had the setup I wanted I moved it over to the mailserver. Don't throw away your sendmail setup. If things go wrong you want the ability to move back and continue to receive mail while you figure out how to fix the postfix problem. I found that postfix is very powerful when it comes to fighting spam. Very useful was how to block spammers from Korea and China (see http://www.fadden.com/techmisc/asian-spam.htm). And I'm adding more rogue networks like rima-tde.net, RoadRunner, Verizon, Comcast, Shawcable, etc. I also block broadband networks in Eastern Europe the moment they hit me with spam and South America (Brasil and Mexico) are growing on my blocklist too. Something like this works quite good (in /etc/postfix/main.cf): smtpd_client_restrictions = permit_mynetworks, check_client_access cidr:/etc/postfix/sinokorea.cidr, check_client_access cidr:/etc/postfix/bans.cidr, check_client_access cidr:/etc/postfix/comcast.cidr, check_client_access cidr:/etc/postfix/shawcable.cidr, reject_rbl_client relays.ordb.org, reject_rbl_client opm.blitzed.org, reject_rbl_client list.dsbl.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client virbl.dnsbl.bit.nl, reject_rbl_client dnsbl.njabl.org, reject_rhsbl_sender dsn.rfc-ignorant.org My spam is down about 75%. The remaining 25% is caused by an upstream ISP relay that does not filter as aggressive as I would like to. Soon this will change as I will take out the relay and be primary MX for that part too. Hopefully this will drop spam to < 1%. Good luck! Regards, Patrick