[CentOS] spam control

Wed Oct 25 15:52:54 UTC 2006
Rodrigo Barbosa <rodrigob at darkover.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Oct 25, 2006 at 10:39:33AM -0500, Alex Palenschat wrote:
> One other thing that it may be good to point out is the course that the
> postfix group seems to be taking which is sanity checking incoming email
> before the DATA state. This is well worth checking out and I would guess
> that any well-maintained MTA would support this type of thing. So your
> rbl checks/helo checks/hostname and mx checks happen before the mail is
> received. This greatly reduces the amount of processing time on the MTA
> and allows it to handle far more mail in these spam-predominant times.
> You don't want to block most of your spam with a perl script IMHO.

True. I particually enjoy Exim ACLs for this kind of job. For bigger
setups (10000+ mailboxes), I usually split my mail cluster on a
backend/frontend setup, which also helps a lot.

Greylisting can be pretty tricky to implement, if you need speed.
Constant updates of your database (filebased or dbms based) can
slow you hard, so having some good rules when (and when not) to
update is a must.

Sanity checks are, of course, a must. The sooner you can drop the
message (and the connection, in some cases), the faster you can
handle valid e-mail.


- -- 
Rodrigo Barbosa
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFP4hWpdyWzQ5b5ckRAtojAKCWieTms+7fnhm2jOtXeO33nUQKtwCfQAH5
+lQ9ldggD9pBqeoqdRXBsPE=
=mFYa
-----END PGP SIGNATURE-----