On 11/25/2009 6:45 PM, Christopher Chan wrote: > Thomas Harold wrote: >> >> We use postfix, dovecot, clamav milter (reject at SMTP time), spf policy >> check (with rejecting on SPF_FAIL at SMTP time), and AmavisD-New w/ >> SpamAssassin for scoring what's left. >> > Have you looked at spamass-milter too? No, I must have overlooked that. We're taking advantage of a lot of the amavisd-new features that enhance SpamAssassin. OTOH, spamass-milter looks to be a lot simpler to configure and would've allowed us to reject the super-high scoring spam (>=25.0) during the SMTP transaction. (I prefer to only reject on bogus HELO names, virus-infected messages caught by ClamAV and SPF_FAILs at the moment. Rejecting on a spam score is trickier and more subjective.) One advantage of amavisd-new is that we could, if needed, move the spam scoring off to a secondary internal server and round trip it back to the primary mail server. There are some other tricks that amavisd-new handles beyond that (such as the policy banks, or the ability to boost/lower a sender's email address or a sender's domain by a few points instead of outright whitelisting/blacklisting).