|Main Archive Page > Month Archives > postfix-users archives|
On Sun, Mar 25, 2012 at 10:15:40AM +0600, Vishal Agarwal wrote:
> I want to reinstall postfix server right from scratch with spam
> filter, grey listing and antivirus support working on submission
> port. Pl suggest/advise any practical working tutorial.
I have reviewed quite a few of what I call the "kitchen sink"
tutorials on the web, those which include "everything but the kitchen
sink" (a colloquial expression. Most of them are very weak for
various reasons. IMO they're trying to cover too much material. They
cannot take the place of the software documentation.
The right thing to do is to take it in pieces, so you understand
about each piece.
Spam filter & greylisting:
(and Google this mailing list for my example postscreen config)
I don't recommend greylisting other than what postscreen(8) does,
assuming you choose to activate the "deep protocol tests". YMMV of
course, but many spam zombies do go through their lists twice or
Note that greylisting and postscreen make no sense at all and will
not work on submission. Likewise, such tactics as DNSBL lookups and
HELO checks are counterproductive when applied to submission users.
Antivirus / antizombie protection on submission is very important.
You're not going to be able to do that natively in Postfix. You'll
want rate limiting and content filtering.
For rate limiting, a policy service is useful. See this:
For content filtering, I'd recommend amavisd-new with SpamAssassin as
a post-queue filter. I think you will have to tweak the default
amavisd configuration to do filtering of submission mail. See here:
(And NB to Mark: I think now is the time to reconsider that default,
because authenticating malware is on the rise, and one such
experience can be devastating, getting you blocked everywhere.)
Amavisd-new can chain multiple filters, and it invokes SA internally
as perl modules, but you might also be interested in their sites:
IME clamav did not matter much on inbound mail when using the
aforementioned Postfix-based spam controls, but it might be useful
against authenticating malware, and it certainly does not hurt to
have it deployed and ready. See here:
Yes, that is a lot of stuff to cover. Mail admin is not for the faint
of heart. :) Good luck.
-- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: