postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: postfix doubling emails and spam!

Re: postfix doubling emails and spam!

From: Jeroen Geilman <jeroen_at_nospam>
Date: Fri Oct 29 2010 - 20:17:29 GMT

On 10/29/2010 09:39 PM, Al Zick wrote:
> Currently, I just use procmail to interface with the spam filters.

Procmail is expensive to run.
If you use amavisd-new with SA, it will control those processes outside
of mailbox delivery.

> I would really like to put a bunch of rules into procmail too, for
> example: if is sees the word viagra anywhere in the email, it is spam,
> there is no reason to go any further with it.

That would be trivial with a body_check (although they are generally slow).

I'm also quite positive that spamassassin can do ANY kind of full-text
scan, on any conditions.

> Is there anything else that could cause a soft_bounce?

Don't accept mail you cannot deliver.
That's Rule #1 of spam prevention.

> What exactly is a backscatter problem?

Ehm. Backscatter is accepting mail from forged senders that bounces. You
send the bounce back to the forged address.

> If I do have a backscatter problem, what should the settings be?

Don't accept mail you cannot deliver.
Run strict sender verification if you want to avoid backscatter.

> I have several websites that I own that are in the top 1,000,000 sites
> based on traffic according to Alexa and although this server only
> hosts the email for like 30 some domains. I seem to get more than my
> fair share of spam. Right now, it is still manageable, but soon I will
> need a very high end dedicated mail server, if I don't change
> something. Personally, I feel my config is wrong and that is why I am
> asking some questions.

You are not using any HELO restrictions. That is generally not a good
idea, as my HELO checks catch more spam than all other restrictions
Also, system performance (or the lack thereof) is greatly influenced by
the ordering of your spam checking - do the most expensive tests last,
and as little as possible.

I use sane HELO and sender/recipient checks, and a single RBL - zen.
Anything that passes that far goes to amavisd-new with SA and clamav.
SA finds maybe one message in 20 or 30 to be spam.
I usually don't worry about it after that, but you can run the
daily-updated rules-du-jour ruleset in SA.

> I was also looking at something else and it looks like Postfix was
> built without pcre. Will I be able to use header checks without this?

You can still use regexp if that is compiled in, but the man page says
it is slower than pcre.

-- J.