postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: postfix doubling emails and spam!

Re: postfix doubling emails and spam!

From: Jeroen Geilman <jeroen_at_nospam>
Date: Fri Oct 29 2010 - 20:17:29 GMT
To: postfix-users@postfix.org

On 10/29/2010 09:39 PM, Al Zick wrote:
>
> Currently, I just use procmail to interface with the spam filters.

Procmail is expensive to run.
If you use amavisd-new with SA, it will control those processes outside
of mailbox delivery.

> I would really like to put a bunch of rules into procmail too, for
> example: if is sees the word viagra anywhere in the email, it is spam,
> there is no reason to go any further with it.

That would be trivial with a body_check (although they are generally slow).

I'm also quite positive that spamassassin can do ANY kind of full-text
scan, on any conditions.

>
> Is there anything else that could cause a soft_bounce?
>

Don't accept mail you cannot deliver.
That's Rule #1 of spam prevention.

> What exactly is a backscatter problem?

Ehm. Backscatter is accepting mail from forged senders that bounces. You
send the bounce back to the forged address.

>
> If I do have a backscatter problem, what should the settings be?

Don't accept mail you cannot deliver.
Run strict sender verification if you want to avoid backscatter.

> I have several websites that I own that are in the top 1,000,000 sites
> based on traffic according to Alexa and although this server only
> hosts the email for like 30 some domains. I seem to get more than my
> fair share of spam. Right now, it is still manageable, but soon I will
> need a very high end dedicated mail server, if I don't change
> something. Personally, I feel my config is wrong and that is why I am
> asking some questions.
>

You are not using any HELO restrictions. That is generally not a good
idea, as my HELO checks catch more spam than all other restrictions
combined.
Also, system performance (or the lack thereof) is greatly influenced by
the ordering of your spam checking - do the most expensive tests last,
and as little as possible.

I use sane HELO and sender/recipient checks, and a single RBL - zen.
Anything that passes that far goes to amavisd-new with SA and clamav.
SA finds maybe one message in 20 or 30 to be spam.
I usually don't worry about it after that, but you can run the
daily-updated rules-du-jour ruleset in SA.

> I was also looking at something else and it looks like Postfix was
> built without pcre. Will I be able to use header checks without this?

You can still use regexp if that is compiled in, but the man page says
it is slower than pcre.

-- J.