Lance Levsen wrote:
> smtpd_recipient_restrictions = permit_sasl_authenticated,
> permit_mynetworks, reject_unauth_destination
>
> work nicely. Ignore the sasl unless you use SASL. I also went to:
>
> smtpd_helo_restrictions = permit_mynetworks, reject_unknown_hostname,
> reject_non_fqdn_hostname, reject_invalid_hostname
>
> But that caused too many problems with the home and vpn users. But it
> was _very_ effective.
I have a superset of that config. My goal is to eliminate as much spam
as possible before it hits a disk.
In an ideal world, I could have my system pause and do a much more
thorouch check on the email (get the body text, then 400 error message
it with greylisting, do extensive analysis + online checks with other
systems that record spam, then know whether to 300 or 500 it the next
time the spammer connects).
Greylisting really helped out as well, although enough spammers use
compromised real email servers that I still get spam.
> Aside from that, spamassassin + amavis works nicely for filtered spam.
> It still goes through the mail server, but doesn't go to the end user.
That's the situation I'm trying to avoid. DSpam is wickedly accurate
with spam, but the resources DSpam occupies are non-trivial (Bayes nets
require huge databases; about 9gb of server resources + gobs of RAM and
CPU time are dedicated to spam classification!). I'd much rather my
heard earned and paid for CPU time, RAM, and disk space be applied to my
projects, instead of spam.
Received on Sat May 13 13:04:10 2006
This archive was generated by hypermail 2.1.8 : Fri Sep 08 2006 - 23:26:38 CST