10

After some discussions with colleagues and the relevant depts. in my office, I have come to the conclusion that for my Postfix server, I must implement a before-queue filtering. The reason is that with an after-queue filtering, the email would be lost, and the sender (in case it's a false positive) will never realize that.

That is unacceptable for my company; if the falsely accused sender gets a notification, we want him/her to try re-sending the email through other channels. If he/she doesn't get a notification, he/she won't attempt a re-send.

Now, after perusing the various docs on SpamAssassin, I happened upon more than one way to implement SpamAssassin before-queue filtering. E.g.,

  • SA + amavisd-new (run as smtpd proxy)
  • SA + amavisd-new + amavisd-milter
  • SA + MIMEdefang (run as milter)
  • SA + spampd (run as smtpd proxy)
  • SA + milter-spamd

and I'm sure you may also find other ways to implement it.

Which one(s) of the above is (/are) recommended?

Do you know of its pros/cons? Or perhaps do you have something better in mind?

Alex.K.
  • 167
  • 2
  • 2
  • 8
pepoluan
  • 4,918
  • 3
  • 43
  • 71

2 Answers2

5

None of them! Use just amavisd-new (with SA, without virus scanner!!) as before-queue-filter.

You do it as described here: http://www.postfix.org/SMTPD_PROXY_README.html Even the pros and cons are extensively discussed there.

Before you start you should have a look at http://www.postfix.org/POSTSCREEN_README.html to just drop 70% of all Spam before it gets to amavis.

After that you look at http://www.policyd-weight.org/ to drop another 10%.

When you do before-queue filtering, use a well-suited (tested!) amount of amavis worker threads. And put the tmp directory of amavis into a RAM-disk (described at the amavisd-new website). Without much tuning it then filters 20 mails per second. Tuning will get you more out of it, but do you really have that high traffic (assuming only 20% left)?

mailq
  • 16,882
  • 2
  • 36
  • 66
  • 1
    Okay, technically your suggestion would be number one, but I did goof up when typing my question >.< __ I personally like your approach (that's why I put it topmost on the list), but am worried due to the amavisd-new guys' warning in the "Tips and FAQ" section of their homepage, and I quote: _The Postfix Before-Queue Content Filter setup, also known as smtpd_proxy setup, is **not a supported or recommended setup** with amavisd-new, which is not a transparent SMTP proxy by design._ – pepoluan Dec 09 '11 at 18:46
  • @pepoluan Hey, you said you want it. The concerns are valid for milters, too. And 20 mails per second is a low traffic site, but could be enough for you. This is why you should block much before the before-queue filter jumps in. Even sender-dependent- or recipient-dependent filtering can lower the load. See policy banks! But this is the tuning I mentioned. – mailq Dec 09 '11 at 19:16
  • haha, don't get me wrong. It's just... they repeated "not recommended" twice there, and that gives me a pause. I just need someone to nudge me forward. Anyways, thanks for your answer! I'll mark your answer as 'the' :) – pepoluan Dec 09 '11 at 19:19
  • Just curious: Why amavisd-new, why not MIMEdefang? – pepoluan Dec 09 '11 at 19:19
  • This is why your question is off-topic. It solicits opinion. To use amavisd-new is my opinion. – mailq Dec 09 '11 at 19:26
0

This question is quite old. But for people like myself who stumble across it. Amavisd-New has this option:

$final_spam_destiny       = D_DISCARD;

So just change the above default to:

$final_spam_destiny       = D_BOUNCE;

And all email which is considered fail spam will bounce instead of being discarded. However keep in mind if it fails hard it's more than likely a false email which will cause bounces back and forth.

Shinrai
  • 109
  • 1
  • Bouncing back and forth is impossible with sensibly configured mail servers. Best you can do is to ensure that you don't accept the mail in the first place. Rather you should bounce it by replying with an error during the SMTP session. If you want to apply a full spam filtering algorithm, the point during the SMTP session to apply such bouncing would be at the end of `DATA`. – kasperd Jun 14 '14 at 10:18