On 2011-05-21, Stroller <strol...@stellar.eclipse.co.uk> wrote: > > On 21/5/2011, at 5:13am, Pandu Poluan wrote: >> ... >> Due to the increase of spam/phishing emails received by my office, I >> decided to explore the idea of implementing a spamfiltering 'frontend' >> in front of my email server. >> >> Here's how I plan to do it: >> >> fetchmail (G) --> postfix (G) --> amavisd+spamassassin+database (G) >> --> postfix (G) --> current email back-end (WS) --> clients (W) >> >> (G) = the single Gentoo server working as mailfilter >> (WS) = mail server on Windows Server >> (W) = various Windows clients (XP and 7) >> >> I need fetchmail because currently we still use a hosting company, at >> least until August when we host everything on our own. Then, we'll >> drop fetchmail and expose postfix for the world to deliver the mails >> to. > > You shouldn't need amavisd / spamassassin, once you're exposing Postfix to > the outside world, if you configure it well. > > You should do things like checking that the DNS name matches the helo > response given by the server trying to send you mail (this alone filters out > a good deal of spam) and be able to use things like DKIM, SPF and even > SpamHaus. > > http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail > http://en.wikipedia.org/wiki/Sender_Policy_Framework > http://www.spamhaus.org/ > > (SpamHaus says "free for personal use upto x,000 messages per period", but > they don't mind business use as long as you're under that limit; still it's > cheap, once you've used the free account to prove the service) > > Using fetchmail you're unable to reject mail in the same way, so you have to > use stuff like amavisd / spamassassin. > > Lots of discussion of this on the Postfix mailing list. You should > definitely read that for a week or two before deploying. > > Stroller.
Well, we've been receiving obvious spams from @yahoo.com, @gmail.com, and these are valid addresses (apparently people who got phished). Plus, the Gentoo document I linked earlier also linked to a document that considers RBLs as... not quite effective. In addition, if I rely only on DKIM+SPF+RBL, there will be collateral damage, i.e., false positives. For business reasons, we'd rather have false negatives (one or two spams got through every week) rather than false positives. In addition, a cursory check on our clients indicates that only a few percentage of them implemented SPF. Much less DKIM. Due to the above reasons, I need a spamfiltering solution that relies on analyzing the messages themselves. Rgds, -- Pandu E Poluan - IT Optimizer My website: http://pandu.poluan.info/