On 21/5/2011, at 5:13am, Pandu Poluan wrote: > ... > Due to the increase of spam/phishing emails received by my office, I > decided to explore the idea of implementing a spamfiltering 'frontend' > in front of my email server. > > Here's how I plan to do it: > > fetchmail (G) --> postfix (G) --> amavisd+spamassassin+database (G) > --> postfix (G) --> current email back-end (WS) --> clients (W) > > (G) = the single Gentoo server working as mailfilter > (WS) = mail server on Windows Server > (W) = various Windows clients (XP and 7) > > I need fetchmail because currently we still use a hosting company, at > least until August when we host everything on our own. Then, we'll > drop fetchmail and expose postfix for the world to deliver the mails > to.
You shouldn't need amavisd / spamassassin, once you're exposing Postfix to the outside world, if you configure it well. You should do things like checking that the DNS name matches the helo response given by the server trying to send you mail (this alone filters out a good deal of spam) and be able to use things like DKIM, SPF and even SpamHaus. http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail http://en.wikipedia.org/wiki/Sender_Policy_Framework http://www.spamhaus.org/ (SpamHaus says "free for personal use upto x,000 messages per period", but they don't mind business use as long as you're under that limit; still it's cheap, once you've used the free account to prove the service) Using fetchmail you're unable to reject mail in the same way, so you have to use stuff like amavisd / spamassassin. Lots of discussion of this on the Postfix mailing list. You should definitely read that for a week or two before deploying. Stroller.
