I previously used OpenBSD for this purpose for many years (back in the
3.x days, though). Previously used postfix from ports instead of
sendmail. Didn't need a heavy-duty anti-spam solution at the time.
Now I get approx 10k spam per day. Did I mention that I've upgraded my
anti-spam requirements since then? (*sigh*)
I've got a dual-Xeon box with two arrays on a 3Ware 7508 card. Disk
performance isn't stellar, but it's more than adequate for my purposes.
With 4x 2.4GHz cores and 4Gb of RAM, I don't _expect_ to run into any
hardware limits unless I do something really stupid.
The big question is: what MTA? sendmail(8) is in base, but I have a
particular (historical) dislike of sendmail. (Yes, I know it's gotten a
lot better over the years. This is my exaggerated application of the
"once burned, twice cautious" principle. I'm just _not_ going to use
sendmail.)
I know postfix fairly well, well enough to know how much of a P.I.T.A.
integrating SpamAssassin with it is.
I see two new things, though (well, one isn't really new, but I've never
used it): spamd(8) and smtpd(8).
The documentation on spamd(8) tells me that it integrates tightly with
pf(4), in such a way that it does NOT take over port 25 locally, it
merely seems that way to certain outside senders... right? It appears
that spamd(8) never proxies a connection onward to localhost:25, because
that has already been decided at the pf(4) layer, i.e. spamd by
definition never actually processes any mail in any way whatsoever?
The documentation on smtpd(8) tells me that is replaces sendmail(8).
Period. The documentation for smtpd(8) does not explain in detail how
to configure /etc/mailer.conf for complete replacement of sendmail. (I
assume I can figure that out, I can read the source.)
I want to plug SpamAssassin (or some similar tool) into the mail flow
for UCE grading and blocking. The sheer volume of spam means that I
need something more granular than pass/fail, I also need a confidence
rating that I can sort by and I know how to do that with SpamAssassin
and procmail.
I have a *ton* of honeypot email addresses that are *guaranteed* to
receive *only* spam.
I also have a lot of mail aliases in the old postfix/qmail/afs/cmu
"userid<separator>t...@domain" format. (e.g.
athompso+open...@athompso.net) I'm willing to deal with those as
individual alias entries if I have to, the MTA doesn't have to
understand that format.
This is getting long, so to wrap up:
1. I think I should run spamd, but I don't know whether to run it in
default or blacklisting mode.
2. I think I should run either smtpd(8) or postfix from ports, but I
don't know if one makes more sense than the other. (The IBM license
doesn't present any problem for this particular scenario.)
3. I think I'll have to use procmail for at-delivery-time pre-sorting
mail into spam folders based on confidence scores from a UCE tool.
4. I think I'll use SpamAssassin to give me spam scores (for use in #3).
I'm not asking to be flamed, I haven't run my own mail server for a
couple of years and things have changed a bit since then... but I am
hoping I've provided enough detail that someone might be able to spot
potential problems before I run into them.
Thank you,
-Adam Thompson
<athom...@athompso.net>
