On Wed, Aug 21, 2019 at 12:50:10PM +0200, Michiel van Es wrote:
> Hi!


> I am running a small VPS with 1 GB memory with Debian 10 amd64 with OpenSMTPD 
> (6.0.3) for private email and am looking what my best options are to limit 
> spam.
> I know there are some filters from Joerg 
> (https://www.mail-archive.com/misc@opensmtpd.org/msg04402.html) but am not 
> sure if these will work with my version of OpenSMTPD (I get a syntax error 
> when trying the old filter syntax).
> I can also relay everything to Amavisd/SpamAssassin but then email won???t 
> get blocked at the SMTP level, also ASSP or Rspamd is an option but they are 
> pretty resource intensive and will eat all my VPS memory ;) 
> What would be my best option?

6.0.3 is a fairly old version and there aren't many options available.

if you're forced to stick with that version, which suffers from at least
one denial of service as far as I know, your best option is to relay via
something like SpamPD so it can interface with SpamAssassin, but this is
not going to operate at SMTP level, it will happen at delivery time.

there will be no way of blocking at SMTP level before next release 6.6.0
that is going to happen in a few weeks, during October, so any option is
going to be post delivery: either as a custom MDA, or as a relay via for
some smtp proxy that will reinject in smtpd like the dkimproxy stuff.

your best option would really be to build from source 6.4.2: it will not
block at SMTP level but will provide mechanisms to ease interfacing with
spamassassin or rspamd for post-SMTP handling.

if you're not too easily scared, running the development version is good
too because it's very close to release now, very stable and will not get
much changes until October as I'm busy busy these days ;-)

> I like to do some DNSBL and SpamAsssassin checks if possible.
> My config if that is to any use to give some insights:
> pki server.pragmasec.nl certificate 
> "/etc/letsencrypt/live/pragmasec.nl/fullchain.pem"
> pki server.pragmasec.nl key "/etc/letsencrypt/live/pragmasec.nl/privkey.pem"
> listen on localhost
> listen on eth0 port 25 tls pki server.pragmasec.nl hostname 
> server.pragmasec.nl auth-optional
> listen on eth0 port 587 tls-require pki server.pragmasec.nl hostname 
> server.pragmasec.nl auth
> table vdomains file:/etc/mail/domains
> table vusers file:/etc/mail/vusers
> expire 7d
> limit mta inet4
> accept from any for domain <vdomains> virtual <vusers> deliver to mda 
> "/usr/lib/dovecot/dovecot-lda -f %{sender} -a %{rcpt}"
> accept from local for any relay
> Cheers,
> Michiel

Gilles Chehade                                                 @poolpOrg

https://www.poolp.org            patreon: https://www.patreon.com/gilles

Reply via email to