> On 21 Aug 2019, at 13:58, Gilles Chehade <gil...@poolp.org> wrote:
> On Wed, Aug 21, 2019 at 12:50:10PM +0200, Michiel van Es wrote:
>> Hi!
> Hi,
>> I am running a small VPS with 1 GB memory with Debian 10 amd64 with 
>> OpenSMTPD (6.0.3) for private email and am looking what my best options are 
>> to limit spam.
>> I know there are some filters from Joerg 
>> (https://www.mail-archive.com/misc@opensmtpd.org/msg04402.html) but am not 
>> sure if these will work with my version of OpenSMTPD (I get a syntax error 
>> when trying the old filter syntax).
>> I can also relay everything to Amavisd/SpamAssassin but then email won???t 
>> get blocked at the SMTP level, also ASSP or Rspamd is an option but they are 
>> pretty resource intensive and will eat all my VPS memory ;) 
>> What would be my best option?
> 6.0.3 is a fairly old version and there aren't many options available.
> if you're forced to stick with that version, which suffers from at least
> one denial of service as far as I know, your best option is to relay via
> something like SpamPD so it can interface with SpamAssassin, but this is
> not going to operate at SMTP level, it will happen at delivery time.

That’s interesting since Debian has a good track record of back porting 
security fixes in their stable packages.
I will ask the maintainer if he applied the patch or upgraded the package to 
latest version.
For now I use spampd which works fine for bayesian spam detection.

> there will be no way of blocking at SMTP level before next release 6.6.0
> that is going to happen in a few weeks, during October, so any option is
> going to be post delivery: either as a custom MDA, or as a relay via for
> some smtp proxy that will reinject in smtpd like the dkimproxy stuff.

I will wait for 6.6.0 ;)

> your best option would really be to build from source 6.4.2: it will not
> block at SMTP level but will provide mechanisms to ease interfacing with
> spamassassin or rspamd for post-SMTP handling.
> if you're not too easily scared, running the development version is good
> too because it's very close to release now, very stable and will not get
> much changes until October as I'm busy busy these days ;-)

Might give that a try, thanks :) 
>> I like to do some DNSBL and SpamAsssassin checks if possible.
>> My config if that is to any use to give some insights:
>> pki server.pragmasec.nl certificate 
>> "/etc/letsencrypt/live/pragmasec.nl/fullchain.pem"
>> pki server.pragmasec.nl key "/etc/letsencrypt/live/pragmasec.nl/privkey.pem"
>> listen on localhost
>> listen on eth0 port 25 tls pki server.pragmasec.nl hostname 
>> server.pragmasec.nl auth-optional
>> listen on eth0 port 587 tls-require pki server.pragmasec.nl hostname 
>> server.pragmasec.nl auth
>> table vdomains file:/etc/mail/domains
>> table vusers file:/etc/mail/vusers
>> expire 7d
>> limit mta inet4
>> accept from any for domain <vdomains> virtual <vusers> deliver to mda 
>> "/usr/lib/dovecot/dovecot-lda -f %{sender} -a %{rcpt}"
>> accept from local for any relay
>> Cheers,
>> Michiel
> -- 
> Gilles Chehade                                                       @poolpOrg
> https://www.poolp.org            patreon: https://www.patreon.com/gilles

Reply via email to