Roman Medina-Heigl Hernandez wrote:
Noel Jones escribió:
You are (again) right, perhaps spamassasin is better for performing this kind of check... with the added bonus that filtered mail is not dropped, but quarantined (so you could always rescue a false negative). Do you know "how well" does it (SA) perform at blocking this spam case (src dom=dst dom) while recognizing "legit" (but nasty) notices? For the very same reason, isn't it better to let Spamassassin make "intelligent" SPF-checks instead of using some other policy server with Postfix?
The whole idea of SpamAssassin scoring is that the spamminess of of messages comes from lots of little things - some positive scores, some negative scores - that usually adds up to something that accurately represents whether a message is spam or not. No one rule (unless it's a rare 100% guaranteed spam indicator) ever decides on its own that a message is spam.
While a message might exhibit the From=To and SPF errors described above, most legit mail still wouldn't trigger enough points to get into the "likely spam" range.
SpamAssassin itself isn't 100% accurate, but it does fairly well with a very wide range of junk. It's a good tool to use, but you need more than one tool. Selective RBLs (zen.spamhaus.org is highly recommended), ClamAV with the Sanesecurity add-on signatures, and careful postfix checks can reject a lot of spam before SpamAssassin ever sees it.
It's also important to note that the settings you use depend on your user base and your goals - there is no one-size-fits-all solution, which is why you'll never see such a thing posted here. Your best bet is to lurk on the list for a while or browse the archives to learn what might work well in your situation.
-- Noel Jones
