Hey All,
Thanks to all for the suggestions so far. I've enabled RBL looks on my
MX gateways using the the tips so far. I have to report an overwhelming
success. Nearly all of my spam is blocked in the SMTP transaction.
Very few spams make it past smtp and spamassassin cleans up the rest.
I'd like to ask for a few more tips. Here's my config:
smtpd_helo_restrictions =
permit_mynetworks,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
permit
smtpd_client_restrictions =
permit_mynetworks,
reject_non_fqdn_hostname,
permit
smtpd_sender_restrictions =
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit
smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_destination,
reject_unlisted_recipient,
reject_non_fqdn_recipient,
reject_rbl_client zen.spamhaus.org,
permit
smtpd_data_restrictions =
permit_mynetworks,
reject_unauth_pipelining,
permit
Here are the questions I have:
1) I have permit_mynetworks defined in each of the restrictions. I'm
not entirely sure how these are parsed so I put them in all. Should I
have it in all of them or just pick one.
2) I stuck a reject_unlisted_recipient in my recipient restrictions to
cut down on unneeded RBL lookups on non-existant addresses. Any other
recommendations to keep from going out to the RBL servers excessively?
3) I'd like to turn off rbl lookups on a few specific recipient
addresses. Specifically, I'd like to allow e-mail to postmaster@ and to
abuse@ regardless of who sends it. Any suggestions on a good way to do
this? I'm thinking of using check_recipient_access.
4) I'm using both Pyzor and Razor in my spamassassin config. Are there
any other recommended RBL I can consider for use either in postfix or
spamassassin?
Thanks for all the great suggestions!
-Chris