I've been running postfix with policyd-weight and spamassassin for years on
a small hobby domain that I manage. I usually have a few hundred spam
messages in the spam folder after a few days.
Recently I found out about postscreen on this list. After reading about
it, I implemented it in pretty much the default configuration (copied
below.)
I run all mail through a filter script (copied below) that routes the mail
through spamassassin and then either labels it as spam and puts it in a
folder (/var/spool/spam), sends it to me for analysis or sends to the
intended recipient.
Since implementing postscreen my spam folder is empty and my daily message
count has been cut about in half. Is postscreen really that good???
# postconf -n | grep postscreen
postscreen_access_list = permit_mynetworks
postscreen_bare_newline_action = ignore
postscreen_bare_newline_enable = no
postscreen_bare_newline_ttl = 30d
postscreen_blacklist_action = ignore
postscreen_cache_cleanup_interval = 12h
postscreen_cache_map = btree:$data_directory/postscreen_cache
postscreen_cache_retention_time = 7d
postscreen_client_connection_count_limit =
$smtpd_client_connection_count_limit
postscreen_command_count_limit = 20
postscreen_command_filter =
postscreen_command_time_limit = ${stress?10}${stress:300}s
postscreen_disable_vrfy_command = $disable_vrfy_command
postscreen_discard_ehlo_keyword_address_maps =
$smtpd_discard_ehlo_keyword_address_maps
postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords
postscreen_dnsbl_action = ignore
postscreen_dnsbl_reply_map =
postscreen_dnsbl_sites = bl.spamcop.net, zen.spamhaus.org, dnsbl.sorbs.net
postscreen_dnsbl_threshold = 1
postscreen_dnsbl_ttl = 1h
postscreen_enforce_tls = $smtpd_enforce_tls
postscreen_expansion_filter = $smtpd_expansion_filter
postscreen_forbidden_commands = $smtpd_forbidden_commands
postscreen_greet_action = ignore
postscreen_greet_banner = $smtpd_banner
postscreen_greet_ttl = 1d
postscreen_greet_wait = ${stress?2}${stress:6}s
postscreen_helo_required = $smtpd_helo_required
postscreen_non_smtp_command_action = drop
postscreen_non_smtp_command_enable = no
postscreen_non_smtp_command_ttl = 30d
postscreen_pipelining_action = enforce
postscreen_pipelining_enable = no
postscreen_pipelining_ttl = 30d
postscreen_post_queue_limit = $default_process_limit
postscreen_pre_queue_limit = $default_process_limit
postscreen_reject_footer = $smtpd_reject_footer
postscreen_tls_security_level = $smtpd_tls_security_level
postscreen_use_tls = $smtpd_use_tls
postscreen_watchdog_timeout = 10s
postscreen_whitelist_interfaces = static:all
# cat /usr/local/bin/filter.sh
#!/bin/sh
# Simple shell-based filter. It is meant to be invoked as follows:
# /path/to/script -f sender recipients...
# Localize these.
INSPECT_DIR=/usr/local/filter
SPAMDIR=/var/spool/spam
SENDMAIL="/usr/sbin/sendmail -i"
SPAMASSASSIN=/usr/local/bin/spamassassin
SPAMLIMIT=6
SPAMCK=2
# Exit codes from <sysexits.h>
EX_TEMPFAIL=75
EX_UNAVAILABLE=69
# Start processing.
cd $INSPECT_DIR || {
echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }
# Clean up when done or when aborting.
trap "rm -f in.$$" 0 1 2 3 15
cat | $SPAMASSASSIN -x > out.$$ || \
{ echo Cannot save mail to file; exit $EX_TEMPFAIL; }
if egrep -q "^X-Spam-Level: \*{$SPAMLIMIT,}" < out.$$
then
mv out.$$ $SPAMDIR
elif egrep -q "^X-Spam-Level: \*{$SPAMCK,}" < out.$$
then
$SENDMAIL geek < out.$$
else
$SENDMAIL "$@" < out.$$
fi
exit $?
# grep filter /usr/local/etc/postfix/master.cf
smtp inet n - n - - smtpd -o
content_filter=filter:dummyr
filter unix - n n - 10 pipe
flags=Rq user=filter argv=/usr/local/bin/filter.sh -f ${sender} --
${recipient}
Paul Schmehl (g...@stovebolt.com)
The Stovebolt Geek
The Net's Oldest and Most Complete
Resource for Antique Chevy and GM Trucks
http://www.stovebolt.com
