>> Some of the best and easiest things you can enable to block spam are >> outside of SpamAssassin at your MTA (sendmail, postfix, etc.). >> - Enable RBLs and DBLs. zen.spamhaus.org is the best way to block the >> majority of junk before it reaches SA. Just make sure you are below their >> free threshold limit. One important way to do this is to make sure your >> SA server isn't pointed to an Internet caching DNS server that would join >> your queries with others. Install a local caching DNS server that does not >> forward to another caching DNS server and change /etc/resolv.conf to use >> 127.0.0.1.
>Well that sounds like a must-have feature to me. But I just can't >bring myself to install a caching DNS server and run everything >through localhost. This is why software should be librarified. What OS are you running? It's normally a very simple install to get a caching DNS server running locally since the default configurations usually come ready to do exactly what you need in this case. Google "caching dns server howto" plus your OS and you will see it's pretty easy. You can try using RBLs with your existing DNS server configuration. If it's a dedicated DNS server for your network, then you have a good chance of staying below the free thresholds for a low volume server. If it's a major ISP's DNS server then the odds will be against you. http://www.spamhaus.org/faq/section/DNSBL%20Usage#366 Try "dig 138.178.203.192.zen.spamhaus.org" or nslookup to see if you get back a response of 127.0.0.4. If so, you should be good. >> - Enable DNS checks: >> Make sure the sending mail server's SMTP HELO is a valid domain. >> Make sure the sender address (MAIL FROM) is a valid domain. >> Make sure the sending mail server has a PTR record. Some can go farther >> with >> this one and require the PTR match the SMTP HELO for FCrDNS but there are >> many legit mail servers out there that don't have this setup properly so I >> can >> only check to make sure a PTR record exists. Later in SA I add points for >> rule >> RDNS_NONE that penalizes for incorrect FCrDNS. >Is this done with postfix rules or SA rules? Where can I learn more >about this? Doesn't SA already do this stuff? This should be done in your MTA if possible before it's handed off to SA. Some of this information is exposed to SA in headers but some isn't. High volume servers need this logic at the MTA to keep processing times low. Only a small percentage of mail makes it to SA in my environment and most of that is going to be clean. In a low volume environment, you can send most of the mail through SA and still keep the processing times down low. My MailScanner batches average about 5 to 10 messages and complete in 4 to 5 seconds normally with ClamAV and Eset Nod32 AV scanners.
