Greylisting was the hangup. For whatever reason other settings changes were
being ignored as long as postgrey was in the mix. I removed postgrey and the
RBSL configuration I did a few months ago finally started to work. So there was
likely something else at play but regardless - I removed Postgrey and my email
started getting filtered properly.
A couple things to keep in mind: 1) I personally get 50-150 pieces of spam *per
hour*. As the owner of a business it’s common to have your public email address
getting slammed.
2) I have spam sorted by ManageSieve so that it’s organized and processed to
limit the employee’s exposure. Eventually all spam over a certain score will be
discarded, but not now.
3) I have, when I’m lucky, a few hours a week to devote to server operation and
health. Plenty of time to check the dailies and apply updates and do a reboot;
but when you have to focus on a server configuration problem that sucks. And it
takes a while to clear out the garbage data from the real stuff.
Now I get 10 emails a day that slip through the scanners instead of 300/day.
I call that a win. This is a dedicated VM for email - if it takes more and more
CPU cycles c'est la vie. That’s a small price to pay. My MySQL server has more
issues than my mail server for resources — a fix that was delayed for months
because of the email issue.
—
Ryan
> On Jul 29, 2016, at 10:20 AM, sha...@shanew.net wrote:
>
> On the off chance that your decision to turn off greylisting was
> related to Matus Uhlar's message that concludes with:
> "if you run SA, there's no point in running greylisting anymore."
>
> That could be interpreted to read "if you run SA at all, there's no
> need for greylisting at all", but I don't think that's what he meant.
> I think the correct interpretation (at least the one that makes sense
> to me) is "during processing of mail, it makes no sense to run
> greylisting after SA does its thing".
>
> I would generalize that even more to say that greylisting should come
> before any other content-based filtering (virus scanners, defanging,
> etc.).
>
> On the other hand, you may have disabled greylisting because you're
> tired of futzing with it and just want your mail to work right again,
> in which case, nevermind.
>
>
>
> On Thu, 28 Jul 2016, Ryan Coleman wrote:
>
>> Doesn’t matter. I killed it. It’s gone.
>>
>> I have eliminated postgrey from the installation and things are back to
>> “normal”
>>
>>> On Jul 28, 2016, at 12:53 PM, Bill Cole
>>> <sausers-20150...@billmail.scconsult.com> wrote:
>>>
>>> On 19 Jul 2016, at 15:50, Ryan Coleman wrote:
>>>
>>>> strange... how do you run spamassassin from postfix?
>>>>
>>>>
>>>> In master.cf like everyone else…
>>>
>>> Um, not so much...
>>>
>>>> smtp inet n - - - - smtpd
>>>> -o content_filter=spamassassin
>>> [...]
>>>> spamassassin unix - n n - - pipe
>>>> user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender}
>>>> ${recipient}
>>>
>>> FWIW, that's probably roughly the 5th most common way to integrate Postfix
>>> and SpamAssassin. I'd guess that amavisd-new as a before-queue filter is
>>> 1st, followed by amavisd-new as an after-queue filter, spamass-milter, and
>>> MIMEDefang (also a milter). There are pros and cons for every approach but
>>> a 'pipe' content_filter using spamc's '-e' option probably has the fewest
>>> "pros" and has the problems described at
>>> https://wiki.apache.org/spamassassin/IntegratedSpamdInPostfix. Also, you
>>> probably want 'flags=Rq' in the pipe arguments and there is no '-f'
>>> argument documented for spamc, so that should probably go unless you know
>>> something the spamc man page doesn't...
>>>
>>> A possible cause of your trouble could be spamc not knowing the correct way
>>> to talk to spamd. In that case, the '-e' option causes spamc to bypass
>>> spamd and just pipe its input to the given command, exiting with a
>>> successful return code unless that command fails. This seems to match what
>>> you're describing.
>>
>>
>
> --
> Public key #7BBC68D9 at | Shane Williams
> http://pgp.mit.edu/ | System Admin - UT CompSci
> =----------------------------------+-------------------------------
> All syllogisms contain three lines | sha...@shanew.net
> Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew
