Greylisting was the hangup. For whatever reason other settings changes were being ignored as long as postgrey was in the mix. I removed postgrey and the RBSL configuration I did a few months ago finally started to work. So there was likely something else at play but regardless - I removed Postgrey and my email started getting filtered properly.
A couple things to keep in mind: 1) I personally get 50-150 pieces of spam *per hour*. As the owner of a business it’s common to have your public email address getting slammed. 2) I have spam sorted by ManageSieve so that it’s organized and processed to limit the employee’s exposure. Eventually all spam over a certain score will be discarded, but not now. 3) I have, when I’m lucky, a few hours a week to devote to server operation and health. Plenty of time to check the dailies and apply updates and do a reboot; but when you have to focus on a server configuration problem that sucks. And it takes a while to clear out the garbage data from the real stuff. Now I get 10 emails a day that slip through the scanners instead of 300/day. I call that a win. This is a dedicated VM for email - if it takes more and more CPU cycles c'est la vie. That’s a small price to pay. My MySQL server has more issues than my mail server for resources — a fix that was delayed for months because of the email issue. — Ryan > On Jul 29, 2016, at 10:20 AM, sha...@shanew.net wrote: > > On the off chance that your decision to turn off greylisting was > related to Matus Uhlar's message that concludes with: > "if you run SA, there's no point in running greylisting anymore." > > That could be interpreted to read "if you run SA at all, there's no > need for greylisting at all", but I don't think that's what he meant. > I think the correct interpretation (at least the one that makes sense > to me) is "during processing of mail, it makes no sense to run > greylisting after SA does its thing". > > I would generalize that even more to say that greylisting should come > before any other content-based filtering (virus scanners, defanging, > etc.). > > On the other hand, you may have disabled greylisting because you're > tired of futzing with it and just want your mail to work right again, > in which case, nevermind. > > > > On Thu, 28 Jul 2016, Ryan Coleman wrote: > >> Doesn’t matter. I killed it. It’s gone. >> >> I have eliminated postgrey from the installation and things are back to >> “normal” >> >>> On Jul 28, 2016, at 12:53 PM, Bill Cole >>> <sausers-20150...@billmail.scconsult.com> wrote: >>> >>> On 19 Jul 2016, at 15:50, Ryan Coleman wrote: >>> >>>> strange... how do you run spamassassin from postfix? >>>> >>>> >>>> In master.cf like everyone else… >>> >>> Um, not so much... >>> >>>> smtp inet n - - - - smtpd >>>> -o content_filter=spamassassin >>> [...] >>>> spamassassin unix - n n - - pipe >>>> user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} >>>> ${recipient} >>> >>> FWIW, that's probably roughly the 5th most common way to integrate Postfix >>> and SpamAssassin. I'd guess that amavisd-new as a before-queue filter is >>> 1st, followed by amavisd-new as an after-queue filter, spamass-milter, and >>> MIMEDefang (also a milter). There are pros and cons for every approach but >>> a 'pipe' content_filter using spamc's '-e' option probably has the fewest >>> "pros" and has the problems described at >>> https://wiki.apache.org/spamassassin/IntegratedSpamdInPostfix. Also, you >>> probably want 'flags=Rq' in the pipe arguments and there is no '-f' >>> argument documented for spamc, so that should probably go unless you know >>> something the spamc man page doesn't... >>> >>> A possible cause of your trouble could be spamc not knowing the correct way >>> to talk to spamd. In that case, the '-e' option causes spamc to bypass >>> spamd and just pipe its input to the given command, exiting with a >>> successful return code unless that command fails. This seems to match what >>> you're describing. >> >> > > -- > Public key #7BBC68D9 at | Shane Williams > http://pgp.mit.edu/ | System Admin - UT CompSci > =----------------------------------+------------------------------- > All syllogisms contain three lines | sha...@shanew.net > Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew