[TriLUG] postfix spam blocking

Jim Ray jim at neuse.net
Fri Dec 16 08:30:44 EST 2011


I've tried several products and plan to go back to the one that works
best for us, Barracuda Spam Virus Firewall. It uses a combination of
techniques yet with proper tuning effectively blocks a measured 99% of
spam plus provides end user quarantine. Prepare to break out your
wallet, though, because even though they use open source products under
the hood, they package it together and charge $1200/year in services.
They now offer flavor that runs on Vmware ESXi as opposed to selling the
software on pizza box server that sounds like helicopter from Vietnam
era.

Regards,

Jim Ray, President

2 Davis Drive, PO Box 13169
Research Triangle Park, NC 27709

main:	919-838-1672
cell:	919-606-1772
skype:	neusedotnet
email:	jim at neuse.net
web:	www.NeuseRiverNetworks.com

ONE(tm) Plan to put IT maintenance behind the scenes, after-hours and
out of your way since 1997 with Service Representatives Available
24/7/365

Customer Service/Support: Send email to support at neuse.net or log on to
our web portal http://support.neuse.net



-----Original Message-----
From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org] On
Behalf Of David Black
Sent: Friday, December 16, 2011 8:06 AM
To: Triangle Linux Users Group General Discussion
Subject: Re: [TriLUG] postfix spam blocking

I experimented with client and recipient restrictions a while ago and
found the client restrictions sometimes blocked too early.  The
connecting MX didn't get enough of a chance to say much about who it was
and what it wanted, before being disconnected.  If the filters were 100%
accurate it'd be different, but the free RBLs, for instance, definitely
aren't.

Better to load up recipient restrictions with a nice set of filters,
able to act on all the info gathered after the HELO.   The author of
this page seems to agree:
http://www.akadia.com/services/postfix_uce.html

Also, postgrey works but does delay emails from new sources - the
MTA/to/from triad, and there's the odd MTA that doesn't know how to
correctly retry or takes a very long time to do so.  Many services use a
different from address every time, forcing a delay for *every* email.  I
used to use it and don't any more, because of the occasional legitimate
email that never arrived and more delays than expected.  At least in a
business setting, I've consistently found it's better to let a bit more
spam through and not block legit emails, than have the occasional - and
very important to the CEO - email just disappear.   IMHO today people in
general depend too heavily on email.

These days I use spamassassin on the MXs to classify but not block.  The
decision to block/not block is done at the local mailbox delivery, and
the end user at least has an opportunity to fish an email out of their
junk folder.

Dave

----- Original Message -----
> When setting up postfix to help curb spam, which is more 
> correct/effective when specifically addressing RBLs?  OR can this be 
> done in both places in main.cf to enhance the protection:
> 
> smtpd_recipient_restrictions = reject_rbl_client zen.spamhaus.org
> 
> OR
> 
> smtpd_client_restrictions = reject_rbl_client zen.spamhaus.org
> 
> OR
> 
> both?
> 
> OSX Server puts the setting in the smtpd_client_restrictions via the 
> gui admin, however some other linux related how-to docs say to use 
> smtpd_recipient_restrictions.
> 
> thanks,
> David
> 
> http://www.facebook.com/notollson540
> --
> This message was sent to: David Black <dave at jamsoft.com> To 
> unsubscribe, send a blank message to trilug-leave at trilug.org from that

> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web	:
> http://www.trilug.org/mailman/options/trilug/dave%40jamsoft.com
> TriLUG FAQ          :
> http://www.trilug.org/wiki/Frequently_Asked_Questions
> 
--
This message was sent to: Jim Ray <jim at neuse.net> To unsubscribe, send a
blank message to trilug-leave at trilug.org from that address.
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
Unsubscribe or edit options on the web	:
http://www.trilug.org/mailman/options/trilug/jim%40neuse.net
TriLUG FAQ          :
http://www.trilug.org/wiki/Frequently_Asked_Questions



More information about the TriLUG mailing list