From: kashani <kashani-list@badapple.net>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Filtering spam for a business address
Date: Tue, 18 Jul 2006 11:36:23 -0700 [thread overview]
Message-ID: <44BD2A27.5020709@badapple.net> (raw)
In-Reply-To: <49bf44f10607181103w49248252uc339fcbe533a9eca@mail.gmail.com>
Grant wrote:
>> Greylisting because it doesn't filter anything it merely delays
>> email with a temp 450 error. Real emails retry after an interval
>> and spam does not so it eliminates about 90-95%. Couple with
>> reasonable Postfix checks like making sure the sender domain
>> exists, etc and a mail client with internal filtering. With the
>> above in place I see maybe 1-2 actual spams in my inbox a week and
>> averaging about eight a day in my spam folder.
>>
>> Postgrey is in portage and it'll take you about almost two full
>> minutes to get setup and working. I suggest making the the greylist
>> time 30 seconds and the whitelist time 32 days.
>>
>> kashani
>
> That sounds really nice. Would you say sending back a 450 error is
> 100% reliable? Which config option makes postfix check to see if the
> sender domain exists. I can't find it in /etc/postfix/main.cf.
>
Nothing is 100% reliable and greylisting is no different. Somewhere
someone is running a mail server that retries every 4 hours instead of
the usual 5 minutes, 15 minutes, 60 minutes that most servers do. Mail
that shows up in 4-8 hours may be no different that if you have dropped
the mail in the first place. Additionally some things like Amazon
newsletters do not retry at all so you'd have to white-list them. And
I've seen two instances where email originates from a different server
each time it retires... which makes no sense at any level and seems
incredibly in efficient.
I'd keep an eye on things the first month you run it, but generally I
have had very few issues over the past two years.
You want to look at smptd_recipient_restrictions. I like the following,
but I would not blindly use them unless you are sure it's the behavior
you really want.
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
permit_sasl_authenticated,
check_policy_service inet:127.0.0.1:10030,
reject_unauth_destination,
permit
kashani
--
gentoo-user@gentoo.org mailing list
next prev parent reply other threads:[~2006-07-18 18:45 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-18 16:10 [gentoo-user] Filtering spam for a business address Grant
[not found] ` <44BD1CFF.2070306@badapple.net>
2006-07-18 18:03 ` Grant
2006-07-18 18:36 ` kashani [this message]
[not found] ` <44BD3CC2.2000501@mid.email-server.info>
2006-07-18 21:42 ` Preston Hagar
2006-07-19 0:04 ` Grant
2006-07-19 0:35 ` kashani
2006-07-20 19:08 ` Preston Hagar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44BD2A27.5020709@badapple.net \
--to=kashani-list@badapple.net \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox