From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QNoqH-0005qJ-FP for garchives@archives.gentoo.org; Sat, 21 May 2011 16:15:53 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 710BF1C085; Sat, 21 May 2011 16:14:23 +0000 (UTC) Received: from svr-us4.tirtonadi.com (unknown [69.65.43.212]) by pigeon.gentoo.org (Postfix) with ESMTP id 48E401C085 for ; Sat, 21 May 2011 16:14:23 +0000 (UTC) Received: from mail-iy0-f181.google.com ([209.85.210.181]) by svr-us4.tirtonadi.com with esmtpsa (TLSv1:RC4-SHA:128) (Exim 4.69) (envelope-from ) id 1QNoor-0030hS-J0 for gentoo-user@lists.gentoo.org; Sat, 21 May 2011 23:14:25 +0700 Received: by iyb26 with SMTP id 26so4942196iyb.40 for ; Sat, 21 May 2011 09:14:20 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.42.59.144 with SMTP id m16mr6536202ich.440.1305994460669; Sat, 21 May 2011 09:14:20 -0700 (PDT) Received: by 10.42.221.202 with HTTP; Sat, 21 May 2011 09:14:20 -0700 (PDT) In-Reply-To: <68EB6446-1AA2-499A-8EEB-E86ACBAA7D42@stellar.eclipse.co.uk> References: <68EB6446-1AA2-499A-8EEB-E86ACBAA7D42@stellar.eclipse.co.uk> Date: Sat, 21 May 2011 23:14:20 +0700 Message-ID: Subject: Re: [gentoo-user] RFC: Implementing a spamfiltering frontend From: Pandu Poluan To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - svr-us4.tirtonadi.com X-AntiAbuse: Original Domain - lists.gentoo.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - poluan.info X-Archives-Salt: X-Archives-Hash: e62a1fc4a367d5b754643a3bde05df10 On 2011-05-21, Stroller wrote: > > On 21/5/2011, at 5:13am, Pandu Poluan wrote: >> ... >> Due to the increase of spam/phishing emails received by my office, I >> decided to explore the idea of implementing a spamfiltering 'frontend' >> in front of my email server. >> >> Here's how I plan to do it: >> >> fetchmail (G) --> postfix (G) --> amavisd+spamassassin+database (G) >> --> postfix (G) --> current email back-end (WS) --> clients (W) >> >> (G) = the single Gentoo server working as mailfilter >> (WS) = mail server on Windows Server >> (W) = various Windows clients (XP and 7) >> >> I need fetchmail because currently we still use a hosting company, at >> least until August when we host everything on our own. Then, we'll >> drop fetchmail and expose postfix for the world to deliver the mails >> to. > > You shouldn't need amavisd / spamassassin, once you're exposing Postfix to > the outside world, if you configure it well. > > You should do things like checking that the DNS name matches the helo > response given by the server trying to send you mail (this alone filters out > a good deal of spam) and be able to use things like DKIM, SPF and even > SpamHaus. > > http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail > http://en.wikipedia.org/wiki/Sender_Policy_Framework > http://www.spamhaus.org/ > > (SpamHaus says "free for personal use upto x,000 messages per period", but > they don't mind business use as long as you're under that limit; still it's > cheap, once you've used the free account to prove the service) > > Using fetchmail you're unable to reject mail in the same way, so you have to > use stuff like amavisd / spamassassin. > > Lots of discussion of this on the Postfix mailing list. You should > definitely read that for a week or two before deploying. > > Stroller. Well, we've been receiving obvious spams from @yahoo.com, @gmail.com, and these are valid addresses (apparently people who got phished). Plus, the Gentoo document I linked earlier also linked to a document that considers RBLs as... not quite effective. In addition, if I rely only on DKIM+SPF+RBL, there will be collateral damage, i.e., false positives. For business reasons, we'd rather have false negatives (one or two spams got through every week) rather than false positives. In addition, a cursory check on our clients indicates that only a few percentage of them implemented SPF. Much less DKIM. Due to the above reasons, I need a spamfiltering solution that relies on analyzing the messages themselves. Rgds, -- Pandu E Poluan - IT Optimizer My website: http://pandu.poluan.info/