Postfix Users (and Outlook users)

[Dhawal Doshy]

Peter Russell wrote:
> Postfix:
> I was hoping that since there is so many Postfix users using MS we could 
> get an updated discussion on what everyone is doing at the MTA level 
> with regards to
> a) stopping spam at the MTA

1. mime_header_checks: Block extensions you anyways reject at the MS level.
2. body_checks: Great for rejecting viruses and keywords
3. helo_required: Must have!
4. helo_checks: reject_invalid_hostname, reject_non_fqdn_hostname, 
warn_if_reject reject_unknown_hostname
5. public and private RBLs: spamhaus, spamcop, dsbl

See securitysage.com for more details. Keep in mind that some postfix 
checks can cause quite a few FPs.

> b) 3rd party anti spam defences - greylisting?

policyd-weight + selective greylisting (more below) + throttling (policyd)

> c) specific configs - like the example in the wiki - a dual postfix 
> instance that splits multi recipients messages

standard hold method.

> d) tip and tricks - what have you added to your config that you think 
> could benefit others.

We use body_checks + mime_header_checks to reject some viruses and known 
spam keywords. We also are testing out dk+dkim with postfix.

> I will happily collate the discussion and add it to the wiki.
> 
> The reason i am asking is because we are receiving so much more spam, so 
> many more complaints from users and i want to consider some of the 
> options available at the MTA - eg a postfix version of greet-pause 
> sounds good because i dont think we could go for greylisting, at least 
> not at the minute.

See this for selective greylisting.
http://www.stahl.bau.tu-bs.de/~hildeb/postfix/postfix_greylisting.shtml
http://www.gabacho-net.jp/en/anti-spam/anti-spam-system.html

OR use the standard regexps that are distributed with sqlgrey.

> Many thanks and regards
> Pete

- dhawal