Hi, On Fri, 24.04.2009 at 08:47:00 -0400, Mario Vega <mario.j.v...@gmail.com> wrote: > The two internal servers use several different domains and accept a > variety of different name formats. In addition, some users have one or > more aliases. Furthermore, only the primary address is published in > LDAP. One server serves approximately 1k users and the other > approximately 20.
would it be possible to list all users in LDAP? Then you can "easily" verify against that list. > day, 115k of which are rejected as invalid. Does anyone have experience > with scam-backscatter or are there other solutions we should be > investigating? If you are able to weed out illegitimate recipients, this may go a long way to reduce spam, or at least it did for us. Looking the email address up in LDAP is *much* cheaper than doing a call-out to the backend server(s). Greylisting helps us, too, but seems to "cost" mail from broken servers (there are imho more than enough of these out there). > running Postfix, amavis, clamav and spamassassin. Due to the nature of > the store and scan system, we've noticed a tendency for the system to > become swamped under heavy load and take several hours to clear out. Imho, the bulk of the load should be consumed by spamassassin which could esp. lead to trashing if you can't restrict the parallelism of spamassassin runs. FWIW, I think that Postfix should generally be preferable to sendmail, and you also seem to have more Postfix experience already. > Furthermore, we're quarantining viruses and and obvious spam in the > neighborhood of 89k a day, which I would rather leave at the door. This you can only do if you don't accept the email, then scan and/or quarantine it. To do this, there are several possibilities, but I suggest taking a look at this program: http://smtpd.develooper.com/ You need to keep the connection with your clients open as long as you have decided on the fate of any given message, then you can emit a 5xx code at anytime, thus leaving part of the burden at the sender's side. > The OpenBSD system would be running spamd, the base sendmail, > smtp-vilter, clamav and spamassassin. Imho, both clamav and spamassassin are very heavyweight. If you can devise heuristics to weed out messages early, using these before feeding these two programs should reduce your load. Kind regards, --Toni++
