John Heim wrote, at 08/14/2008 12:43 PM:
Exactly! Except that the reason our anti-spam measures are ineffective
is that the addresses are aliased. We have 2 MTAs running postfix with
pre-queue spam filters and then a delivery machine running postfix,
spamassassin, & dovecot. The pre-queue spam filter gets about 50% of
incoming spam. Of course, that means that about 50% gets through. On the
destination machine, we call spamc via a procmail rule. That would
normally filter almost all the rest into the user's "spam" folder. But
the problem is that procmail is never run if the address has an alias.
The delivery machine has much stricter spam settings than the MTAs. But
I am worried about false positives on the MTAs. If athere is a false
positive on the destination machine, it's just put into the user's spam
folder. On the MTAs, it's rejected.
Don't rely solely on SpamAssassin. There are other techniques that are
less expensive and can eliminate obvious spam with virtually no false
positives (and others that may have an acceptable level of false
positives, though YMMV).
Note, however, that there may be equivalents available in SpamAssassin,
where you can tweak the scores to a degree you find acceptable. If you
already have the hardware to run SA in a before-queue filter, this may
be worth investigating. On the other hand, if you're under heavy load,
the other techniques can help reduce SA's overhead.
