----- Original Message -----
From: "Charles Marcus" <[EMAIL PROTECTED]>
To: "John Heim" <[EMAIL PROTECTED]>
Cc: <postfix-users@postfix.org>
Sent: Thursday, August 14, 2008 12:17 PM
Subject: Re: mail aliases & spam
On 8/14/2008, John Heim ([EMAIL PROTECTED]) wrote:
Exactly! Except that the reason our anti-spam measures are
ineffective is that the addresses are aliased.
?? What difference does an alias make? Either a recipient is valid or
not...
We filter spam bvia a procmail rule that runs it through spamc. With a mail
alias, procmail is never run. It appears that if the user creates a .forward
file, it has the same effect.
We have 2 MTAs running postfix with pre-queue spam filters and then a
delivery machine running postfix, spamassassin, & dovecot. The
pre-queue spam filter gets about 50% of incoming spam. Of course,
that means that about 50% gets through.
Thats ridiculous... ;)
A properly configured postfix ALL BY ITSELF should stop 90+% with
virtually ZERO false positives...
Keep in mind that that's just the pre-queue filter on the mta. I'm basing my
estimate on the output from pflogsumm:
Postfix log summaries for Aug 13
Grand Totals
------------
messages
91708 received
42450 delivered
0 forwarded
233 deferred (2390 deferrals)
439 bounced
26497 rejected (38%)
0 reject warnings
I didn't actually configure postfix on any of these machines. My predecessor
did. He's really good but it's possible he made a mistake. Plus, I've
tweaked the config considerably since he left. I added the pre-queue spam
filtering. Still there's a lot I haven't delved into and don't entirely
understand.
postconf on the mta:
alias_database =
alias_maps =
append_dot_mydomain = yes
biff = no
body_checks = regexp:/etc/postfix/body_checks
canonical_classes = envelope_recipient
canonical_maps = ldap:/etc/postfix/canonical_ldap
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
header_checks = pcre:/etc/postfix/header_checks
inet_interfaces = all
local_header_rewrite_clients = permit_mynetworks
local_recipient_maps =
local_transport = error:local mail delivery is disabled
message_size_limit = 50485760
mydestination =
myhostname = mta2.math.wisc.edu
mynetworks = 127.0.0.0/8 144.92.166.0/24 144.92.149.128/25
myorigin = math.wisc.edu
relay_domains = math.wisc.edu, .math.wisc.edu
relay_recipient_maps = hash:/etc/postfix/relay_recipients,
hash:/etc/postfix/rel
ay_aliases, hash:/etc/postfix/relay_aliases_mailman,
ldap:/etc/postfix/relay_rec
ipients.ldap.cf
relocated_maps = hash:/etc/postfix/relocated
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_dom
ain, permit_mynetworks, reject_unauth_destination, check_sender_access
hash:/etc
/postfix/access, permit
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = hash:/etc/postfix/virtual
postconf on the destination server:
alias_database = hash:/etc/postfix/maps/aliases
alias_maps = hash:/etc/postfix/maps/aliases,
hash:/usr/local/mailman/data/aliases
allow_mail_to_commands = alias, forward
allow_mail_to_files = alias, forward
append_dot_mydomain = yes
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command = /usr/bin/procmail
mailbox_delivery_lock = fcntl
mailbox_size_limit = 1000000000
masquerade_domains = math.wisc.edu
masquerade_exceptions = root
message_size_limit = 50485760
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
.math.wisc.e
du
mydomain = math.wisc.edu
myhostname = ulam.math.wisc.edu
mynetworks = 144.92.166.0/24, 144.92.149.128/25, 127.0.0.0/8
myorigin = $mydomain
qmgr_message_active_limit = 5000
queue_directory = /var/spool/postfix
relay_domains = $mydestination
relayhost = math.wisc.edu
relocated_maps = hash:/etc/postfix/maps/relocated
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions =
permit_mynetworks,permit_sasl_authenticated,reject
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_helo_required = yes
smtpd_recipient_restrictions =
permit_mynetworks,permit_sasl_authenticated,reject_un
auth_destination
smtpd_sasl_application_name = smtpd
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl/mailhost.crt
smtpd_tls_key_file = /etc/postfix/ssl/mailhost.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
virtual_mailbox_lock = fcntl
