Rudy Gevaert wrote:
Hello,
I'm busy making an overview how one can use postfix to stop UCE. During
the past years the available possibilities have grown so it becomes a
bit difficult to choose the right tools for the job.
Eventually I need to decide what tools to use, so please correct my text
below. I hope others will benefit from it too.
The postfix site explains all (, but doesn't summarize it).
In my opinion there are two places where one can stop UCE.
1) Before postfix accepts the email, before-queue content inspection
2) After postfix accepts the email, after-queue content inspection
There are several technologies implemented to be used in postfix:
Before queue:
- smtp protocol checks
- policy service (e.g. SPF and greylisting)
- RBL checks (reject_rbl_*)
- smtpd_proxy_filter
- milters
After queue can be done through content filtering. E.g. passing the
mail to amavisd or something else.
To come back on the before queue method. This is of course the first
line of defence. There should the offender be stopped. After queue
scanning is only the last resort.
Now with the different before queue methods we have a huge overlap in
functionality.
There exist policy servers that do RBL too. But there exist milters
that do RBL checks too, and some milters can even do antispam checking.
With smtpd_proxy_filter you also do anti spam.
In fact, it seems to me that you can handle everything through one or
more milters.
The question that remains should one use one (or more) milter/policy
servers or a combination of both, completed with the basic postfix checks.?
Where should the line be drawn
Thanks in advance,
There's lots of choices because there is no one-size-fits-all
solution.
Use what works best for you, and what you're comfortable with.
I think most people use a combination of postfix built-in
controls plus one or more external tools. The external
tool(s) you use depends on what's available and what your
goals are. Most of the tools do what they say they do, so
it's a process of matching their capabilities and management
tools to what you want.
For pretty much any tool you name, you'll find someone who
thinks it's the greatest thing ever, and others who think it's
worthless... so make up your own mind.
--
Noel Jones
