mouss <mo...@ml.netoyen.net> writes: > Dave a écrit : >> Hello, >> I'm running postfix, amavisd-new and spamassassin. Currently in my >> postfix smtpd_recipient_restrictions right at the end last thing i have some >> rbl checks. I'm wondering if that's the best place for them or should i >> disable that and activate them in spamassassin? Suggestions welcome. >> Thanks. >> Dave. >> > > think defense in depth. at each oignon layer, get rid of part of the > unwanted traffic. > > - at the firewall level, get rid of those "hopeless networks". > > - at postfix level, reject transactions that should not "occur" > (independently of content) > > - at SA, tag mail based on its content. > > > at postfix level, use zen.spamhaus.org. it is safe and effective. you > can also use spamcop and korea.services.net but these won't catch a lot > of junk. other lists are better used in SA.
Thank you, I just added that to my rbl list and watched my spam drop dramatically. (I was using an old rbl list, I'm surprised it was working at all) I have been doing weird stuff with ipv6, as well as certs. I am curious if there is a list of mail servers out there running various common smtp servers (postfix, sendmail, exim, exchange, etc) that I could ping via email and have them, according to their rules, filters, etc, send a reply (either back or to an address I'd define) I am painfully aware I don't have reverse DNS working on my ipv6 clients (yet), for example, and also am concerned that TLS negotiation may not work correctly for some ipv4 hosts, and have an on-going concern that any future changes I make to my mail configuration be easily testable. What I found after fighting with an exchange server that what seems to work best is assigning my first mx host to be ipv6 only, and my fallback to be a mx ipv6 and ipv4 host. > -- Dave Taht http://the-edge.blogspot.com
