On Mon, Jan 04, 2010 at 05:40:29PM -0500, Roman Gelfand wrote: > Well, it looks like, perhaps, I found the missing link. After adding > s25r rules and HELO response verification in main.cf, no spam has > siped through. > > I think that mostly it was HELO response verification that did it. > BTW, is there a reason not block emails with incorrect HELO response? > > Thanks > None really, unless you need to accept mail from misconfigured servers. (We do.)
Cheers, Ken > On Mon, Jan 4, 2010 at 5:30 PM, Steve <steeeeev...@gmx.net> wrote: > > > > -------- Original-Nachricht -------- > >> Datum: Mon, 04 Jan 2010 23:20:04 +0100 > >> Von: mouss <mo...@ml.netoyen.net> > >> An: postfix-users@postfix.org > >> Betreff: Re: anti spam measures > > > >> Steve a ?crit : > >> > -------- Original-Nachricht -------- > >> >> Datum: Sun, 03 Jan 2010 23:37:18 +0100 > >> >> Von: mouss <mo...@ml.netoyen.net> > >> >> An: postfix users list <postfix-users@postfix.org> > >> >> Betreff: Re: anti spam measures > >> > > >> >> Roman Gelfand a ?crit : > >> >>> I am running postfix with anti spam filter (policyd-weight, sqlgrey, > >> >>> grossd, dkim, senderid-milter, dspam) . ?With this configuration, I am > >> >>> down to under 10 spams a day. ?Looking at my backend server which is > >> >>> exchange 2007, I find that all of the remaining spam messages have > >> >>> spam confidence level of 7 or greater, which implies this is blatant > >> >>> spam. ?Is there spam filter software software that works with postfix > >> >>> that can perform checks similar to that of exchange 2007 spam > >> >>> confidence level? > >> >>> > >> >> we can't really tell since we didn't see the messages that made it > >> >> through postfix+friends. > >> >> > >> >> if the messages contained a URI listed at uribl or surbl, then you > >> could > >> >> try using uribl/surbl via milter-link or via spamassassin (via > >> >> amavisd-new). > >> >> > >> >> anyway, You can add spamassassin (via amavisd-new) to your chain and > >> see > >> >> ?if it improves your filtering. > >> >> > >> > I am for sure one of the people that should keep his mouth shut since I > >> have a to strong bias but SpamAssassin? Why? He is using DSPAM and if I > >> would purpose him another free solution then only something like CMR114 or > >> OSBF-Lua. > >> > > >> > >> because I don't believe he will improve his filtering by adding more > >> statistical filters (I think: if this was true, he can improve by better > >> training/tuning of dspam). > >> > > Correct. > > > > > >> In contrsat, adding a finely tuned heuristic > >> filter will certainly improve his results. > >> > > True. > > > > > >> one example: Justin Mason anti-fraud rules (JM_SOUGHT*) will block fraud > >> mail that you can't block statistically (because you don't get enough of > >> it to train a statistical filter). unless if you are a large ISP/MSP > >> with users who report fraud mail quickly and you train your filter with > >> these reports quickly. > >> > > Or you use other ways to filter them out (not statistically). > > > > > >> other examples include: URIBL rules (granted, you can use milter-link), > >> DNSxL rules applied to Received headers (mail that is "touched" by a > >> host in Spamhaus SBL is unwanted!)... > >> > >> Once again, I said "add spamassassin" not replace dspam. This is because > >> OP wanted to block "more". but adding SA in a way that improves his > >> results is not effort free. which is why I said: > >> > > Right. > > > > > >> > > >> >> at one time, the question becomes: is the additional effort worth the > >> >> pain? > >> >> > >> > Good question. > >> > >> I personally am from the school of access control before content > >> filtering. > >> > > Me too :) > > > > > >> so I don't feel comfortable arguing for SA vs dspam vs > >> foofilter. > >> > > As I wrote before: I am to biased in that topic so I am not going to argue > > either. > > -- > > GRATIS f?r alle GMX-Mitglieder: Die maxdome Movie-FLAT! > > Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 > > >
