On Sep 20, 2013, at 22:03, azurIt <azu...@pobox.sk> wrote: >> You are creating this problem yourself. No spam filtering is 100% >> without false positives, but properly configured before-queue defenses >> generally cut out ~90% of the garbage you get from bots and zombies. Or >> more, depending on how tight of a ship you can afford to run. It also >> presents a traceable error path to any senders that may be caught with >> their pants down because of configuration issues, compromised systems >> and what have you. > > We are, of course, not accepting every garbage: > smtpd_sender_restrictions = > reject_non_fqdn_sender > reject_unknown_sender_domain > > I just meant that we are not rejecting e-mails based on spam filters.
Which is exactly what the various suggestions were about. About rejecting incoming connections based on the connection profile and the envelope, before a message is queued. In other words, no one is suggesting rejecting a message based on its content, we are suggesting that you can cut down the amount of spam you need to make a store or forward decision on tremendously, by raising the bar on what you accept in the first place. The very first reply you got, from Robert Schetterer, already made the distinction between rejection and filtering, by the way. And if the 'smtpd_sender_restrictions' you list above is your idea of not accepting garbage, there is quite a bit of room for improvement. >> This means that anything that actually reaches the stage where you >> decide whether to store or forward is about 10% of what you are >> accepting now, and much less likely to cause trouble with forwarding. >> >> If you must do your own thing, figure out how to use the quarantine >> features of your chosen content filtering software, and do forwarding >> from there based on rules you specify. Or dig into the Postfix >> documentation and figure out how you might achieve what you are after >> without backscattering, or discarding mail. > > We are not backscatters, our systems are configured correctly. Nowhere am I suggesting that you are. I am noting it as a risk that one needs to be aware of. Did you notice your original question was answered there, by the way? It is one of several answers you got before you sent this message. > One note to all fans of 'spam filters rejecting' here: Did you even notice > that NO ONE of big e-mail providers are rejecting messages based on standard > spam filter techniques? Google, Yahoo, Microsoft, AT&T, ... No one is doing > it, most of them have developed their own filtering systems and you must be > really big spammer to be blocked permanently. The best of them is Google, > just try their filters and you will see (even blocking which was used to us > was targeted only to particular messages). Ahh, now you reveal that you are not being blocked, but that they are rejecting some (but not all!) messages based on their local rules. In other words, your original problem description is incomplete at best, and hints at a different class of problem; being blocked by Gmail. You should therefore not be surprised that the suggestions and answers you get focus on that much bigger problem of no messages being accepted at all. And please, you don't think you are the only one here who deals with forwarding to the big gorillas in the game, do you? To get the most value from this list and others like it, assume that most of the problems you run into have already been solved in various ways, for a wide variety of setups and scenarios. Perhaps your own solution is not the best option. Perhaps your view of the problem is incomplete, or perhaps you are misunderstanding the problem completely. And just in case that the issues you are having do present a novel problem, always be as descriptive as possible. That you are doing forwards with 'virtual_alias_maps' at the moment should really have been part of your original post, for example. Better questions tend to get much better answers, with less noise for everyone. Mvg, Joni
