I'm moving off of shared hosting to a VPS and am building up a Postfix server for it.
I read through the docs on layers of security & protection against spam, viruses, and garbage in general. I decided to deploy postscreen + sender & recipient header checks + DKIM signing/verification, ClamAV & Spamassassin. Postscreen is working, the server's sending & receving mail, and the early & light checks I added are working. I'm layering in the deeper checks now. After reading up on milters and such I decided to use Amavisd to handle a lot of it. Looking at banning file attachments by extension & mime type it looks like I can use both Postfix header_checks & mime_header_checks & Amavisd rules to block by EXT. Most of the flow charts of what happens when I'm getting a good handle on and it's pretty easy to figure out when in the flow to put a restriction. For these EXT checks I'm a little more fuzzy. What are the arguments for this specific type of restriction best being done in Postfix or in Amavisd? I also read some posts that do it in both places, but I didn't get a great reason for it. More like "just in case". Seems like a waste. Is this another "sooner is better" kind of restriction? Or more like "DEEPER is better"? Thanks a lot. -- TS
