On Mon, Jun 29, 2015, at 09:32 PM, Noel Jones wrote: > When mail is discarded, no one is notified. From the end-user's > point of view -- both the sender and receiver -- the mail is > silently lost, and mail is unreliable.
Although I find users tend to squeak if the server isn't trashing "known garbage", I get the point. Thanks. > This looks overly complicated... It certainly is. Overkill for a standalone server that serves only my needs. This setup I've been fussing with is intended to be a somewhat generic drop-in front-end gateway -- that can be distributed/load-balanced -- that'll be used to slowly migrate away from a mess of current servers providing 'full' service. Step 1, they'll move to backend service only. Step 2, the backends will get completely replaced with a more centrally managed, 'clean' postfix + imap installations. Much of the effort now is aimed at properly exercising and vetting our choices. > I would certainly move clamav to pre-queue, so you can reject > unwanted mail. AV scanning is generally much faster than > full-content spam scanning, and this is certainly true with clamd > vs. spamassassin. The reason I've hesitated in moving clamav up front is that I undestood that to a/v scan I'm accepting the entire message anyway, and, since SA was going to scan the same, accepted content, was avoiding additional unnecessary acceptance & processing. But the advice is noted. > And use the add-on antispam signatures from > sanesecurity. I'd thought I'd heard sanesecurity sigs had died off ... not that I've checked of late. > I strongly recommend pre-queue filtering so you can reject unwanted > mail. Anything you do post-queue, I strongly recommend tag and > deliver. False positives *will* happen. Well worth some thought & consideration. Thanks.
