John, I use Postfix - Amavis - SA - ClamAV in post-queue configuration.
ClamAV I don't rely much on AV these days, but on attachment filter including for recent xls and doc malware. Amavis Even if Amavis was not updated recently, is not critical. banned_namepath_re and map_full_type_to_short_type_re are powerfull when combined for file types, but Documentation doesn't cover much here. Sometimes is better to look into amavisd-new perl file and add your own rules in config files. In post-queue configuration, Amavis must quarantine/discard/pass and never bounce/reject (for before-queue configuration). Spamassassin Have SA running with a local DNS resolver. Install one and have it listen on localhost. When behind a NAT, is better to forward incoming SMTP port 25 to your machine, in order to preserver original client ip address. I use whitelist (only for SPF/DKIM authenticated senders) and blacklist. Postfix - I use: Recipient and Sender verification for my domains only. RBLs for Sender domain, Helo, Unverified client name and Client IP address. postscreen_greet_action = enforce instead of greylist. Reject SPF hardfail at SMTP. I use SPF and DKIM as mandatory for hosted domain(s) in order to reject spoofed Senders-and-Froms@my-domains. Marius. -----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of joh...@fastmail.com Sent: Wednesday, September 9, 2015 4:18 AM To: postfix-users@postfix.org Subject: Re: AntiSpam & AntiVirus Integration with Postfix: lots of tools, but which one's AREN'T 'dead'? Mark On Tue, Sep 8, 2015, at 06:04 PM, Mark Martinec wrote: > Still the Amavis is my main open-source project and is not dead, > although it may be understandable that as the SpamAssassin library > is the main anti-spam tool of Amavis, the success of Amavis is > coupled with well-being of SpamAssassin. I was just getting around to 'putting 2 and 2 together'. I've seen your posts all over the place over at SA, but hadn't connected the name to Amavisd. Thanks for the comments. I'm glad to hear that the project is still alive and kicking. Don't have any sense yet about relative performance of the various tools listed on the Postfix site. I DO get the sense that Amavisd runs on some big installation. >From what I can tell, it sure does all that I want & need, I'm just nervous about investing in something that's "good but dead". Been there, done that, right? So I'll likely give it a try having heard from the 'horse's mouth'. Reading the Postfix lists I find a lot of low-end/new users like me asking Amavisd related questions, but hadn't seen anyone who actually runs a production server in a business actually say "use this". Elsewhere, sure. JUst not here yet. SO thought I'd ask. Thanks again. John
smime.p7s
Description: S/MIME cryptographic signature
