On Fri, 19 Oct 2018, at 10:57, Olivier wrote:
So, rejecting spam during smtp-dialog is risky, that is why most
resolve to some sort of quarantine, and that is when amavis comes
handy.
I agree with the 1st part but that's why I ditched Amavis! If your
mail delivery setup includes anything anywhere that can call your spam
filter you may not need Amavis. In my case I happen to have Procmail
anyway. The filter of my choice is SpamAssassin. So, no need for
anything in between.
My recommendation is to use Postfix with postscreen including a
reasonable set of dnsbls, plus a spam filter as far as possible at the
end of the processing chain so that it gets called only on mail that
is neither clearly ham nor spam.
Postscreen alone allowed me to ditch ClamAV. After evaluating logs of
1 year the hit rate was about 1 of 2k messages of which 100% were
flagged by SpamAssassin. Hit rate increased somewhat with the use of
third-party signatures, but these detected pratically only scams and
phishing attempts which IMHO need to be distinguished from the
classical type of viruses. Indeed, they also caused a number of false
positives.
Again, note that my findings are based on the fact that Postfix with
postscreen itself blocks the by far largest part of malicious mail.
Of course, YMMV,
--
-- Andreas
:-)
