Your point is well taken with respect to Postfix smtpd restrictions. The degree to which each administrator uses them is usually some combination of personal preference and policy. My personal philosophy is to minimize the use of smtp header and body checks while enforcing the client, helo, sender, and recipient checks.
Your other point is well taken also in that the incorporation of some smtp header and body checks is too permanent, especially for a broadband provider. And while the configuration is debatable, it is counter intuitive in a configuration that incorporates SpamAssassin as the two philosophies are at odds. Thanks for your insights Kenneth! --Larry > -----Original Message----- > From: Kenneth Porter > Sent: Thursday, November 13, 2003 5:28 AM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: [SAtalk] SecuritySage spam filters and > Postfix/SpamAssassin integration > > > --On Friday, November 07, 2003 12:42 AM -0500 Larry Gilson > <[EMAIL PROTECTED]> wrote: > > > You might want to look at SecuritySage for some configuration > > details. > > > > http://www.securitysage.com/guides/postfix_uce.html > > I just got some mail bounced by an ISP using this setup and after > > reviewing the details, it looks like the system is set up > backwards: It does its own all-or-nothing header checks that SA > already takes care of, causing heavy-handed rejections of false > positives, instead of letting SA look the message over and using > the combined score of several indicators to make the decision. > > In my case a message to a cogeco.ca customer got rejected for > the regex "^Subject: .*Get Ready For". The subject line in question > was "How to get ready for a match". (This was sent to all my online > teammates.) Here's the Postfix header checks rules used: > > <http://www.securitysage.com/files/header_checks> > > (On my own servers I run SA from sendmail via MIMEDefang and reject > spam with a score of 10 or higher, and add the spam score to the > subject line for stuff between 5 and 10 for MUA filtering. The only > SA hit I got on the message in question was NO_REAL_NAME, and my AWL > kicked the thing down to a -4.9 score.) > > Poking around on Cogeco's website, I can find no indication that they > offer spam filtering, and certainly nothing to suggest that they > delete mail bound for their customers with no customer control. One > would think this would be a selling feature of their service and that > they'd advertise its existence. > > <http://cogeco.ca/en/internet_support_o.html> > ------------------------------------------------------- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
