After much testing, we have decided to put the RBLs on Postfix for performance reasons. Before checking with those RBLs, our system does EHLO checks against a known-spammer blacklist database as well to filter the most obvious cases. Then we use zen.spamhaus.org, safe.dnsbl.sorbs.net, and bl.spamcop.net, in this order. Next we do greylisting with postgrey. Then amavisd-new+clamav+sa+sare+fuccyocr take care of the remaining (our logs show than aprox. 98% of all spam/virus mail had been blocking before this). We stopped using bayesian at all since 1.-Many of our customers get their mail through pop3, 2.- those with imap accounts would not bother training spam and ham. we've had some (very few) problems in the past with spamassassin giving false-positives for some ham (though some would say it was spam), but modifying some scores did the trick without affecting our ability to filter spam, since most was filtered before it went through spamassassin. The result: a mail system that hosts more than 100 companies email accounts with no spam at all.
Is there a possibility that we might be blocking sources of legitimate mail by being so aggressive? My experience tells me that if some server is on any of the three RBL that we use is because 1.- they're misconfigured (open relays and such), 2.- they are on a residential [dynamic] IP segment, 3.- They do permit spam coming from their servers, 4.- if they would be listed by mistake, their IT people are not being professional enough to have themselves delisted immediately. Ignasi Luis Hernán Otegui escribió: > Hi, list, I know this is one of those "egg and chicken" kind of > questions, but having now the possibility of checking the impact of > various setups, I was wondering if it is more convenient to let the MTA > perform the RBL checks, or disable them and let SA do this job. > Currently I am using zen.spamhaus.org <http://zen.spamhaus.org> as my > primary (and only) RBL tester on Postfix, and I am kinda surprised. The > daily statistics show that my server is rejecting almost 22000 > connections a day, and accepting only 2500-3000 emails. The major > drawback is bayes. It seems to lack the necessary amount of data to > catch up as the spam evolves, so I'm continuously getting new kinds of > spam (meaning that I can't figure out a tendency to draw a rule from). > So I'm asking if anyone has a solution for this, or how do you deal with > this (to me) dellicate balance. > > Thanks in advance, > > > Luis > > -- > ------------------------------------------------- > GNU-GPL: "May The Source Be With You... > -------------------------------------------------
