Am 17.03.2015 um 22:16 schrieb Kevin A. McGrail:
So I'd like any input you might have, on or off list. Here's some questions I believe will help guide things: Q1 - What is the best glue for SA for Postfix that does the following: - can implement clamav before SA call
postfix does that out-of-the-boxreverse the order in "smtpd_milters" but keep in mind that a well trained SA rejetcs much more mails than clamav and while clamav needs less ressources you by-pass the whole virus canner that way
smtpd_milters = unix:/run/spamass-milter/spamass-milter.sock, unix:/run/clamav-milter/clamav-milter.socket
- should silently discard emails if a virus is detected
a MTA/MX must never silent discard mails where i live you go in jail for that as sysadmin reject at SMTP level or deliver it
- Might use a few RBLs to decline connections to start
any recent postfix has postcreen on board with a sensible BL/WL scoring long before the smtpd process - contentfilters don't face 90-95% of all mails that way
- Implements a good implementation of greylisting
should also happen on the MTA level if at alla backup-mx always anwering with a 4xx code also kills 50% of all botnet ips never seen on the primary MX but without the negative impacts (delay mail, loops in case of large senders alsways coming from a differnet IP and so never make it through greylisting)
- Temporary failure for scanning (virus or spam) failures
is a postfix standard behavior if a milter don't respond and also the standard behavior of most milters if they can't reach the final daemon
signature.asc
Description: OpenPGP digital signature
