crypted: the postfix tag for smtpd that ends with ,permit is the full line I have in my config. I think it would be good to have some sort of place for users to post their antispam setups. I know it would help me, I too have a ton of spam that hits my servers (4000+ daily) and plenty get through. The URIBL is something new to me so that was helpful. Also, maybe people posting their header/content filters would also be helpful. I'm getting pressure from the bosses to get spam under control like gmail or else....in my opinion we have all the tools built in with ispc3 so there is no reason why it cannot be done (maybe go a step further like spamsnake??). I can't really help any further than what I've provided other than make sure you're running as-update as Till suggest but also telling it to learn from junk mail folders.
Turbanator: Do you have a lot of email disregarded that wasn't spam at all? Those flags don't alter the XSPAM scores do they? It appears to be a direct deletion at upon incoming to the system... I agree it would be useful to work together to post information to come up with a better spam solution comprised of all the thirdparty lists and what not...
By putting your tag 1 level to -1000 as you have, every email gets tagged. The smptd restrictions, I believe, block the emails from coming into the system at all. I'm at the point of reading more about the uribl (or others for use within spamassasin) and setting up content filters which is probably the best solution since we get a lot of "spam" that comes through with low tags, but are clearly unwanted emails.
Still receiving spam. I don't see anything about HELO in the main.cf for postfix. Anyone else setup/modify the configuration to add that? Some say that most spam emails do not say HELLO to the postfix server when sending it to you. Whereas all normal email will have a HELLO initiation. Thoughts? Here is my MAIN.CF showing my restrictions and all. It's filtering out about 20+ extra a day that would have made it to INBOX. No telling how many its filtering that would have been caught by SA and sent to Junk. Code: # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = /usr/share/doc/postfix # TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = my.derekgordon.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = my.derekgordon.com, localhost, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 [::1]/128 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all html_directory = /usr/share/doc/postfix/html virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes # smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination,reject_rbl_client zen.spamhaus.org,reject_rbl_client dnsbl.sorbs.net,reject_rbl_client bl.spamcop.net, reject_rbl_client combined.rbl.msrbl.net, reject_rbl_client multihop.dsbl.org, permit smtpd_tls_security_level = may transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf virtual_create_maildirsize = yes virtual_maildir_extended = yes virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = yes virtual_maildir_limit_message = "The user you are trying to reach is over quota." virtual_overquota_bounce = yes proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = maildrop header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings message_size_limit = 0 Opinions welcome.
Here's a quick HOWTO to resolve the spam problems. http://www.howtoforge.com/forums/showthread.php?p=238726#post238726 It's very useful and is along the lines of a lot of discussion here in this thread.
