Hello,
I'm busy making an overview how one can use postfix to stop UCE. During
the past years the available possibilities have grown so it becomes a
bit difficult to choose the right tools for the job.
Eventually I need to decide what tools to use, so please correct my text
below. I hope others will benefit from it too.
The postfix site explains all (, but doesn't summarize it).
In my opinion there are two places where one can stop UCE.
1) Before postfix accepts the email, before-queue content inspection
2) After postfix accepts the email, after-queue content inspection
There are several technologies implemented to be used in postfix:
Before queue:
- smtp protocol checks
- policy service (e.g. SPF and greylisting)
- RBL checks (reject_rbl_*)
- smtpd_proxy_filter
- milters
After queue can be done through content filtering. E.g. passing the
mail to amavisd or something else.
To come back on the before queue method. This is of course the first
line of defence. There should the offender be stopped. After queue
scanning is only the last resort.
Now with the different before queue methods we have a huge overlap in
functionality.
There exist policy servers that do RBL too. But there exist milters
that do RBL checks too, and some milters can even do antispam checking.
With smtpd_proxy_filter you also do anti spam.
In fact, it seems to me that you can handle everything through one or
more milters.
The question that remains should one use one (or more) milter/policy
servers or a combination of both, completed with the basic postfix checks.?
Where should the line be drawn
Thanks in advance,
--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert rudy.geva...@ugent.be tel:+32 9 264 4734
Directie ICT, afd. Infrastructuur ICT Department, Infrastructure office
Groep Systemen Systems group
Universiteit Gent Ghent University
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
