Well, it looks like, perhaps, I found the missing link. After adding s25r rules and HELO response verification in main.cf, no spam has siped through.
I think that mostly it was HELO response verification that did it. BTW, is there a reason not block emails with incorrect HELO response? Thanks On Mon, Jan 4, 2010 at 5:30 PM, Steve <[email protected]> wrote: > > -------- Original-Nachricht -------- >> Datum: Mon, 04 Jan 2010 23:20:04 +0100 >> Von: mouss <[email protected]> >> An: [email protected] >> Betreff: Re: anti spam measures > >> Steve a écrit : >> > -------- Original-Nachricht -------- >> >> Datum: Sun, 03 Jan 2010 23:37:18 +0100 >> >> Von: mouss <[email protected]> >> >> An: postfix users list <[email protected]> >> >> Betreff: Re: anti spam measures >> > >> >> Roman Gelfand a écrit : >> >>> I am running postfix with anti spam filter (policyd-weight, sqlgrey, >> >>> grossd, dkim, senderid-milter, dspam) . With this configuration, I am >> >>> down to under 10 spams a day. Looking at my backend server which is >> >>> exchange 2007, I find that all of the remaining spam messages have >> >>> spam confidence level of 7 or greater, which implies this is blatant >> >>> spam. Is there spam filter software software that works with postfix >> >>> that can perform checks similar to that of exchange 2007 spam >> >>> confidence level? >> >>> >> >> we can't really tell since we didn't see the messages that made it >> >> through postfix+friends. >> >> >> >> if the messages contained a URI listed at uribl or surbl, then you >> could >> >> try using uribl/surbl via milter-link or via spamassassin (via >> >> amavisd-new). >> >> >> >> anyway, You can add spamassassin (via amavisd-new) to your chain and >> see >> >> if it improves your filtering. >> >> >> > I am for sure one of the people that should keep his mouth shut since I >> have a to strong bias but SpamAssassin? Why? He is using DSPAM and if I >> would purpose him another free solution then only something like CMR114 or >> OSBF-Lua. >> > >> >> because I don't believe he will improve his filtering by adding more >> statistical filters (I think: if this was true, he can improve by better >> training/tuning of dspam). >> > Correct. > > >> In contrsat, adding a finely tuned heuristic >> filter will certainly improve his results. >> > True. > > >> one example: Justin Mason anti-fraud rules (JM_SOUGHT*) will block fraud >> mail that you can't block statistically (because you don't get enough of >> it to train a statistical filter). unless if you are a large ISP/MSP >> with users who report fraud mail quickly and you train your filter with >> these reports quickly. >> > Or you use other ways to filter them out (not statistically). > > >> other examples include: URIBL rules (granted, you can use milter-link), >> DNSxL rules applied to Received headers (mail that is "touched" by a >> host in Spamhaus SBL is unwanted!)... >> >> Once again, I said "add spamassassin" not replace dspam. This is because >> OP wanted to block "more". but adding SA in a way that improves his >> results is not effort free. which is why I said: >> > Right. > > >> > >> >> at one time, the question becomes: is the additional effort worth the >> >> pain? >> >> >> > Good question. >> >> I personally am from the school of access control before content >> filtering. >> > Me too :) > > >> so I don't feel comfortable arguing for SA vs dspam vs >> foofilter. >> > As I wrote before: I am to biased in that topic so I am not going to argue > either. > -- > GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! > Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 >
