>On Sep 20, 2013, at 18:21, azurIt <azu...@pobox.sk> wrote: > >>> CC: postfix-users@postfix.org >>> On Fri, Sep 20, 2013 at 10:42 AM, azurIt <azu...@pobox.sk> wrote: >>> >>>> Hi, >>>> >>>> i'm having problems with spam forwarding - lot's of our users enabled >>>> forwarding to gmail and every spam they receive is also forwarded. Today >>>> gmail block us because of spam (which we were just forwarding, not >>>> sending). Any tips how can i disable forwarding in case of a spam (for >>>> example, when message has X-Spam-Status: Yes) ? Thanks. >>>> >>>> azur >>> >>> As a first line of defence, maybe use postscreen to cut down the spam >>> before it reaches smtpd ? >>> >>> The postscreen documentation (http://www.postfix.org/POSTSCREEN_README.html) >>> mentions four layers of defence, if you have some of that implemented, or >>> all of it, you would be able to cut down on your incoming spam, before >>> anything gets forwarded to Google or any other place. >> >> Looks fine but i NEED to deliver also spams locally, i just don't want to >> forward them away. > > >No one 'needs' to deliver spam locally. On a properly configured system, the >vast majority of spam bounces off the before-queue defenses, and never reaches >the stage where a decision about forwarding or local storage needs to be made. >If you are running into trouble with Gmail it is quite likely that you are >accepting too much garbage from bots and zombies. > >This is a problem you should solve at the earliest possible stage, which is >where postscreen comes in. Read the documentation again, and understand why it >should be part of your defenses. > >If you think your problem can be solved using header checks, read the >appropriate documentation; > >http://www.postfix.org/header_checks.5.html > >But really, start by cutting down on what you accept.
I don't believe in rejecting e-mails based on spam checks - there are and always be false positives. I will rather accept 100 spams than reject single legitimate e-mail message.
