On 11/02/14 02:13, Yasha Karant wrote: > Our site has been edicted to Microsoft Exchange server with a Barracuda > spam filter. There are numerous difficulties, one of which is spam not > being filtered and non-spam being so filtered (significant increase in > mission critical false positives). At present, the administrative > authorities (all of whom appear to be management professionals, not > internals nor systems folks) insist on Exchange, allowing open systems > standards compliant end-users to have IMAP service. Given this, what > are the best server-side spam filters, either hardware or software? > "Best" should be based upon current field-deployed experience and/or > unsolicited external reviews (not vendor-supported "independent" reviews).
I've put up a fairly simple Postfix + Amavis-new + SpamAssasin server in front of some of my Zimbra servers to get rid of the "worst" trash (we also had some other requirements too, but that's not important in this thread). I configured Postfix with several RBLs, SPF and postgrey. In addition I added these smtpd_recipient_restrictions: reject_unknown_reverse_client_hostname, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, The RBLs I have had great success with are: reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.blocklist.de, reject_rbl_client b.barracudacentral.org, reject_rbl_client bl.spamcannibal.org, reject_rbl_client cidr.bl.mcafee.com, The two first ones and barracudacentral.org seems to be those being triggered most. Barracudacentral requires a registration (they want the IP of your DNS resolver doing the queries). With all this in place, I reduced the spam which SpamAssassin filtered out from 75-80% to ~20-25%. I had to remove SORBS, as they actually listed a lot of valid SMTP relays ... and for those companies being hit here, it was just a too costly operation to fix each time it happened. On the other hand, the other RBLs catch quite fine what SORBS blocked correctly. In regards to SPF, that works pretty well. I did it even stricter than the default configuration (I use python-policyd-spf), where I set PermError_reject = True. That enforces that SPF rules which are explicit much harder. And with postgrey, I learned that you need at least a 10 minutes threshold. For one of the servers I maintain, postgrey blocks ~25% of all mail attempts. On antoher one (low traffic), the hit rate was so low I actually removed. So you need to test and see if it can match your needs. -- kind regards, David Sommerseth