Saturday, September 30, 2017

Re: the whole greylisting, spam filtering thing

> I start greylisting on the firewall and thats ok but should I implement
> a dedicated system for rspamd and relay the "ok-Mails" from there to the
> mailsystem or simply run rspamd on the mailsystem und plug it front of
> the mailserver like postfix?

aha so if you are using Postfix then there are plenty anti-spam features
that truly reduces the amount of spam and almost wipes it all out
**during the SMTP session**: `man 5 postconf` and search for those
patterns (this is postfix 3.1).

# NETWORK restrictions (smtpd_client_restrictions)
check_policy_service unix:private/policy
reject_unknown_client_hostname
check_client_access hash:/etc/postfix/client_access
reject_rbl_client ...
reject_unauth_pipelining

unknown_client_reject_code = 554
smtpd_data_restrictions = reject_unauth_pipelining

# HELO/EHLO restrictions
reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname
reject_unknown_helo_hostname
regexp:/etc/postfix/helo.regexp

# MAIL FROM restrictions
check_sender_access hash:/etc/postfix/sender_access,
reject_non_fqdn_sender,
reject_unknown_sender_domain

# RCPT TO restrictions
reject_non_fqdn_recipient,
reject_unknown_recipient_domain

unknown_address_reject_code = 554

if some spam comes through that, it is a pretty one (and even passed tru
the SPF check). This already gets rid of 98% of the spam for me.
Adding rspamd or whatever milter on top of that would clearly get you to
99%. No greylisting is needed.

Eventually make sure STARTTLS is enabled so the MX talk through TLS,
setup your SPF records for your domain and eventually setup DKIM.

No comments:

Post a Comment