From: /dev/rob0 (rob0gmx.co.uk)
Date: Sun May 22 2005 - 07:08:31 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm sorry to revisit such an old thread, but there's something I didn't
see mentioned here that I think should have been ...

On Thursday 05 May 2005 04:47, nick wrote:
> I have an issue with my postfix mailserver. The issue isn't actually
> the fault of postfix, but I'm hoping postfix might be able to resolve
> it.
>
> The problem is with our AV scanner which occasionally (about once a
> month) decides to lock up. When it locks up, it no longer accepts or

One positive step (that Postfix can do) would be to reduce the load on
the content scanner by rejecting more in the SMTP stage.

> I'm really hoping there's an easier solution for this, because at the
> moment the volume of mail we get doesn't really require more than one
> server..

Spamhaus SBL-XBL is a safe way to block a good chunk of your content
scanner's workload. By "safe" I mean that there is probably never a
true false positive, and the very little collateral damage is when
actual spammers happen to send real mail.

Simple HELO checks ... block anyone outside $mynetworks who uses your
domain name[s] (including "localhost") in a HELO/EHLO. Definitely block
HELO with your own IP address. That alone takes out a lot, without a
single RBL lookup.

http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt is a good intro to
what can be done without accepting DATA.

Various policy daemons are available which can simplify things. Cami's
is one (which I'm surprised that he didn't mention.) Robert Felber has
a newer one which calculates a score based on RBL listings and HELO and
sender and client domains.
--
    mail to this address is discarded unless "/dev/rob0"
    or "not-spam" is in Subject: header

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]