From: Noel Jones (njonesmegan.vbhcs.org)
Date: Mon Dec 01 2008 - 14:10:21 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Roman Medina-Heigl Hernandez wrote:
> Noel Jones escribió:

> You are (again) right, perhaps spamassasin is better for performing this
> kind of check... with the added bonus that filtered mail is not dropped,
> but quarantined (so you could always rescue a false negative). Do you know
> "how well" does it (SA) perform at blocking this spam case (src dom=dst
> dom) while recognizing "legit" (but nasty) notices?
>
> For the very same reason, isn't it better to let Spamassassin make
> "intelligent" SPF-checks instead of using some other policy server with
> Postfix?

The whole idea of SpamAssassin scoring is that the spamminess
of of messages comes from lots of little things - some
positive scores, some negative scores - that usually adds up
to something that accurately represents whether a message is
spam or not. No one rule (unless it's a rare 100% guaranteed
spam indicator) ever decides on its own that a message is spam.

While a message might exhibit the From=To and SPF errors
described above, most legit mail still wouldn't trigger enough
points to get into the "likely spam" range.

SpamAssassin itself isn't 100% accurate, but it does fairly
well with a very wide range of junk. It's a good tool to use,
but you need more than one tool.
Selective RBLs (zen.spamhaus.org is highly recommended),
ClamAV with the Sanesecurity add-on signatures, and careful
postfix checks can reject a lot of spam before SpamAssassin
ever sees it.

It's also important to note that the settings you use depend
on your user base and your goals - there is no
one-size-fits-all solution, which is why you'll never see such
a thing posted here. Your best bet is to lurk on the list for
a while or browse the archives to learn what might work well
in your situation.

--
Noel Jones

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]