# Need a spam filter suggestion



## dpalme (Aug 17, 2012)

I used to use spamassassin back in the day but it wasn't exactly the easiest to keep configured and running.  

Any suggestions on a package that will cut down the amount of spam? 

I have multiple domains that I need to filter for all with different IP addresses.


----------



## cpm@ (Aug 17, 2012)

You should try mail/dspam.


----------



## ecazamir (Aug 17, 2012)

Use greylisting + RBL Checks + more strict SMTP restrictions: reverse DNS record existence, proper HELO, etc + amavisd-new + spamassassin + SPF checks + DKIM signing/verifying.
greylisting alone will cut at least 80% of the SPAM volume.


----------



## wblock@ (Aug 17, 2012)

sendmail's GreetPause is another option that won't hurt.  mail/dspam looks interesting, being lighter weight than things like spamassassin.

If you use or are considering pf(4), look at mail/spamd.  It's kind of delightfully evil.  Because it tarpits spam senders, it benefits the community.


----------



## mwatkins (Aug 17, 2012)

I used to use grey-listing but found it was causing me more admin headaches. Some surprisingly large organizations run mail servers that don't behave as they should.

policyd-weight (incorporating RBL checks, some country weighting... my users do not deal with China or Africa all that much) with Postfix properly configured to reject bad mail senders - very little actual spam makes it through the gauntlet and what does is tagged.

The remaining mail gets passed through bogofilter for spam tagging and (optional) moving to spam folders; we only provide IMAP access to clients.

spamassassin I found too heavy and maybe because of its popularity seemed to need more on-going tweaking as the bad guys alter their approaches.


----------



## ecazamir (Aug 18, 2012)

mwatkins said:
			
		

> I used to use grey-listing but found it was causing me more admin headaches. Some surprisingly large organizations run mail servers that don't behave as they should.


I agree, some organizations (most of them small, in my experience) don't use proper SMTP servers.
In the past 7 years, I took care of the corporate email server. I started using greylisting  4 years ago. During this 4 years, I had less than four events related to greylisting per year.
So, I don't need a so-called lightweight solution (DSPAM) and I don't need to tune SpamAssassin every day, or week. Keep in mind that a SPAM sender need _speed_, and greylisting hits the spammers just at this point.
IMO, it's fine to add 4 exceptions per year to a table, instead of upgrading hardware/spam signatures/etc and keeping the server more busy than it is required, because few "systems admins" don't know protocol requirements or forgot about SMTP queues.

I forgot in my previous post to mention fail2ban. It is possible to instruct fail2ban to block IP addresses which insist on sending mail
- 1 - from RBL blocked addresses
- 2 - for non-existing mail accounts
Also, it is possible to add exceptions to 'unconfigurable remote SMTP servers', using postfix's 'smtpd_client_restrictions' combined with a hash table with 'excepted' IP addresses.


----------



## kpa (Aug 18, 2012)

There's a lot of plain ignorance when it comes to email server setups. There are still many servers that do not support empty return paths (MAIL FROM: <>) on bounced messages even if it's required by RFC 1123 to avoid bounce loops.


----------

