1 |
On 21/5/2011, at 5:13am, Pandu Poluan wrote: |
2 |
> ... |
3 |
> Due to the increase of spam/phishing emails received by my office, I |
4 |
> decided to explore the idea of implementing a spamfiltering 'frontend' |
5 |
> in front of my email server. |
6 |
> |
7 |
> Here's how I plan to do it: |
8 |
> |
9 |
> fetchmail (G) --> postfix (G) --> amavisd+spamassassin+database (G) |
10 |
> --> postfix (G) --> current email back-end (WS) --> clients (W) |
11 |
> |
12 |
> (G) = the single Gentoo server working as mailfilter |
13 |
> (WS) = mail server on Windows Server |
14 |
> (W) = various Windows clients (XP and 7) |
15 |
> |
16 |
> I need fetchmail because currently we still use a hosting company, at |
17 |
> least until August when we host everything on our own. Then, we'll |
18 |
> drop fetchmail and expose postfix for the world to deliver the mails |
19 |
> to. |
20 |
|
21 |
You shouldn't need amavisd / spamassassin, once you're exposing Postfix to the outside world, if you configure it well. |
22 |
|
23 |
You should do things like checking that the DNS name matches the helo response given by the server trying to send you mail (this alone filters out a good deal of spam) and be able to use things like DKIM, SPF and even SpamHaus. |
24 |
|
25 |
http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail |
26 |
http://en.wikipedia.org/wiki/Sender_Policy_Framework |
27 |
http://www.spamhaus.org/ |
28 |
|
29 |
(SpamHaus says "free for personal use upto x,000 messages per period", but they don't mind business use as long as you're under that limit; still it's cheap, once you've used the free account to prove the service) |
30 |
|
31 |
Using fetchmail you're unable to reject mail in the same way, so you have to use stuff like amavisd / spamassassin. |
32 |
|
33 |
Lots of discussion of this on the Postfix mailing list. You should definitely read that for a week or two before deploying. |
34 |
|
35 |
Stroller. |