[Dovecot] what best for anti-spam filter?

Arnaud Abélard arnaud.abelard at univ-nantes.fr
Tue Jul 24 16:11:37 EEST 2012


On 07/24/2012 02:06 PM, Markus Schönhaber wrote:
> 24.07.2012 11:57, Arnaud Abélard:
>
>> - With greylisting we aren't rejecting potentially spammy mails, we are
>> rejecting misbehaving servers. That's important, legally speaking. We
>> could be in trouble if we rejected an important mail by mistake when our
>> server actually accepted it.
>
> That's something which is not greylisting-specific at all. You must not
> accept mail you are unwilling or unable to deliver - ever!

That's my point. Greylisting screens bad behaviored servers away and if 
a mail is accepted it will be delivered. If it's detected as a potential 
spam, it will still be delivered to the end user with a proper tag in 
the subject.

 From what I just read, it seems that indeed postscreen could be an 
alternative for that purpose.

But screening solutions aren't enough since a lot of unwanted mails are 
sent from legit RFC compliant servers:

- newsletters from sites the users provided their email to and forgot 
they did.

- digital prospecting which is legal if properly done (in France, it 
must be related to your professionnal field of activity and an 
unsubscribe link must be provided)

- phishing and scams sent from stolen webmail accounts.

Greylisting and DNSBL aren't really useful for any of those, only 
content analysis will catch them and that's the hard part. Bayesian and 
markovian filters need training and corrections. Spamassassin rules 
needs to be added every few weeks, etc.

I kind of like how pyzor and razor work but those are rather slow and 
tend to use too much CPU. Anyone here who had a good experience with those?

Arnaud


> Creating bounces will make you a source of backscatter and get you
> blacklisted, eventually.
> ("Outgoing" mail is a different matter, of course)
>
> But that doesn't mean that greylisting is the only means for fighting
> spam that is compliant to the above rule. It's, for example, not
> uncommon to have things like milters or pre-queue filters pipe the
> incoming mail through a spam checker and accept or reject the mail -
> during the SMTP dialogue - depending on the result of the check.
>


-- 
Arnaud Abélard (jabber: arnaud.abelard at univ-nantes.fr)
Administrateur Système - Responsable Services Web
Direction des Systèmes d'Informations
Université de Nantes
-
ne pas utiliser: trapemail at univ-nantes.fr


More information about the dovecot mailing list