On 7/24/2012 2:16 AM, Arnaud Abélard wrote:
And first of all, even if this is not dovecot related, use a greylisting solution.
Greylisting only stops bots. It is resource intensive, and causes delivery delays. There exist bot spam killing solutions that are just as effective, with less downside. Two are Postfix' postscreen daemon, and fqrdns.pcre, which rejects based on consumer/dynamic looking rDNS. Some users have modified the latter for use on HELO strings instead of client rDNS strings, with good success. Either combined with CBL/ZEN should kill all your bot spam much more efficiently. I'm surprised you're using greylisting (Postgrey?) with 72k mailboxes.
Indeed! Fighting spam is a continuous task.
Unfortunately...
We (72,000 mailboxes) are currently using amavisd-new with spamassassin and CRM114 via a custom plugin instead of the default bayesian filter. Also like Noel, we're using DNSBLs, SPF (although we had to publish a permissive record since some of our users are using their ISP smtp instead of our own).
Which of your countermeasures blocks spam from Orange/France Telecom VPS/colo sources?
-- Stan