On 12/14/18 4:30 AM, David Funderburk wrote:
What open source email filtering system is working well for you?
- Sendmail - SpamAssassin - ClamAV - OpenDKIM - OpenDMARC - SPFmilter - NoListing (a variant of Grey Listing that has worked exceedingly well for me.) - Junk Email Filter MX tricks (also works very well for me) - Reverse Path route filters Most of this is fairly stock configuration. I have put some custom rules in SpamAssassin for various reasons. Email me directly if you want particulars. On 12/14/18 10:36 AM, Rich Kulawiec wrote:
I've been studying email abuse for a very long time, and am writing a book about defending against it with open-source tools.
I'll be interested to learn more about your book. Will you share any details so that I can keep an eye out for it? - Title - Release date - Publisher
One of the things that I've learned over those decades is that while some measures make sense for everyone, one size does not fit all, and that it's critical to understand the mail stream that's being presented before trying to design and build systems to deal with it. Everyone's legitimate email looks different. Everyone's abusive email looks different. It's not possible to figure out how to cope with these things until you measure them.
Nor is it possible until you understand the operational requirements, which again, are different for everyone. Joe's Donuts in Dubuque probably isn't going to be receiving messages at its "orders" address from Peru or Pakistan, for example, so any incoming traffic like that is almost certainly misdirected (at best) or abusive. On the other hand, Michigan State University will probably receive legitimate traffic from all the world, including Peru and Pakistan.
I largely agree with both of those statements.
So while I could answer your question by telling you what I use, that doesn't mean that it would work for you. It *might*, and after a fashion, it probably would -- but it's highly unlikely that it's anything close to optimal for your environment. There's a fair amount of homework that needs to be done to figure that out.
Sure. But sharing what you're using and your perceived Pros and Cons do provide data for someone to consume while pontificating what will likely suit them the best.
One more thing. There are a number of things that some people do in their email systems which are worst practices -- things that exacerbate the problem. For example, "quarantines" or "spam folders" are a profoundly horrible idea that should never be deployed. (Ask RSA how that's working out for them.) Avoid these.
I think that there is a time and a place for both quarantining and spam folders. I use quarantining to gate email into and out of a lab / sandbox environment. I know that nothing will flow without me releasing a quarantine. This allows me to feel comfortable testing various MTAs without worrying that email will flow when I have not approved it. Devices on either side speak SMTP just like they want to and believe that the messages are the responsibility of an intermediate server. IMHO it works great. I also think that spam folders do have a use. They provide a way for messages that seem spammy to be isolated from the main inbox while still making them available to end users. (I'm talking about mail boxes accessed via IMAP where it's easy to see both Inbox and Junk.) -- Grant. . . . unix || die