Can you guys share some thoughts/experiences for antivirus/antispam for postfix.
- What is your antivirus and antispam combination used in your system?
- any particular reasons behind it?
- notable features that should be considered when choosing antivirus and antispam software?
- others
I need to set up an MX server, we are serving about 70 domains, with users ranging from few 100s to 35k for each domain. The idea is to set up MX servers, dozens of them, only for incoming emails, do all the anti spam/virus/rbl, etc., checking and route them back to the domain SMTP.
Hopefully you can enlighten me a little bit.
TQVM guys.
Best Answer
I prefer to use DSPAM myself (somewhat complicated to implement, but worth it), and I've seen very low resource usage (programmed in C), and I like the statistical approach compared to one-size-fits-all filter systems like spamassassin. DSPAM has built-in support for ClamAV.
But proper usage of built-in postfix restrictions are really the best first-line defense.
I decided to skip greylisting (used postgrey in the past) because it requires you to keep a whitelist of misbehaving servers (or trust its database). For that reason I also decided against reject_unknown_helo, because it requires you to keep a whitelist of servers that doesn't do things the way they should do (according to RFC).
If manual whitelisting floats your boat then these two approaches drastically reduce your spam (catches more than 80% of spam with almost no errors) even before it's queued in your server, which is a major benefit. The downside is that you need to pay attention to your logs and whitelist misbehaving (but legit) servers as soon as you notice them, or your users will probably complain.
Implementing SMTP AUTH (in my opinion most easily by using the dovecot auth provider) helps to make sure that submission is handled properly (together with a strict smarthost (mynetworks) list/policy).
My suggestion when setting up postfix is to have a clear plan of what you want to achieve (figure out if you want local or virtual delivery, what type of antivirus/spam system and how to do delivery+filtering).
Start with an empty main.cf and use postconf (complete current config) / postconf -n (only non-defaults) / postconf -d (only defaults) to build up your configuration from the default step by step until you have what you want. The distribution very often come with defaults that capture the distributors idea of a mail system, and it doesn't always reflect your views, opinions and policies (they might differ). Remember to do all of this on a system without users so that you can experiment in peace.
I was able to implement all of this with precompiled packages on Ubuntu 9.04 server (even dspam), so extensive compiling should not be needed, just patience while configuring.