Re: Any postfix+dspam experts out there?

[Hal Murray <hmurray%megapathdsl.net@localhost>]

paul%whooppee.com@localhost said:
> The problem occurs when a "foreign" client uses my backup MX relay  machine.
>  This machine is part of my own network, so it gets included in  the primary
> server's $mynetworks (via 'mynetworks_style = subnet').  Unfortunately this
> seems to cause my
>  	smtpd_client_restrictions = permit_mynetworks,
>  	                            check_client_access ...dspam...
> to permit the message without triggering the dspam filter. 

You need to duplicate the anti-spam filtering on any backup MXes.

Another approach is to eliminate backup MXes.  If your primary server is 
solid, a backup server on your own network doesn't cover any problems with 
the link to your ISP.

Note that even if your primary server did filter mail from your backup 
server, that just gets you into the bounce vs reject mess.  If your primary 
server rejects it, your secondary server can either drop it or send a bounce. 
 If you don't send the bounce, the sender of legitimate mail doesn't know 
that it didn't work.  If you do send the bounce, and the return address was 
forged (which is common on spam), the bounce will go to an innocent victim.  
Google for backscatter or outscatter.

There are similar problems with mail forwarding.  The forwarder needs to do 
good filtering and the catching site needs to white list the forwarding site 
and the user needs to tolerate the crap that gets through the forwarder's 
filter.


-- 
These are my opinions.  I hate spam.