I set up a pretty nice e-mail server with great spam filtering. I'm wondering what everyone else uses and what are their results with it?
Currently my setup is pretty complex, but it works great.
The links for all the software I use are located at the very bottom of this post.
I am using Postfix as the SMTP server. You can only send e-mails if you authenticate, and only if it's over SSL. This forces everything to be encrypted between you and the server.
For IMAP, I use Dovecot. Again, you can only access e-mails over SSL so everything is encrypted.
I have it set up so both of those use MySQL to store all their information and to use virtual users.
Postfix is set up with blacklist databases that it checks against to even decide whether to accept new connections or not. There's a bunch of other things I use in in the configuration file that help deny attackers.
I use Postgrey for greylisting. What this does is deny the first connection attempt for 60 second (you can adjust the time). This alone will stop 99% of the spam. The reason is that attackers who send spam use a script or sorts that will only connect once to try to send the spam. If the connection is denied, then they just move on to the next address and never try again. However, all authentic, real mail servers will retry after a specific amount of time. I think GMail tries again after 5 or 10 minutes. So it basically denies the first connection and accepts anything after that.
From here, I use DSPAM. DSPAM does all the spam calculation and filtering. It analyzes
everything in the email from the headers to the end of the message. It weighs everything in the email and if it goes above a certain number, it flags it as spam and quarantines it. From here, you can go to the awesome web interface and look through quarantined emails and past history on emails. From this interface, you can also retrain any email to be either spam or innocent. It's incredibly powerful.
For a virus scanner, I have DSPAM call ClamAV on each new email and it scans for a virus. There's really not much else to that part.
I tallied up all the statistics for the month of August to see just how well my setup did.
Code:
Grand Totals
------------
messages
220 received
220 delivered
0 forwarded
0 deferred
0 bounced
1872 rejected (89%)
298 reject warnings
0 held
0 discarded (0%) I received a total of 220 emails for the month of August. All 220 were valid; none of the emails were spam.
89% of the emails were rejected
before they even got to DSPAM. You don't have to worry about any of these being a false-positive since these are attempts at bypassing standards or using it as a relay.
The 298 that were rejected with a warning were still spam. The only difference is that they met most of the requirements but were denied for a specific reason. You can view these warnings in the log to see why they were rejected. You don't have to worry about these being false-positives either for the same reasons mentioned previously.
As for actual false-positives that don't make it to your inbox, they will be quarantined. You simply go to the web interface and check the quarantine. If something is there that's good, you just click to have it delivered and it will drop it in your inbox immediately. It's an extremely powerful tool to have.
Here are links to everything I use:
The Postfix Home Page - SMTP server
SourceForge.net: Postfix Admin - Web interface for virtual users
MySQL :: The world's most popular open source database - Database for virtual users
Dovecot - IMAP/POP3 server
Postgrey - Postfix Greylisting Policy Server - Grey-listing service
Nuclear Elephant: The DSPAM Project - Spam filtering
JIMSUN - Postfix Contribs - Creates a summary of the mail logs
