Spam Filtering

[jackadaniel at gmail.com (Jack Daniel)]

As you might expect, I use an Astaro box...

But, no sales pitch here- for SMTP filtering I have found Commtouch's
anti-spam offerings to be very good.  Several commercial products
(including Astaro) license Commtouch tech as a component in their
offerings.  Theirs uses a combination of reputation and heuristics,
works very well.

There are some non-commercial anti-spam tools/techniques which are
built into a variety of systems, look for them in the solutions you
consider;
BATV does a good job of managing "backscatter" spam (spoofed bounce messages)

Greylisting is very good at controlling bot-generated spam (requires
an RFC-compliant retry to validate the server, then whitelists the
server)

SPF is the answer for spam which claims to originate from your own domain(s),

CONSERVATIVE RBLs (like Spamhaus) can be valuable, but many RBLs are a
bit too aggressive for commercial use (that is, if you want to get
email from your customers)

RDNS checks are good, but you will occasionally run into misconfigured
servers which you will have to deal with. Note: simple RDNS only
requires the IP of the sending SMTP server have a hostname associated,
it does not require SMTP to originate from an MX record IP for the
domain.

HELO/EHLO checks just make sure the sending server says "hi" in an
appropriate manner, generally checking for valid hostname formats and
such.  You will need some exceptions for older/misconfigured servers
for this one, too.

Mix and match the above as appropriate in whatever commercial or Open
Source package, and you will have a happier MTA and inbox.


Jack




-- 
______________________________________
Jack Daniel, Reluctant CISSP
http://twitter.com/jack_daniel
http://www.linkedin.com/in/jackadaniel
http://blog.uncommonsensesecurity.com