Reject incoming mail based on Spam Score

Posted on 2007-10-11
Last Modified: 2013-12-09
Hi! I would like my mail server to reject incoming mail based on the spam score of the mail. I use Postfix, SpamAssassin and Procmail. Is this possible?

Currently, SpamAssassin assesses all mail and assigns a spam score, adding it to the mail headers. Procmail then filters the mail by reading the spam score and delivers it appropriately. I have it set up to deliver mail with a score of 5+ to the Spam folder, and all mail with a score of 20+ is delivered to the users' Trash folder, but instead of delivering mail with scores of 20+, I would like Postfix to reject it. Don't know if it's possible with my current setup, but any input is appreciated.
Question by:Julian Matz
    LVL 36

    Assisted Solution

    Postfix has only very recently implemented support for milters so in theory if you have a very up to date copy of postfix then it should be possible. However generally it is a bad idea. Spamassassin can take a while to process each mail as it has numerous dns lookups to perform and the wait the server would have to perform before accepting the mail in theory could cause problems.

    May I ask why you wish to do this?
    If I know I might be able to suggest some better alternatives.
    LVL 21

    Author Comment

    by:Julian Matz
    Thanks for the response. My Postfix version is 2.3.8.

    The reason I wanted to do this is because I thought it would decrease the server load. Also, it would stop unwanted mail ever reaching the mailbox and it would be less tedious to manually check for false positives as false positives are very likely not to have a spam score of 20 or higher. Another reason was that I thought that spammers or spam software might give up sending spam to my network if the messages are bounced.

    Alternative suggestions are most welcome :)
    LVL 36

    Assisted Solution

    Spammers dont seem to stop sending spam if the mail bounces. I still get spam for non existing users which were deleted over 4 years ago.

    I use the Spamhaus (requires a datafeed subscription) and spamcop RBls in my postfix configuration and it rejects about 4000 mails per day. That leaves about 800 messages coming in and getting scanned of which about 500 are spam.

    I use Mailscanner. It is setup to flag mail with a score of over 5 as (probably spam), spam with a score of over 10 is flaged as (spam) and spam with a score of over 20 is just deleted. To use mailscanner requires minimal changes to postfix (one line in /etc/postfix/access to put incoming mail into the hold queue).

    My website has links to the software and sites I have mentioned together with various other tips
    LVL 21

    Author Comment

    by:Julian Matz
    I'm using MailScanner also, although I haven't been able to perfect the installation for Postfix, SA, Procmail and MailScanner to completely work in harmony...

    So what you're suggesting is to make Postfix reject the mail before it reaches SA? That would make sense.
    You seem to have a lot of experience with Postfix, etc. :) Could I ask you to take a quick look at my Postfix file, and firstly see if everything looks ok as is, and maybe make a few suggestions if you think it could be improved? I'm using this in a production environment with maybe 50 or so mail users.

    I've put a copy of the file here:
    LVL 36

    Accepted Solution

    It looks ok. I am also using Spamhaus but it is a subscription service. For up to 100 users it is $500/year.
    As you can see from the logwatch output below spamhaus blocks the vast majority and spamcop block about 14% of what remains (about 800 messages made it through). If I remove spamhaus the spamcop would only block about 3000 messages so spamhaus is far better.

     Messages rejected using Anti-Spam site 5510 Time(s)
         autoblock.dnsbl identified 7 spam messages. identified 126 spam messages.
         local.dnsbl identified 15 spam messages. identified 5362 spam messages.

    You might want to consider using the mailwatch2rbl script I wrote (assuming you use mailwatch) as it monitors how many mails each IP address sends and will add any that only send spam over a particular threshold to a block table for X number of hours. It doesnt make a large difference to us but I am sure if we wernt using spamhaus then it would be far more effective.

    I also have the following two entries in my :-
    smtpd_client_connection_count_limit = 5
    smtpd_timeout = 120

    The first one limits the maximum number of connections each client can make. There were a few faulty bot clients around a couple of months ago which would leave a lot of connections open to the mail server. We had a couple which had 50 connections open. This limits the number of connections to 5. The second one reduces the inactivity timeout down to 2 minutes.
    LVL 21

    Author Closing Comment

    by:Julian Matz
    Thanks a lot for the help and comments!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    Forget those services on TV trying to sell you software – that’s step one.  Almost all of the software you need should be available for free.  The tricky part is doing the work.  If you are not comfortable performing these steps yourself, contact a …
    Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
    To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
    The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now