• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2128
  • Last Modified:

Reject incoming mail based on Spam Score

Hi! I would like my mail server to reject incoming mail based on the spam score of the mail. I use Postfix, SpamAssassin and Procmail. Is this possible?

Currently, SpamAssassin assesses all mail and assigns a spam score, adding it to the mail headers. Procmail then filters the mail by reading the spam score and delivers it appropriately. I have it set up to deliver mail with a score of 5+ to the Spam folder, and all mail with a score of 20+ is delivered to the users' Trash folder, but instead of delivering mail with scores of 20+, I would like Postfix to reject it. Don't know if it's possible with my current setup, but any input is appreciated.
Julian Matz
Julian Matz
  • 3
  • 3
3 Solutions
Postfix has only very recently implemented support for milters so in theory if you have a very up to date copy of postfix then it should be possible. However generally it is a bad idea. Spamassassin can take a while to process each mail as it has numerous dns lookups to perform and the wait the server would have to perform before accepting the mail in theory could cause problems.

May I ask why you wish to do this?
If I know I might be able to suggest some better alternatives.
Julian MatzJoint ChairpersonAuthor Commented:
Thanks for the response. My Postfix version is 2.3.8.

The reason I wanted to do this is because I thought it would decrease the server load. Also, it would stop unwanted mail ever reaching the mailbox and it would be less tedious to manually check for false positives as false positives are very likely not to have a spam score of 20 or higher. Another reason was that I thought that spammers or spam software might give up sending spam to my network if the messages are bounced.

Alternative suggestions are most welcome :)
Spammers dont seem to stop sending spam if the mail bounces. I still get spam for non existing users which were deleted over 4 years ago.

I use the Spamhaus (requires a datafeed subscription) and spamcop RBls in my postfix configuration and it rejects about 4000 mails per day. That leaves about 800 messages coming in and getting scanned of which about 500 are spam.

I use Mailscanner. It is setup to flag mail with a score of over 5 as (probably spam), spam with a score of over 10 is flaged as (spam) and spam with a score of over 20 is just deleted. To use mailscanner requires minimal changes to postfix (one line in /etc/postfix/access to put incoming mail into the hold queue).

My website has links to the software and sites I have mentioned together with various other tips
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Julian MatzJoint ChairpersonAuthor Commented:
I'm using MailScanner also, although I haven't been able to perfect the installation for Postfix, SA, Procmail and MailScanner to completely work in harmony...

So what you're suggesting is to make Postfix reject the mail before it reaches SA? That would make sense.
You seem to have a lot of experience with Postfix, etc. :) Could I ask you to take a quick look at my Postfix main.cf file, and firstly see if everything looks ok as is, and maybe make a few suggestions if you think it could be improved? I'm using this in a production environment with maybe 50 or so mail users.

I've put a copy of the file here:
It looks ok. I am also using Spamhaus but it is a subscription service. For up to 100 users it is $500/year.
As you can see from the logwatch output below spamhaus blocks the vast majority and spamcop block about 14% of what remains (about 800 messages made it through). If I remove spamhaus the spamcop would only block about 3000 messages so spamhaus is far better.

 Messages rejected using Anti-Spam site 5510 Time(s)
     autoblock.dnsbl identified 7 spam messages.
     bl.spamcop.net identified 126 spam messages.
     local.dnsbl identified 15 spam messages.
     zen.spamhaus.org identified 5362 spam messages.

You might want to consider using the mailwatch2rbl script I wrote (assuming you use mailwatch) as it monitors how many mails each IP address sends and will add any that only send spam over a particular threshold to a block table for X number of hours. It doesnt make a large difference to us but I am sure if we wernt using spamhaus then it would be far more effective.

I also have the following two entries in my main.cf :-
smtpd_client_connection_count_limit = 5
smtpd_timeout = 120

The first one limits the maximum number of connections each client can make. There were a few faulty bot clients around a couple of months ago which would leave a lot of connections open to the mail server. We had a couple which had 50 connections open. This limits the number of connections to 5. The second one reduces the inactivity timeout down to 2 minutes.
Julian MatzJoint ChairpersonAuthor Commented:
Thanks a lot for the help and comments!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now