in Planet Debian Backports Spam Postfix policyd-weight ~ read.

Reduce spam significant

With policyd-weight you are able to reject mails before the body is received by your MTA, here postfix. No bounce mails, less wasted bandwidth and cpu time. policyd-weight scores characteristics of the mail positive or negative, is a defined value reached, it got rejected. The scores are currently:

  • DNSBLs/RHSBLs
  • HELO argument
  • MAIL FROM: argument
  • Client IP address
  • DNS client/HELO/FROM entries (A/16 A/24 A/32), PTR/FQDN and Parent Domains (MX/16 MX/24 MX/32) for their correctness respectively whether they match.

It's available in etch and bpo, installation is really easy:

# aptitude install [-t sarge-backports] policyd-weight

Remove unnecessary reject_rbl_client and reject_rhsbl_client checks from main.cf and insert the check_policy_service:

smtpd_recipient_restrictions =
        permit_mynetworks,
        ...
        reject_unauth_destination,
        check_policy_service inet:127.0.0.1:12525
        ...

You can create a /etc/policyd-weight.conf if you would like to adjusting scores or other policyd-weight parameters. You can get the defaults with policyd-weight defaults. For more informations have a look at /usr/share/doc/policyd-weight/documentation.txt.gz or http://policyd-weight.org.

A normal day on a backup MX with ~500 domain:

backup:~# zgrep -e "postfix.*: connect from" \
      /var/log/mail.info.0 | wc -l
29936
backup:~# zgrep -e "policyd-weight.*decided action=5" \
      /var/log/mail.info.0 | wc -l
22738
backup:~# zgrep -e "postfix.*status=sent" \
      /var/log/mail.info.0 | wc -l
5570