Email/Spam

Very good spam fighting techniques can be found on ACME website:
=> http://www.acme.com/mail_filtering/

My setup and techniques are following:

=> Nolisting

    stargrave.org mail is handled by 10 mailfake0.stargrave.org.
    stargrave.org mail is handled by 20 mail2.stargrave.org.
    stargrave.org mail is handled by 30 mailfake1.stargrave.org.

    mailfake domains exist, have an address, but no daemon listens on
    them. Many robots will connect only to the first MX.

=> Null MX

Check for reverse DNS record works *very* good.

Postfix configuration options that work relatively good:

    -- main.cf --
    disable_vrfy_command = yes
    strict_rfc821_envelopes = yes
    smtpd_helo_required = yes
    smtpd_client_restrictions = sleep 2, reject_unauth_pipelining
    smtpd_delay_reject = no
    smtpd_recipient_restrictions =
        permit_mynetworks,
        reject_unauth_pipelining,       # Do not allow PIPELINE at all
        reject_non_fqdn_helo_hostname,  # Reject HELO with non FQDN
        reject_invalid_helo_hostname,   # Reject malformed HELO
        reject_unauth_destination,      # Reject unknown destination
        reject_unknown_client_hostname, # check IP->name mapping,
                                        # check name->address mapping,
                                        # check name->address match
        reject_unauth_destination,
        check_policy_service inet:127.0.0.1:10023

    smtpd_sender_restrictions = hash:/usr/local/etc/postfix/access
    header_checks = pcre:/usr/local/etc/postfix/header_checks.pcre

    -- access --
    esputnik.com REJECT
    [...]

    -- header_checks.pcre --
    /^Subject: *$/ REJECT Empty subject
    /^To: Recipients/ REJECT Dummy recipients
    /^To: .*(undisclosed|unlisted)-recipients/ REJECT Undisclosed recipients
    [...]

=> Greylisting
This works very well, however will increase legitimate mail delivery
time for the first time.

I refuse to use any blacklists (RBL, DNSBL), because in that case
delivery of email is under control of someone else. I do not trust them.
Moreover there is *high* risk of false positives. I do not like when
people use this technology, marketing bullshit, unfair play.

Own manual maildrop rules that places mail directly into /dev/null, or
spam folder. I check spam folder once or twice a week and quickly wipe
it if visually it have obvious spam.
=> maildrop

I used Bogofilter Bayesian filter, but currently it is an overhead.
=> Bogofilter