*On Sun, Dec 06, 2009 at 02:26:30PM -0700 Dean Mah <dean.mah at gmail.com> wrote: > All of the lists, with the exception of css-d, have been moved to the > "new" server, tron. We're using a different MTA on tron, postfix, and > so you may notice an increase of spam to the lists. This is partially > due to the fact that I had hacked qmail to catch a lot of the spam > early in the pipeline. If the spam because too much of an issue, I > can look into doing the same for postfix. I will be looking into how > best to get css-d moved next. I've been using the following to reject a lot of spam before it ever has to be processed by anything else on the server. smtpd_recipient_restrictions = warn_if_reject, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client b.barracudacentral.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client dnsbl.sorbs.net, reject_rhsbl_client blackhole.securitysage.com, check_relay_domains If you're waiting to see what the spam volume turns out to be just file this away for now. But I hope it'll save you some time. I've been running postfix for 9 years now and this works well enough for me that when I turned off (commented out) some of the rbl or dnsbl's I had clients calling and complaining about the amout of spam. Barracuda works very well, and it's free to use so long as you register with them and list your IP addresses. You can probably remove permit_sasl_authenticated as well. Maybe you want need it, but if you do it may save you some time.