MPP and Beyond

Saw a question on a mailing list about pre-queue content filtering with Postfix today and I had to interject - pre-queue content filtering in a site with more than a few hundred users does not make a lot of sense .  The benefit of pre-queue tests is to reject the SMTP connection before you receive the data, hence, saving bandwidth by safely rejecting a message before it is accepted.  Once you receive the data you have wasted bandwidth on spam, obviating the benefit of pre-queue rejection.  Additionally, Postfix, and most other MTA’s, are really good at handling SMTP transactions and have disk queues to queue mail when it can not be processed fast enough.  If you must examine the contents of all email before it is queued, and you have a slug of a content filter like Amavisd/SpamAssassin then you will probably drop stmp connections under a heavy spam attack rather than queueing for content inspection later.

You do gain the marginal benefit of being able to reject spam that content filters find and smtp level tests do not identify, but many sites quarantine or discard or mark spam rather than rejecting, so this is only a benefit for some sites.

In summary, apply smtp tests, rbl checks, and other identify tests pre-queue and analyze content post-queue for the best results.