Hi all,
I configured postfix to use this two "spam filter"
zen.spamhaus.org
bl.spamcop.net

this two servers are well know to work well togheter and they are famous to report really few false positive.

recently I noticed that they are catching more false positive,
spamcop now blocks facebook for example.
do you know some better server to block spam with false positive near to zero?

Spamcop is hardly famous for few false positives. zen.spamhaus.org is the only list I would recommend for low false positives.

If you want to lose legitimate emails at some point in time then you've done the right thing - adding an RBL to your mail server to immediately reject email.

Don't do this. You're relying on the owner/organisation of each RBL to be fairly cautious when blocking IPs. Maybe Facebook was a bit too spammy for spamcop and they legitimately blocked them for a reason - however you obviously don't consider Facebook to be an evil spammer (neither do I). However if your mail server is set to blindly trust those RBLs, you'll always get false positives.

Use a spam scanning filter which uses RBLs to filter email accordingly and remove them from Postfix. Try using amavisd-new with SpamAssassin enabled - by default it should come up with a list of RBLs it checks, you can always edit these if you want a different set with alternative scores if you trust a specific RBL more.

This way an email will get a higher spam score if the source of the message is from a blacklisted IP, but won't be immediately rejected. It gives SpamAssassin a chance to evaluate a message and see if the message is genuine spam if other RBLs say so, if all the other various rules make it look like spam - or if it's just a single RBL which is being overzealous in blocking certain IPs.

Don't use RBLs directly in your mail server unless you absolutely trust them.

yes yes, you are right, I always used amavisd-new with spamassassin but I tryed adding an RBL to block some more positive so I'm asking for a trusty RBL

If you must RBL directly, just use zen.spamhaus.org -- it's conservative enough to not cause too many problems.

_________________
/ Peter

Before you add any postfix restriction to try and reduce spam, I highly recommend that you test it for a few weeks/months with the "warn_if_reject" feature of postfix.

Then you can review your logs and decide for yourself if the proposed restriction is useful and/or harmful in your own judgement.

I do this, and it works very well for my low-volume e-mail accounts. Checking for a lot of definitely-suspicious stuff before you ask Zen is a good thing, too. I think I stole this from a mailing list, and there's probably more and better ways to do some of this:

smtpd_recipient_restrictions = 
   permit_mynetworks,
   permit_sasl_authenticated,
   reject_invalid_hostname,
   reject_non_fqdn_hostname,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   reject_rbl_client zen.spamhaus.org,
   reject_unauth_destination

_________________
Disclaimer: I am no longer employed by Linode; opinions are my own alone.

thanks for all your replys.
I will follow your suggestion.