zero backscatter from rspamd

[Michael McCallister]

Hi,

rspamd noob here...  I am not going to be able to run rspamd on the forward MXes - since rspamd will be running on the final delivery node, I want to make sure I configure rspamd in a way so that I do not create backscatter for spam/virus.  What is the best way to accomplish this with rspamd?

For spam... I was thinking setting to reject = 9999999; might be the best way to accomplish this (or some really large value which will prevent any mail from ever scoring that high).  Then I can filter with sieve during delivery.

For virus emails, I was thinking setting action = "quarantine"; in /etc/rspamd/local.d/antivirus.conf - my preference would be to quarantine to the postfix hold queue (where emails typically go if a milter signals a quarantine action in postfix).

Do the above two options even work?  Is there anything else I need to do to avoid backscatter coming from rspamd?

Honestly, I have not even installed rspamd yet - it looks cool, but I wanted to make sure I could config it for zero backscatter before installing/configuring.

Oh yeah - one more question - how could SPF filtering work with rspamd in the above config?  Since the postfix instance talking to rspamd is not the instance talking to the foreign delivering MTA, rspamd would be limited to examining the Received headers in order to try and figure out the foreign MTA IP address to run the SPF check - can it do that?  I hope that makes sense.

Thanks for any help!

Michael