I've followed the wiki guidelines for sqlgrey and it has worked well.
I've also implemented an additional method for reducing spam. First some caveats:
This could lead to mass blocking of legitimate mail.
This may not be a good fit for some organizations.
This may not reduce the amount of spam reaching the Inbox's but it will reduce the server load.
Here it is:
After reviewing weeks worth of logs I was able to confirm that the kill level was set high enough that no legitimate email was ever blocked. Some legitimate mail was tagged as spam and passed on but never blocked. Also, it appears that companies that do virtual hosting are not a source of the blocked spam - all of it appears to come from bots and foreign countries.
Based on that I decided there's no reason to even accept email connections for computers that send email that's going to be blocked from delivery anyway.
Enter fail2ban - it scans the zimbra logs for a blocked email and then using iptables drops any further packets from that servers ip address.
That worked so successfully I also added rules for servers that connect and have no dns record (they show up as 'unknown').
I have had for a few years several honeypot email addresses and added them to the rules also (send email to a hidden email address and you don't get to send again).
IP's are banned for just a few days and then allowed to connect again.
The results are that no one is missing legitimate messages and the server is processing 1/6th the number of emails it used to
