I've been running my own mailserver for the last ten years and I must say that nowadays I'm not even running an antispam filter anymore because I basically don't get spam.
What I do instead (instead of running an antispam server) is checking all stuff that a proper mail admin would do, that is:
- greylisting (postgrey)
- reject hosts not listed in spf records for the sender (spf-policyd)
- verifying dkim signatures, if present (opendkim)
Also f#@k spamhaus and those people, they will mark you as a spam host on pure prejudice.
Wonder how it works for you... I've been running my own mail infrastructure for 10+ years. hosting tens of domains with hundreds of thousands of messages daily.
That's said, most of my spam senders match SPF and have proper DKIM records. Only few absolutely outrageous spammers ignore it.
Setting DKIM and SPF is not a rocket science and I'd be extremely surprised if spammers wouldn't do that.
Uh ... Your dkim settings are for your recipients to validate your emails.
You should ALSO be checking dkim signatures on incoming e-mails (opendkim does that IIRC).
Also, I forgot to mention that I REQUIRE tls for incoming smtp connection. That's another thing rising the bar for spammers.
If you're using postfix, it's very open by default, in the sense that it doest not come with spf and/or dkim/dmarc tooling and it's not going to, for example, require (or even allow) ssl/tls for incoming smtp connections (and won't use it for outgoing smtp connection).
One last thing: a little bit of spam leaks trough... But it's like less than a single spam email per two weeks.
What I do instead (instead of running an antispam server) is checking all stuff that a proper mail admin would do, that is:
- greylisting (postgrey)
- reject hosts not listed in spf records for the sender (spf-policyd)
- verifying dkim signatures, if present (opendkim)
Also f#@k spamhaus and those people, they will mark you as a spam host on pure prejudice.