I found and fixed two issues with spam filtering that closed a couple of holes, hopefully didn’t break anything in the process, but if so please use Support->Tickets to report the issue.

     First thing I found broken was opendkim checking was not working owing to key retrieval.  It appears that opendkim does not use the system resolver by default, it is necessary to define name servers in it’s conf file.  I had not done this, key retrieval was failing, so opendkim was not rejecting sites forging as it should have been though most still would have been caught by spf.  But this together with spf will also make opendmarc work so should further reduce spam.

     The second thing was I had not configured recipient_checks in mail.eskimo.com’s postfix main.cf file and as a result the recipients_check file was completely ignored.  This server is intended for outgoing mail, but by addressing to user@mail.eskimo.com AND ignoring MX records and directly attaching to this server spam could be sent.  I was able to catch this because I happen to be perusing the logs for errors and happened to see one such spam come through which lead me to investigate the configuration to find out why it was not rejecting it.