Spamassassin and Sendmail
in [UK Linux]
|
Prev: Being a small-scale ISP
Next: Looking for Wi-Fi
From: Timothy Teapot on 24 Dec 2008 15:25 On Tue, 23 Dec 2008 22:58:51 -0800, Dave {Reply Address in.Sig} ate alphabet spaghetti and softly excreted.... > Will Kemp wrote: >> Dave {Reply Address in.Sig} wrote: >>> Graham Murray wrote: >>>> "Dave {Reply Address in.Sig}" <"noone$$"@llondel.org> writes: >>>> >>>>> I've had spamassassin (in its spamd form) and sendmail running >>>>> happily for a while now, courtesy of the spamass-milter. However, I >>>>> notice that it appears to do spam filtering before address >>>>> validation, so it >>>> I do not think that is possible. SpamAssassin needs the complete >>>> message to check for spam, which means that it needs to be run during >>>> (or after if not using a milter) the SMTP DATA phase. Sendmail >>>> performs address validation prior to the DATA phase, so by the time >>>> Spamassassin is invoked, the addresses should already have been >>>> evaluated. >>> >>> Based on the setup here, where I'm dumping all the spam into a single >>> place, much of it is addressed to invalid recipients, including some >>> old message-IDs. Some is addressed to mail aliases as well. Therefore >>> I assume that it's all being offered to spamassassin without address >>> validation or expansion. >> >> You are looking at the *envelope* "To", aren't you? Not the *header* >> "To:" >> >> > A fair bit seems to have identical To in both envelope and header. > > I'm using a fairly standard (as in Fedora defaults with a few custom > tweaks for my domain and the IMAP back-end plus the spamass-milter > lines) setup. I've been trying to find a relevant set of docs to run > through the install because the initial setup I did in a hurry (as in my > main mail machine that I can't get to easily decided to fail) used some > examples cut-and-pasted from the web and I suspect that whoever posted > them didn't fully understand it either. I've got a few days free coming > up so any pointers to what to look at and read to understand what should > be happening and what all the different options mean. > > I might also look at the MimeDefang stuff as an alternative - as I said, > I put it together in a hurry after a remote hardware failure and it > was a quick fix. I've got to chuck in my sixpence here - if you are getting invalid mail as far as Spamassassin then you're seriously getting it wrong. The idea is to fully scan as little mail as possible. My own view (and way I implement things is): 1) Knock out as much as possible on RBL's 2) Verify PTR (I don't do SPF as most people seem to clueless to set it up) 3) Ensure RFC compliance 4) Verify all recipients 5) Then take mail and scan What I would *like* to be able to do: 0) Throttle/Rate control incoming IP connections 1) Knock out as much as possible on RBL's 2) Verify PTR 3) Greylist anything without SPF 4) Tarpit for 25 seconds anything with a generic email such as 'postmaster' 'abuse' 'sales' 5) Verify recipients 6) Hold open any connections where 'to' and 'from' is the same (spoofing) for at least 2 minutes before dropping with an error 7) Virus scan 8) Spam Scan 9) Issue correct SMTP code (5xx or 2xx) so I'm not left holding the NDR baby if I've dropped it after scanning has begun. I find my method gives good results, but to enhance it further would have wider benefits all round. -- Marketing - the posh way to say 'spammer'
From: Andrzej Adam Filip on 24 Dec 2008 18:03
"Dave {Reply Address in.Sig}" <"noone$$"@llondel.org> wrote: > Martin Gregorie wrote: >> On Mon, 22 Dec 2008 22:32:35 -0800, Dave {Reply Address in.Sig} wrote: >> >>> I've had spamassassin (in its spamd form) and sendmail running happily >>> for a while now, courtesy of the spamass-milter. However, I notice that >>> it appears to do spam filtering before address validation, so it is >>> processing a lot more spam than it really needs to, whereas my previous >>> installation (not using spamassassin or sendmail) only bothered to >>> spam-check stuff that was destined for successful delivery. >>> >>> Is it possible to set things up so that sendmail does address >>> validation/expansion before passing mail on for spam checking? My >>> Google-fu has failed to turn up anything useful. >> >> Is changing to Postfix a possibility? That's capable of applying >> sender and RBL filtering before the message gets passed to SA. > > I could see Postfix as a longer-term solution but the machine is in > the same rack as the one that's failed and so is inaccessible at > present if I seriously screw up. Some things I prefer to do when the > local keyboard is at hand. For your future reference: Postfix-2.3.0+ supports (some) milters. URL(s): http://en.wikipedia.org/wiki/Milter -- [pl>en Andrew] Andrzej Adam Filip : anfi(a)onet.eu : anfi(a)xl.wp.pl Perl is designed to give you several ways to do anything, so consider picking the most readable one. -- Larry Wall in the perl man page |