I want to implement a sieve type filter, after dspam has processed the
messages. In other words, if dspam marks the message as spam and has a high
degree of confidence, then silently discard the message. Unfortunately Postfix
does not have a native SIEVE implementation. I'm playing with ProxSMTPD and a
perl script I've written. The filter will become opt-in, so not all users are
forced into it.
I'm looking for feedback if my approach sounds reasonable or if I've missed
something.
I've integrated Postfix and DSPAM using LMTP into DSPAM and SMTP out of DSPAM
back into Postfix. I've configured Postfix to remove all 'X-DSPAM-*' headers
in any message going into DSPAM. If a previous server passed the message via
dspam those headers are useless to me anyway. If a spammer forges a couple of
headers, claiming the message is innocent with a high level of confidence I
don't want to trust those either. Assumption is that only trustworthy DSPAM
headers will be coming out of my DSPAM system and into the discard filter.
On the outbound side from dspam I'm planning on using proxsmtpd. Using that
I've written a perl script that checks the message. The logic in the perl
script is as follows:
if ($SpamFound) { # This is TRUE if X-DSPAM-Result equals SPAM (case
insensitive)
if ($ConfidenceLevel >=0.9000) {
select STDERR;
print "250 DSPAM Confidence level HIGH, message sent to
bitbucket";
exit 1 ;
} else {
select STDERR;
print "250 DSPAM Confidence level not high enough to discard,
message relayed";
exit 0;
}
} else {
select STDERR;
print "250 Message was not spam, relayed";
exit 0;
}
Returning a 250 lets DSPAM think the message relayed no problem, while an exit
of non-zero informs ProxSMTPD to not send the message on to the next hop, in
this case back into Postfix. Result being the message is discarded. I haven't
put this script into production yet, but the testing I've been doing with
various messages indicates things would work.
I need to add logging to the filter script. I don't like tossing mail away
willy nilly, I'd prefer a human do it. I think I'll also had a safety net,
that is, any message that it would toss, silently save a copy, just in case. I
can setup a cronjob to delete old files easily enough.
Thank you,
Chad
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Dspam-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspam-user
