On Wed, May 16, 2012 at 02:38:20PM -0500, Chad M Stewart wrote:
>
> I want to implement a sieve type filter, after dspam has processed the
> messages. In other words, if dspam marks the message as spam and has a high
> degree of confidence, then silently discard the message. Unfortunately
> Postfix does not have a native SIEVE implementation. I'm playing with
> ProxSMTPD and a perl script I've written. The filter will become opt-in, so
> not all users are forced into it.
>
> I'm looking for feedback if my approach sounds reasonable or if I've missed
> something.
>
> I've integrated Postfix and DSPAM using LMTP into DSPAM and SMTP out of DSPAM
> back into Postfix. I've configured Postfix to remove all 'X-DSPAM-*' headers
> in any message going into DSPAM. If a previous server passed the message via
> dspam those headers are useless to me anyway. If a spammer forges a couple
> of headers, claiming the message is innocent with a high level of confidence
> I don't want to trust those either. Assumption is that only trustworthy
> DSPAM headers will be coming out of my DSPAM system and into the discard
> filter.
>
> On the outbound side from dspam I'm planning on using proxsmtpd. Using that
> I've written a perl script that checks the message. The logic in the perl
> script is as follows:
>
>
> if ($SpamFound) { # This is TRUE if X-DSPAM-Result equals SPAM (case
> insensitive)
> if ($ConfidenceLevel >=0.9000) {
> select STDERR;
> print "250 DSPAM Confidence level HIGH, message sent to
> bitbucket";
> exit 1 ;
> } else {
> select STDERR;
> print "250 DSPAM Confidence level not high enough to discard,
> message relayed";
> exit 0;
> }
>
> } else {
> select STDERR;
> print "250 Message was not spam, relayed";
> exit 0;
> }
>
>
> Returning a 250 lets DSPAM think the message relayed no problem, while an
> exit of non-zero informs ProxSMTPD to not send the message on to the next
> hop, in this case back into Postfix. Result being the message is discarded.
> I haven't put this script into production yet, but the testing I've been
> doing with various messages indicates things would work.
>
> I need to add logging to the filter script. I don't like tossing mail away
> willy nilly, I'd prefer a human do it. I think I'll also had a safety net,
> that is, any message that it would toss, silently save a copy, just in case.
> I can setup a cronjob to delete old files easily enough.
>
>
> Thank you,
> Chad
>
Hi Chad,
Discarding mail is a bad idea unless it is yours to discard. You would be better
off filing the messages in this category into a "BAD SPAM" folder and the other
spam into a "SPAM" folder, then expire messages out of the BAD SPAM folder after
a certain time has elapsed.
Regards,
Ken
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user
