-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [EMAIL PROTECTED] wrote: > -------- Original-Nachricht -------- >> Datum: Tue, 04 Sep 2007 14:38:13 -0500 >> Von: Charles Steinkuehler <[EMAIL PROTECTED]> >> An: [email protected] >> Betreff: [dspam-users] Site-wide filtering at smtp time > > I'm looking at ways to integrate dspam into our qmail infrastructure and > am considering doing site-wide filtering to bounce particularly 'spammy' > spam at SMTP time. > >> Bouncing? Since I don't know QMail good enough I wanted to ask you how you >> would implement that? Can you process a inbound message by sending/pipe it >> to a DSPAM instance or binary and parse the result?
In qmail, generally the qmail-queue binary which queues messages for local or remote deliver is replaced by a front-end that runs various filter programs and then calls the real qmail-queue. The filtering front-end can exit with various error codes that will cause the smtp receiving process to exit with a soft (4xx) or hard (5xx) error, enabling filtering or grey-listing of undesirable mail. > I'm currently running qmail with spamassassin and no > per-user spamassassin configuration tweaks. This lets me bounce mails > with really high spam scores, while passing more questionable mail > through to the user. > > I'd like to have dspam run at smtp time with 'generic' user settings. > >> This would be possible. > > Individual settings could be pulled in at local-delivery time, once > address aliases and forwarding has been dealt with. This probably means > dspam would scan delivered messages twice > >> Processing a message multiple time is no problem for DSPAM. If I understand >> you planed design, then on the first scan you will use DSPAM as source for >> getting scores and then bounce/drop/reject to spammy messages. And then >> later at local-deliver you do the proper/real scanning and tagging. If this >> is the case, then the first scan SHOULD NOT tag the message. Sounds like I'm on approximately the right track. I don't particularly care if dspam tags the message at smtp time or not. > , but that doesn't worry me too > much (the amount of real mail is pretty insignificant compared to the > amount of spam we receive, so scanning ham mail multiple times isn't a > serious load issue). > >> You will probably scan spam mail as well multiple time (depending on the >> user tokens). But DSPAM is fast. Compared to SA it is even ultra fast. > > I'm thinking about having spamd > >> You probably mean DSPAM? Um...yeah...what you said. :-) > run at smtp time using a 'global' user > combined amd making all users members of an innoculate group, but am not > sure if this will do what I'm after. > >> Just don't tag the message in the first scan. Use something like >> "--mode=notrain --classify --stdout" in the first scan (but you need then to >> parse the output) and scan normal in the second scan. Hmm...I'll have to look at the code that calls the filtering programs to see if it can parse stdout. Is there any way to get dspam to return with an error code if the message is considered spam? I'm pretty sure I can easily fold that into the filtering logic. Also, how would I setup the users and groups for this setup? I'm thinking I'd want to use a --user=globaluser switch and make this user part of a group (for training), but I'm not sure if it should be an innoculate group or something else. > Is anyone doing anything similar, and if so, how do you have dspam > configured? > >> Vanquish (-> http://www.vanquish.com/ . They are one of the sponsors of >> DSPAM and have a very good reputation for the messaging services they offer) >> has a QMail setup with DSPAM. As far I know they do scan the message as well >> multiple times. > >> If I am not wrong, some of their staff are members of this list as well. >> Just wait and look if they respond. I'll hope to hear from them. Thanks for your feedback! - -- Charles Steinkuehler [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG3dDBenk4xp+mH40RAkPLAKCmBd5h0ju2bXnau7WWTYzagQ3IAwCg5GXm +SE8OMj+Ng+jmGNz3jb9sUI= =ZBJZ -----END PGP SIGNATURE-----
