Yes I know about 465 I just do that for a legacy app. Its only acceptably secure because it only listens on loopback and thats both amavisd and smtpd for some one to bypass or intercept amavisd they need local access and in that case I've already lost since the have access to the mailbox database. The real solution is on its way and thats the filter API.
Hugo Osvaldo Barrera <[email protected]> wrote: >On 2013-07-01 03:18, Jason Barbier wrote: >> On 07/01/2013 12:48 AM, Gilles Chehade wrote: >> > On Mon, Jul 01, 2013 at 05:35:20PM +1000, oneofthem wrote: >> >> How does opensmtpd handle spam? >> >> >> > it delivers it correctly ;) >> > >> > >> > >> >> Does it have some kind of built in spam filtering or except an >external >> >> program to handle spam filtering? >> >> >> > no, it doesn't perform any kind of content inspection and to deal >with >> > spam one has to use external tools. >> > >> > there is a filtering API in progress that will allow writing >filters run >> > by the smtp server itself, but it's not ready. >> > >> > >> ++ to what he said. What I do to deal with spam is based on what >Gilles >> did to deal with DKIM proxy. I relay all mail to amavisd which scans >it >> with spam assassin and calmav, then on its way back in it tags it as >> "clean" and messages tagged as clean get pushed to dovecot for >delivery >> and sieving it looks like this config wise. Please note the order of >the >> receive rules is vital. If you put them the wrong way around you >start >> a loop between smtpd and amavisd. >> >> listen on lo0 tls certificate crt auth-optional >> listen on lo0 port 10025 tag Filtered >> listen on lo0 port 10026 tag Filtered >> listen on em0 port 25 tls certificate crt auth-optional >> listen on em0 port 587 tls certificate crt auth >> listen on em0 port 465 tls certificate crt auth > >Slightly off-topic, but port 465 was reserved for the now-deprecated >SMTPS, not SMTP+TLS. :) > >> >> #Tables >> table aliases db:/etc/mail/aliases.db >> >> #queue >> queue compression >> >> #Receive connectors >> accept tagged Filtered for any alias <aliases> deliver to mda >> "/usr/local/libexec/dovecot/deli >> ver -f %{sender}" >> accept from any for domain "serversave.us" alias <aliases> relay via >> "smtp://127.0.0.1:10024" >> accept for local alias <aliases> deliver to mda >> "/usr/local/libexec/dovecot/deliver -f %{sende >> r}" >> >> #Send Connectors >> accept for any relay >> >> -- >> Jason Barbier >> >> >> -- >> You received this email because you are subscribed to mailing list: >[email protected] >> To unsubscribe, send mail with subject: >> [[email protected]] unregister > >I've a small doubt. If you're in a shared environment, how do you keep >rogue users from listening at port 10024 and intercepting all your >email >if amavisd somehow crashes? >You wouldn't have that issue with ports < 1024, but that's not the >case. Has anyone taken this into consideration? > >Thanks, > >-- >Hugo Osvaldo Barrera
