> On 08 Apr 2015, at 13:04, Gilles Chehade <[email protected]> wrote: > >> I know about clamsmtp, spampd etc. which check/tag *after* queuing. But >> since I prefer not to annoy my users with quarantine (web-interfaces), >> ***SPAM*** subjects, spam folders, or similar things I want to ask: Is >> there any chance to filter/check for spam *before* queueing with >> opensmtpd? > > Well, one way would be to put spampd in front of OpenSMTPD and have it > process all mail before passing it to the MTA.
I thought about this before (using dspam in proxy mode), but then (similar to spamd) I loose the required SMTP AUTH possibility. Also, the spampd code looks not that mature to have it in “frontlines”. >> Side note: It looks like some lawyers say, once it is queued >> one is not allowed to delete (silently). > > Yes, the goal of opensmtpd is to take all necessary steps to ensure that > mails don't get lost so once in queue, it HAS to be delivered somewhere, > or a mailer daemon has to be generated. Right approach ;) Anyway, I could handle the deletion later in Dovecot LDA/Sieve, e.g. if header says it is spam/virus, then zap it. But as I said, lawyers may not like this. >> With my old milter setup (spam) mail is blocked by sendmail if >> spamassassin/clamav says so and *not* queued. > > Well, you could write a filter to reject the message if the body > contains a header set by spamassassin/clamav and achieve the same. Yes, I guess hooking into the SMTP dialog is required and the way to go. >> I do not need to stick with spamassassin, switching to dspam, >> mailscanner, rspamd, whatever would be okay, as long as I find an easy >> way to scan before queueing. In fact I played with dspam as it does not >> rely on additional daemons like clamsmtp and spampd and can speak LMTP >> directly with opensmtpd (while also calling clamav on its own). Thus >> this would really simplify the setup. But for the queueing I need >> something like: >> "accept from any for domain <domains> virtual <users> && no queue && >> relay via lmtp://127.0.0.1:2525" >> while returning the error code of LMTP session back to sender... I guess >> this is not possible? >> >> Side question: it is not possible to relay via LMTP to local unix domain >> socket instead of IP socket, right? e.g.: >> ... relay via lmtp:///var/dspam/dspam.sock > > only when using "deliver to lmtp" (see man smtpd.conf) I do not really need it, but is there any reason for the minor “inconsistency” in the syntax of these options? >> I know about opensmtpd-extras and have seen the filters, but these are >> not yet enabled and ready for production, right? Writing my own filter >> to check spam (similar as milter does) seems to be possible and I think >> I have the C skills to handle this. But since this is a production >> server I need something stable, e.g. can not rewrite the filter every n >> months to adjust the needs for the (not yet enabled) unstable API. > > true Any roadmap for the filter API? What are the show-stoppers for the filters to be enabled in the build and become stable, e.g. what needs to be tested? Code looks good from what I’ve seen. Are there really major changes expected? The longer I think about it (while looking at the existing filter code), the more I come to the conclusion that I just should sit down tonight and write this missing SA filter. Based on the existing filters in -extras and the code from http://www.benzedrine.ch/milter-spamd.html a SA filter should be straightforward to implement. >> I also know about spamd, but that is not really an option for now as the >> server speaks v6 and STARTTLS, moreover I have legacy users which AUTH >> on port 25 as well. This does not play well with spamd. >> I also scan outgoing mails, as I really do not trust the users. >> >> Any hints and insights are welcome, maybe someone has a similar setup? > > I don't ;-) How do you handle spam filtering? After-queue, only? Thanks, Regards, Joerg -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
