Re: (postfix) SPAM filter?
Eric Crist wrote: On Dec 17, 2007, at 2:36 AM, Jorn Argelo wrote: On Mon, 17 Dec 2007 00:20:50 +0530, Girish Venkatachalam [EMAIL PROTECTED] wrote: On 14:48:35 Dec 15, Jorn Argelo wrote: Greylisting only works so-so nowadays. There was a couple of months it was very effective, but that is long gone. Spammers aren't stupid, and they follow the development of anti-spam techniques as much as e-mail admins do. Greylisting is a start, but from my experience it is not nearly enough. I have heard this said elsewhere too. Yes don't rely solely on greylisting unless you're a lucky guy and don't get a lot of spam. I hear a lot of people saying that greylisting doesn't work, when I have actual numbers for my network proving it does. These numbers are from the first week of May 2007 to today: [snip] I'm not saying it doesn't work. As a matter of fact, we're making effective use of greylisting as well. With spamd you can see the sender address and the HELO for example, so you can make nice scripts of trapping forged e-mail addresses, incorrect HELO commands, empty sender addresses, stuff like that. Just the greylisting process itself is only working so-so in our environment. All I'm saying is that greylisting is a start and not a solution :) But like I said, YMMV. Jorn ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (postfix) SPAM filter?
On Dec 17, 2007, at 7:56 AM, Eric Crist wrote: I hear a lot of people saying that greylisting doesn't work, when I have actual numbers for my network proving it does. These numbers are from the first week of May 2007 to today: Greylisted/Rejected Messages: 187560 Spam Tagged Messages: 3806 Virus Tagged Messages: 0 Bounced Messages:7 Total Messages Sent: 761 Total Messages Delivered:25345 I'd second the recommendation, although my stats don't keep long-term track of the difference between something greylisted and something bounced due to policy-weightd. Over the past year, I've had: Rejected Messages: 1,624,353 Spam Tagged Messages: 39,633 Virus Tagged Messages: 2947 Bounced Messages: 7609 Total sent: 103,433 Total received: 122,614 About 93% of the incoming traffic gets rejected permanently (via policy-weightd) or temporarily via greylisting; of the remainder, about 40% is tagged as spam and about 3% is tagged as viral. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (postfix) SPAM filter?
On Mon, 17 Dec 2007 00:20:50 +0530, Girish Venkatachalam [EMAIL PROTECTED] wrote: On 14:48:35 Dec 15, Jorn Argelo wrote: Greylisting only works so-so nowadays. There was a couple of months it was very effective, but that is long gone. Spammers aren't stupid, and they follow the development of anti-spam techniques as much as e-mail admins do. Greylisting is a start, but from my experience it is not nearly enough. I have heard this said elsewhere too. Yes don't rely solely on greylisting unless you're a lucky guy and don't get a lot of spam. Also I believe that rejecting e-mail is a big point of discussion. We had an internet e-mail environment built about 3 years ago, and there the users were terrorized by spam. We had some users getting 30 spam mails a day at least. This setup was running amavis, spamassassin, postfix, postgrey, dcc and razor. Unfortunately, over time the bayes filter got incorrectly trained, and it sometimes rejected valid e-mails. If there's something you DON'T want to happen it's that. And also troubleshooting those kind of things can be quite hard ... What about CRM114 and dspam? I played with dspam at home but I didn't really got it running as I wanted to. I didn't invest an awful lot of time in it though, so I cannot properly judge it. I never heard of CRM114, so I cannot say anything from that. Have you ever tried statistical filtering instead of heuristics with spamassassin? We rebuilt the environment from scratch. Right now we are running OpenBSD spamd + OpenBSD Packetfilter. This functions as greylisting / greptrapping in combination with the PF firewall. We made a couple of scripts to trap invalid / forged e-mail addresses that are greylisted. Also we make use of the uatraps / nixspam traplists, and our own generated blacklist generated from spam being sent to the postmaster. We had some problems with blacklisted entries in the past, but we worked around that. It goes further then that, but I will spare you all the details. pf(4) has some amazing features that come in handy for spam control. I guess it forms a key component of any spam blocking architecture. And it works in concert with the other OpenBSD niceties you point out like populating the tables with blacklists and whitelists, greytrapping and using the pf(4) anchor mechanism to automate stuff. Indeed. PF is very powerful and uses very little resources. Hats off to the OpenBSD guys for this. And indeed, I can recommend every e-mail admin to use a pf and spamd combination. It's awesome and you can do a lot with it. Check out the OpenBSD website for more info. The probability and state tracking options in pf(4) are pretty interesting too if used creatively. Very much so, it opens a lot of new options for you to handle blacklisted entries. On the second line we run Postfix / ClamSMTP / Clamd / Spamassassin. We removed Amavis because it was annoying to upgrade and we wanted to get rid of it, as we had problems with it in the past. With SpamAssassin we use sa-update and sa-learn to keep the rules up-to-date and make sure bayes gets properly trained. So we are marking e-mail as spam and no longer block it. Why? Simple ... we no longer want to block false positives. Again, there is more to this, but I will spare you all the details. But if you don't update virus signatures wouldn't that cause worms and malware propagation? I know I am digressing but I thought signature updation was critical to malware control... Well of course, but with clamd I also ment using freshclam :) So we keep our signature database up-to-date as well. Right now we have 2500 happy users. Their local helpdesks helped them with getting an Outlook rule in place to automatically move tagged e-mails to a spam folder. Just like their gmail, hotmail or Yahoo account does at home. Wow, this is great. I am not surprised to hear this. ;) The environment we have is certainly not the easiest one, but we automated many things, leaving us with practically no work on it. All the updating of rulesets / blacklists / whitelists /whatever goes by itself. Downside of an environment like this is that you will need quite some knowledge of all the components and how they work together. But hey, I got it running at home as well (a bit simpler though) and didn't had a single spam mail in my mailbox the last 4 months. Sure, the ones I do get are getting tagged and moved to my spam folder automatically, which I do with maildrop (though procmail does the job nicely too). All in all it works like a charm. Using the X-foobar headers I suppose? I just check the Subject header to see if it starts with *SPAM*. So yes, using the mail headers :) Well a long story, but maybe it is of use for someone else. As always, YMMV. Yes, very enlightening, many thanks. Glad to hear. Jorn ___
Re: (postfix) SPAM filter?
On Dec 17, 2007, at 2:36 AM, Jorn Argelo wrote: On Mon, 17 Dec 2007 00:20:50 +0530, Girish Venkatachalam [EMAIL PROTECTED] wrote: On 14:48:35 Dec 15, Jorn Argelo wrote: Greylisting only works so-so nowadays. There was a couple of months it was very effective, but that is long gone. Spammers aren't stupid, and they follow the development of anti-spam techniques as much as e-mail admins do. Greylisting is a start, but from my experience it is not nearly enough. I have heard this said elsewhere too. Yes don't rely solely on greylisting unless you're a lucky guy and don't get a lot of spam. I hear a lot of people saying that greylisting doesn't work, when I have actual numbers for my network proving it does. These numbers are from the first week of May 2007 to today: Greylisted/Rejected Messages: 187560 Spam Tagged Messages: 3806 Virus Tagged Messages: 0 Bounced Messages:7 Total Messages Sent: 761 Total Messages Delivered:25345 So, out of 25,345 messages that have been delivered to mailboxes, 3,806 of them were tagged as Spam by Spamassassin. Guessing at false positives based on what I see in my inbox (I'm the heaviest mail user on my network), about 10% are probably false positives. 25345/187560 = .1351 = 13.51% of email gets past greylisting. ((3806*.90)/25345) = .1351 = 13.51% of that email is considered Spam, which is probably correct. Based on those numbers, 162,215 messages were probably Spam. I'm guess it's Spam, as none of our users have complained that there is legitimate email failing to get through to their inbox. That would be ~88.8% of email hitting my systems is Spam. I would consider greylisting in my case VERY successful. What this doesn't take into consideration, however, is that I truly hate the delay of receiving a message from someone that isn't in the database, and as such, we're working on improving our SA rulesets and getting rid of greylisting. If my math is wrong here, please feel free to correct me, I'm by no means any good at it. ;) - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (postfix) SPAM filter?
Heiko Wundram (Beenic) wrote: Am Donnerstag, 13. Dezember 2007 03:12:53 schrieb Chuck Swiger: Install the following: /usr/ports/mail/postfix-policyd-weight /usr/ports/mail/postgrey Just as an added suggestion: these two (very!) lightweight packages suffice to keep SPAM out of our company pretty much completely. Both are best used to reject mails before they even have to be delivered (in Postfix, this is a sender or recipient restriction, see the websites of the two projects for more details on how to set them up), so as a added bonus, people don't have to scroll through endless lists of mails marked as ***SPAM***. Greylisting only works so-so nowadays. There was a couple of months it was very effective, but that is long gone. Spammers aren't stupid, and they follow the development of anti-spam techniques as much as e-mail admins do. Greylisting is a start, but from my experience it is not nearly enough. Also I believe that rejecting e-mail is a big point of discussion. We had an internet e-mail environment built about 3 years ago, and there the users were terrorized by spam. We had some users getting 30 spam mails a day at least. This setup was running amavis, spamassassin, postfix, postgrey, dcc and razor. Unfortunately, over time the bayes filter got incorrectly trained, and it sometimes rejected valid e-mails. If there's something you DON'T want to happen it's that. And also troubleshooting those kind of things can be quite hard ... We rebuilt the environment from scratch. Right now we are running OpenBSD spamd + OpenBSD Packetfilter. This functions as greylisting / greptrapping in combination with the PF firewall. We made a couple of scripts to trap invalid / forged e-mail addresses that are greylisted. Also we make use of the uatraps / nixspam traplists, and our own generated blacklist generated from spam being sent to the postmaster. We had some problems with blacklisted entries in the past, but we worked around that. It goes further then that, but I will spare you all the details. On the second line we run Postfix / ClamSMTP / Clamd / Spamassassin. We removed Amavis because it was annoying to upgrade and we wanted to get rid of it, as we had problems with it in the past. With SpamAssassin we use sa-update and sa-learn to keep the rules up-to-date and make sure bayes gets properly trained. So we are marking e-mail as spam and no longer block it. Why? Simple ... we no longer want to block false positives. Again, there is more to this, but I will spare you all the details. Right now we have 2500 happy users. Their local helpdesks helped them with getting an Outlook rule in place to automatically move tagged e-mails to a spam folder. Just like their gmail, hotmail or Yahoo account does at home. The environment we have is certainly not the easiest one, but we automated many things, leaving us with practically no work on it. All the updating of rulesets / blacklists / whitelists /whatever goes by itself. Downside of an environment like this is that you will need quite some knowledge of all the components and how they work together. But hey, I got it running at home as well (a bit simpler though) and didn't had a single spam mail in my mailbox the last 4 months. Sure, the ones I do get are getting tagged and moved to my spam folder automatically, which I do with maildrop (though procmail does the job nicely too). All in all it works like a charm. Well a long story, but maybe it is of use for someone else. As always, YMMV. - Jorn I've had a setup with amavisd-new, spamassassin and clamav on another mail server (basically the same thing Chuck described), but for our current usage, these two are efficient enough not to warrant the upgrade to more powerful hardware (which would be required to run SpamAssassin properly). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (postfix) SPAM filter?
On 14:48:35 Dec 15, Jorn Argelo wrote: Greylisting only works so-so nowadays. There was a couple of months it was very effective, but that is long gone. Spammers aren't stupid, and they follow the development of anti-spam techniques as much as e-mail admins do. Greylisting is a start, but from my experience it is not nearly enough. I have heard this said elsewhere too. Also I believe that rejecting e-mail is a big point of discussion. We had an internet e-mail environment built about 3 years ago, and there the users were terrorized by spam. We had some users getting 30 spam mails a day at least. This setup was running amavis, spamassassin, postfix, postgrey, dcc and razor. Unfortunately, over time the bayes filter got incorrectly trained, and it sometimes rejected valid e-mails. If there's something you DON'T want to happen it's that. And also troubleshooting those kind of things can be quite hard ... What about CRM114 and dspam? Have you ever tried statistical filtering instead of heuristics with spamassassin? We rebuilt the environment from scratch. Right now we are running OpenBSD spamd + OpenBSD Packetfilter. This functions as greylisting / greptrapping in combination with the PF firewall. We made a couple of scripts to trap invalid / forged e-mail addresses that are greylisted. Also we make use of the uatraps / nixspam traplists, and our own generated blacklist generated from spam being sent to the postmaster. We had some problems with blacklisted entries in the past, but we worked around that. It goes further then that, but I will spare you all the details. pf(4) has some amazing features that come in handy for spam control. I guess it forms a key component of any spam blocking architecture. And it works in concert with the other OpenBSD niceties you point out like populating the tables with blacklists and whitelists, greytrapping and using the pf(4) anchor mechanism to automate stuff. The probability and state tracking options in pf(4) are pretty interesting too if used creatively. On the second line we run Postfix / ClamSMTP / Clamd / Spamassassin. We removed Amavis because it was annoying to upgrade and we wanted to get rid of it, as we had problems with it in the past. With SpamAssassin we use sa-update and sa-learn to keep the rules up-to-date and make sure bayes gets properly trained. So we are marking e-mail as spam and no longer block it. Why? Simple ... we no longer want to block false positives. Again, there is more to this, but I will spare you all the details. But if you don't update virus signatures wouldn't that cause worms and malware propagation? I know I am digressing but I thought signature updation was critical to malware control... Right now we have 2500 happy users. Their local helpdesks helped them with getting an Outlook rule in place to automatically move tagged e-mails to a spam folder. Just like their gmail, hotmail or Yahoo account does at home. Wow, this is great. I am not surprised to hear this. ;) The environment we have is certainly not the easiest one, but we automated many things, leaving us with practically no work on it. All the updating of rulesets / blacklists / whitelists /whatever goes by itself. Downside of an environment like this is that you will need quite some knowledge of all the components and how they work together. But hey, I got it running at home as well (a bit simpler though) and didn't had a single spam mail in my mailbox the last 4 months. Sure, the ones I do get are getting tagged and moved to my spam folder automatically, which I do with maildrop (though procmail does the job nicely too). All in all it works like a charm. Using the X-foobar headers I suppose? Well a long story, but maybe it is of use for someone else. As always, YMMV. Yes, very enlightening, many thanks. -Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (postfix) SPAM filter?
Am Samstag, 15. Dezember 2007 14:48:35 schrieb Jorn Argelo: snip Also I believe that rejecting e-mail is a big point of discussion. We had an internet e-mail environment built about 3 years ago, and there the users were terrorized by spam. We had some users getting 30 spam mails a day at least. This setup was running amavis, spamassassin, postfix, postgrey, dcc and razor. Unfortunately, over time the bayes filter got incorrectly trained, and it sometimes rejected valid e-mails. If there's something you DON'T want to happen it's that. And also troubleshooting those kind of things can be quite hard ... Neither of the two packages I recommended are anything close to bayesian filtering, as they don't actually take measure on the content of the mail (which isn't available anyway when the corresponding rules are effective in the Postfix restriction mechanism), but rather on the conditions the mail is received under. This is what makes them (much more) lightweight (than for example a full statistical or bayesian filter) in the first place. I've not had a single false positive which wasn't explained with incorrect or plain invalid mailserver configuration on the sender side so far with these two packages, and the possibility of a false negative in our current environment is something close to 1%, at least according to my mailbox (which gets publicized enough by posting to @freebsd.org addresses). -- Heiko Wundram Product Application Development ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (postfix) SPAM filter?
--On December 16, 2007 8:13:34 PM +0100 Heiko Wundram (Beenic) [EMAIL PROTECTED] wrote: Neither of the two packages I recommended are anything close to bayesian filtering, as they don't actually take measure on the content of the mail (which isn't available anyway when the corresponding rules are effective in the Postfix restriction mechanism), but rather on the conditions the mail is received under. This is what makes them (much more) lightweight (than for example a full statistical or bayesian filter) in the first place. I've not had a single false positive which wasn't explained with incorrect or plain invalid mailserver configuration on the sender side so far with these two packages, and the possibility of a false negative in our current environment is something close to 1%, at least according to my mailbox (which gets publicized enough by posting to @freebsd.org addresses). I've been using policyd-weight for more than a year now, and I've had exactly one problem with it. It rejected legitimate mail because that particular ISP didn't have a clue about DNS. I tweaked the rules very slightly to cause a score for legitimate mail to fail just below the threshold for rejection, and I've not had a single false positive since. Policyd-weight rejects between 50% and 80% of the incoming mail (it varies by the day) before the mail server ever even processes it. I also use spamassassin, and I have set it up so that borderline mail that's rejected gets copied to a folder (/var/spool/spam) so I can review it. Occasionally I have to recover an email from that folder because it was falsely labeled as spam. Usually it's someone using incredimail or a similar service that loads up an email with all sorts of extra junk. Policyd-weight is the perfect complement to a tool like spamassassin. It gets rid of all the obvious spam (fake MXes, dailup mail servers, servers listed in multiple RBLs, etc.) before spamassassin has to make a decision about it. Paul Schmehl ([EMAIL PROTECTED]) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (postfix) SPAM filter?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Sten and the rest, We have a need for a relatively painless anti-spam solution that would reduce the amount of incoming spam (via postfix mail router). The problem is that i have little knowledge on what this actually means. Googling reveals a whole universe of interesting ways but what should i pursue? The things that are important to me is: * Once it is setup then it would require no additional maintenance. * Potential spam messages are marked with a special header that can be filtered on user discretion on their local mail client software. Neither performance, scalability, license nor cost is of much importance to me at this point. I have a different approach. I refuse all connections from ip's which reverse DNS points to costumers of providers. This gives a huge reduction of botnets. Below my helo_checks and client_checks. Ofcourse use it for your own risk! Besides this method I also use rbls's, greylisting, clamsmtpd, clamav, procmail and spamassasin ### # helo_checks.pcre ### /^[0-9.]+$/ REJECT Please use your ISP's outgoing mail server - HA /^\|/ REJECT Please use your ISP's outgoing mail server - HB /^[\d\.]+$/ REJECT Please use your ISP's outgoing mail server - HC # H1 adsl,dial,dhcp,cable,retail,dynamic in helo /(adsl|dial|dhcp|cable|retail|dynamic)/i REJECT Please use your ISP's outgoing mail server - H1 # H2 customer,static,kabel in helo /(customer|static|kabel)/i REJECT Please use your ISP's outgoing mail server - H2 # H3 12345 # /\d{5}/ REJECT Please use your ISP's outgoing mail server - H3 # H4 123-123-123 /\d{1,3}-\d{1,3}-\d{1,3}/ REJECT Please use your ISP's outgoing mail server - H4 # H5 123.123.123 # /\d{1,3}\.\d{1,3}\.\d{1,3}/ REJECT Please use your ISP's outgoing mail server - H5 ### # client_checks.pcre ### # C1 adsl,dial,dhcp,cable,retail,dynamic in hostname /(adsl|dial|dhcp|cable|retail|dynamic)/i 554 Please use your ISP's outgoing mail server - C1 # C2 customer,static,kabel in hostname /(customer|static|kabel)/i 554 Please use your ISP's outgoing mail server - C2 # C3 123456 /\d{6}/ 554 Please use your ISP's outgoing mail server - C3 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) - GPGrelay v0.959 iD8DBQFHZYI8Ph5RwW/NzC4RAj1uAJ9saKRz9Q+daCcU7D/plXGRAdXflACfQ3KR DpXkjMrMMITbqdSulZW8aBM= =D4lA -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (postfix) SPAM filter?
I have found spam assassin with nightly updates of the helpful (there are other people developing new regexs daily). 48 5 * * * /usr/local/bin/sa-update --channel updates.spamassassin.org /usr/local/etc/rc.d/sa-spamd restart There are other channels you can subscribe to. Another super helpful bocker is to block all inbound connections from IPs without reverse DNS. Don't forget to virus check your email while you are at it -- there are several packages (clamav is one). And finally, a couple of RBLs added into the mix are helpful. Awesome, i didn't see the subscriptions on their website. This is exactly what i need. -- Sten Daniel Soersdal Something else I would recommend if you end up going the spamassassin route is to look at rules emporium and rules du jour http://www.rulesemporium.com/rules.htm Rules Du Jour is a nice bash script that can automatically download and update the latest rules emporium rules for several different categories of spam. You just choose which rule lists you want to use (there are a lot of categories and then different levels of spam caught vs false positives within rule sets) and then set rules du jour as a nightly cron job to update your rule sets automatically. As some one else said, this lets you have other people keep your regexs up to date. I also added these lines to the top of the Rules Du Jour script to download a couple of other nice clamAV spam signatures: #update extra clam spam defs if [[ -d /var/lib/clamav/ ]]; then cd /var/lib/clamav/ wget --timestamping http://download.mirror.msrbl.com/MSRBL-SPAM.ndb cd /var/lib/clamav/ wget --timestamping http://www.sanesecurity.co.uk/clamav/scamsigs/scam.ndb.gz gunzip -cdf scam.ndb.gz scam.ndb fi #end update extra clam spam defs I also use these smtpd restrictions in main.cf: smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/etc/postfix/helo_access, reject_non_fqdn_hostname, reject_invalid_hostname, permit smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/client_restrictions, permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unknown_sender_domain, check_sender_access hash:/etc/postfix/client_restrictions, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client list.dsbl.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.njabl.org, permit Most of that came from here: http://www.freesoftwaremagazine.com/articles/focus_spam_postfix/ Greylisting is great, and usually doesn't delay mail more than 5 minutes, but in some rare cases it can lead to mail delays of sometimes up to 4 or 5 hours (which is within RFC specs for resending after a 302 message). For my personal server, that is no problem, so I have implemented postgrey (with the stuff above) and get almost no spam ever. For a few businesses I run mail servers for, they expect email to be instant (I know it doesn't have to be technically, but that is what a lot of people expect now a days). For them 20 extra spam a day by not doing grey listing is an okay trade off so that one contact from the new client shows up in time, instead of 3 hours too late. Anyway, I hope this helps. I am always trying to find new great spam solutions (using postfix), so I will continue watching this tread with great interest. Most of the companies I setup mail servers for would rather have 30 spam delivered per user per day than have even 1 false positive or 1 significantly delayed mail, so it is always a tricky line to walk (at least for me) to block as much spam as I can, without ever delaying or blocking a ham message, so I am always looking for new ideas and solutions. Preston ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: (postfix) SPAM filter?
Hi Sten, I ran /usr/ports/security/amavisd-new for a year or so. I must admit, I didn't update it so more and more spam made it's way through. A mate tipped me off on trying: /usr/ports/mail/mailscanner Much easier to install than amavisd-new. I found it easier to understand the config file too. If you really get keen, there is a book you can purchase and it has great online help. There is also a nice optional webpage stats port/package: /usr/ports/mail/mailscanner-mrtg Now I only have 1 spam getting through every 3 days or so out of 350+ daily spam emails. I now have it running on 4 different sites. Cheers, Paul Hamilton -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sten Daniel Soersdal Sent: Thursday, 13 December 2007 10:12 AM To: freebsd-questions Subject: (postfix) SPAM filter? We have a need for a relatively painless anti-spam solution that would reduce the amount of incoming spam (via postfix mail router). The problem is that i have little knowledge on what this actually means. Googling reveals a whole universe of interesting ways but what should i pursue? The things that are important to me is: * Once it is setup then it would require no additional maintenance. * Potential spam messages are marked with a special header that can be filtered on user discretion on their local mail client software. Neither performance, scalability, license nor cost is of much importance to me at this point. Any hints? -- Sten Daniel Soersdal ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (postfix) SPAM filter?
Rudy wrote: Steve Bertrand wrote: * Once it is setup then it would require no additional maintenance. * Potential spam messages are marked with a special header that can be filtered on user discretion on their local mail client software. Yes, one recommendation for sure. Give up on your first goal. It'll never happen, because fighting spam is an arms race, with new tactics needing to be adopted. Amen (or Ahem, or what BSDie would say). There will *ALWAYS* be maintenance. If you are not developing new regexs and/or solutions to fight the daily produced techniques that make up SPAM, then you are implementing them. I have found spam assassin with nightly updates of the helpful (there are other people developing new regexs daily). 48 5 * * * /usr/local/bin/sa-update --channel updates.spamassassin.org /usr/local/etc/rc.d/sa-spamd restart There are other channels you can subscribe to. Another super helpful bocker is to block all inbound connections from IPs without reverse DNS. Don't forget to virus check your email while you are at it -- there are several packages (clamav is one). And finally, a couple of RBLs added into the mix are helpful. Awesome, i didn't see the subscriptions on their website. This is exactly what i need. -- Sten Daniel Soersdal ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
(postfix) SPAM filter?
We have a need for a relatively painless anti-spam solution that would reduce the amount of incoming spam (via postfix mail router). The problem is that i have little knowledge on what this actually means. Googling reveals a whole universe of interesting ways but what should i pursue? The things that are important to me is: * Once it is setup then it would require no additional maintenance. * Potential spam messages are marked with a special header that can be filtered on user discretion on their local mail client software. Neither performance, scalability, license nor cost is of much importance to me at this point. Any hints? -- Sten Daniel Soersdal ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (postfix) SPAM filter?
On Wednesday 12 December 2007, Sten Daniel Soersdal said: We have a need for a relatively painless anti-spam solution that would reduce the amount of incoming spam (via postfix mail router). The problem is that i have little knowledge on what this actually means. Googling reveals a whole universe of interesting ways but what should i pursue? The things that are important to me is: * Once it is setup then it would require no additional maintenance. * Potential spam messages are marked with a special header that can be filtered on user discretion on their local mail client software. Neither performance, scalability, license nor cost is of much importance to me at this point. Any hints? SpamAssassin (in the ports tree). It's relatively easy to set up and can be used server wide or on an individual basis. Individuals can also override site-wide settings. Links to setting up with postfix can be found on the postfix site. Beech -- --- Beech Rintoul - FreeBSD Developer - [EMAIL PROTECTED] /\ ASCII Ribbon Campaign | FreeBSD Since 4.x \ / - NO HTML/RTF in e-mail | http://www.freebsd.org X - NO Word docs in e-mail | Latest Release: / \ - http://www.FreeBSD.org/releases/6.2R/announce.html --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (postfix) SPAM filter?
Sten Daniel Soersdal wrote: We have a need for a relatively painless anti-spam solution that would reduce the amount of incoming spam (via postfix mail router). The problem is that i have little knowledge on what this actually means. Googling reveals a whole universe of interesting ways but what should i pursue? The things that are important to me is: * Once it is setup then it would require no additional maintenance. * Potential spam messages are marked with a special header that can be filtered on user discretion on their local mail client software. Neither performance, scalability, license nor cost is of much importance to me at this point. Any hints? No additional maintenance (less user add/delete)?: http://www.postini.com Unfortunately, it's been years since I've used their services so I can't remember if they have the ability to mark and pass. It's a hands-off solution that works. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (postfix) SPAM filter?
* Once it is setup then it would require no additional maintenance. * Potential spam messages are marked with a special header that can be filtered on user discretion on their local mail client software. Neither performance, scalability, license nor cost is of much importance to me at this point. Any hints? SpamAssassin (in the ports tree). It's relatively easy to set up and can be used server wide or on an individual basis. Individuals can also override site-wide settings. Links to setting up with postfix can be found on the postfix site. I was going to recommend that, but from my experience, there is no real *easy* way to allow users directly to modify their own settings. I am probably wrong though. Another solution (which is also not a do-it-yourself), is http://barracuda.com. We switched from Postini to an internal Barracuda cluster and have never looked back. I might add that I personally run an ancient version of SpamAssassin on my personal box which still works, and I have an upgraded box coming down the pipe. I have no experience with having inexperienced users manage their own account with it though. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (postfix) SPAM filter?
On Wednesday 12 December 2007, Sten Daniel Soersdal said: We have a need for a relatively painless anti-spam solution that would reduce the amount of incoming spam (via postfix mail router). The problem is that i have little knowledge on what this actually means. Googling reveals a whole universe of interesting ways but what should i pursue? The things that are important to me is: * Once it is setup then it would require no additional maintenance. * Potential spam messages are marked with a special header that can be filtered on user discretion on their local mail client software. I should also mention that SpamAssassin has exactly such an option and doesn't require any hands on except for an occasional update once set up. Neither performance, scalability, license nor cost is of much importance to me at this point. Any hints? Beech -- --- Beech Rintoul - FreeBSD Developer - [EMAIL PROTECTED] /\ ASCII Ribbon Campaign | FreeBSD Since 4.x \ / - NO HTML/RTF in e-mail | http://www.freebsd.org X - NO Word docs in e-mail | Latest Release: / \ - http://www.FreeBSD.org/releases/6.2R/announce.html --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (postfix) SPAM filter?
On Dec 12, 2007, at 5:12 PM, Sten Daniel Soersdal wrote: We have a need for a relatively painless anti-spam solution that would reduce the amount of incoming spam (via postfix mail router). The problem is that i have little knowledge on what this actually means. Googling reveals a whole universe of interesting ways but what should i pursue? The things that are important to me is: * Once it is setup then it would require no additional maintenance. * Potential spam messages are marked with a special header that can be filtered on user discretion on their local mail client software. Install the following: /usr/ports/mail/postfix-policyd-weight /usr/ports/mail/postgrey /usr/ports/mail/p5-Mail-SpamAssassin /usr/ports/security/amavisd-new /usr/ports/security/clamav policyd + postgrey provide rather good, very lightweight initial filtering of email without taking up a lot of memory or resources, and remove a lot of workload, so that the Amavisd+ClamAV+SA combination only has to do virus-scanning and SpamAssassin's expensive Bayesian word-mangling on emails which seem to be legit. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (postfix) SPAM filter?
On Wed, 12 Dec 2007 20:55:45 -0500 Steve Bertrand [EMAIL PROTECTED] wrote: I was going to recommend that, but from my experience, there is no real *easy* way to allow users directly to modify their own settings. I am probably wrong though. Postfix is running here on a FreeBSD server as a boarder filter server. All bayes and per-user SpamAssassin settings are stored within a MySQL database on our SQL server. The web mail interface is SquirrelMail installed on a different FreeBSD server and has the sasql plugin interfaced to the MySQL server so the customers have control over what they want to set their spam score, whitelist, blacklist, whether they want bayes filtering, whether they want bayes autolearn and so forth. It has been pretty low maintenance. I am in the process of evaluating the possibility of using amavis-new. -- _|_ (_| | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (postfix) SPAM filter?
On Thursday 13 December 2007 03:35:00 Duane Hill wrote: It has been pretty low maintenance. I am in the process of evaluating the possibility of using amavis-new. I used amavis-new on a Linux system and lost the ability to have per-user settings. I had to go with a systemwide setting and I don't know if amavis allows per-user configuration. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (postfix) SPAM filter?
Duane Hill wrote: On Wed, 12 Dec 2007 20:55:45 -0500 Steve Bertrand [EMAIL PROTECTED] wrote: I was going to recommend that, but from my experience, there is no real *easy* way to allow users directly to modify their own settings. I am probably wrong though. Postfix is running here on a FreeBSD server as a boarder filter server. All bayes and per-user SpamAssassin settings are stored within a MySQL database on our SQL server. The web mail interface is SquirrelMail installed on a different FreeBSD server and has the sasql plugin interfaced to the MySQL server so the customers have control over what they want to set their spam score, whitelist, blacklist, whether they want bayes filtering, whether they want bayes autolearn and so forth. It has been pretty low maintenance. I am in the process of evaluating the possibility of using amavis-new. For myself, I've run a very similar environment with a lot of custom hacked software to integrate it all. The reason I haven't upgraded yet is because I've hacked so much of squirrelmail and other aspects of the setup since 2004 that there will be no way for me to carry things over (easily;) Depending on what way one looks at it, It may be good or bad that I don't really have time to follow what is happening with SPAM prevention in regards to Open Source anymore. I agree that SA/ClamAV/maildrop is an excellent setup, particularly running atop of Qmail with VPOPMail etc. I also have used Sendmail with milters and procmail to do the same thing...extensively. Realistically, it comes down to what the OP wants. I am but one operator in a 'small' ISP. I also manage it's support department. The truth is that once the OP stated that budget wasn't an issue, and he wanted essentially a turnkey solution, the easiest and most cost-effective method that I have learned is outsource it. If you can afford the bandwidth to filter in house, then you can also afford to have a 24*7*1hr support contract with a vendor so your support staff can do some of your work for you (or play games). If you can't afford bandwidth inbound, but still want your help-desk staff and yourself available, outsource to someone or some entity who specializes on only email security so they can filter before the mail touches your network. Otherwise, install/maintain yourself. Understand I am not trying to negate the use/feasibility of any software. I am running with the fact that cost for the OP is no issue. If that is truly the case, then why do it yourself when you can pay someone else who knows better to do it for you? The cost savings on headaches and lost time on downed equipment alone are more than worth it. ...I'm being too business-minded, and too obtuse. Back to figuring out why DBD::mysql won't compile on my legacy FreeBSD box I go... Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (postfix) SPAM filter?
On 12/12/07, Sten Daniel Soersdal [EMAIL PROTECTED] wrote: We have a need for a relatively painless anti-spam solution that would reduce the amount of incoming spam (via postfix mail router). The problem is that i have little knowledge on what this actually means. Googling reveals a whole universe of interesting ways but what should i pursue? The things that are important to me is: * Once it is setup then it would require no additional maintenance. * Potential spam messages are marked with a special header that can be filtered on user discretion on their local mail client software. Neither performance, scalability, license nor cost is of much importance to me at this point. Any hints? Yes, one recommendation for sure. Give up on your first goal. It'll never happen, because fighting spam is an arms race, with new tactics needing to be adopted. As for the second goal, spamassassin along with one of several packages will do well for you - I use Maia Mailguard, but I've heard good things about MailZu with Amavisd-new as well. Others will talk about other packages. It's worth taking a look at each of them to figure out what works for you. Kurt ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (postfix) SPAM filter?
* Once it is setup then it would require no additional maintenance. * Potential spam messages are marked with a special header that can be filtered on user discretion on their local mail client software. Yes, one recommendation for sure. Give up on your first goal. It'll never happen, because fighting spam is an arms race, with new tactics needing to be adopted. Amen (or Ahem, or what BSDie would say). There will *ALWAYS* be maintenance. If you are not developing new regexs and/or solutions to fight the daily produced techniques that make up SPAM, then you are implementing them. If there is anyone who disagrees, then you likely have not dealt with SPAM in an organization larger than a few thousand dispersed and non-educated users. If you have such, and you have no maintenance, then I beg your pardon. Others will talk about other packages. It's worth taking a look at each of them to figure out what works for you. ...agreed. It's also worth taking a look at ALL options, not just 'packages' to figure out what works for you. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (postfix) SPAM filter?
Steve Bertrand wrote: * Once it is setup then it would require no additional maintenance. * Potential spam messages are marked with a special header that can be filtered on user discretion on their local mail client software. Yes, one recommendation for sure. Give up on your first goal. It'll never happen, because fighting spam is an arms race, with new tactics needing to be adopted. Amen (or Ahem, or what BSDie would say). There will *ALWAYS* be maintenance. If you are not developing new regexs and/or solutions to fight the daily produced techniques that make up SPAM, then you are implementing them. I have found spam assassin with nightly updates of the helpful (there are other people developing new regexs daily). 48 5 * * * /usr/local/bin/sa-update --channel updates.spamassassin.org /usr/local/etc/rc.d/sa-spamd restart There are other channels you can subscribe to. Another super helpful bocker is to block all inbound connections from IPs without reverse DNS. Don't forget to virus check your email while you are at it -- there are several packages (clamav is one). And finally, a couple of RBLs added into the mix are helpful. Rudy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: (postfix) SPAM filter?
Am Donnerstag, 13. Dezember 2007 03:12:53 schrieb Chuck Swiger: Install the following: /usr/ports/mail/postfix-policyd-weight /usr/ports/mail/postgrey Just as an added suggestion: these two (very!) lightweight packages suffice to keep SPAM out of our company pretty much completely. Both are best used to reject mails before they even have to be delivered (in Postfix, this is a sender or recipient restriction, see the websites of the two projects for more details on how to set them up), so as a added bonus, people don't have to scroll through endless lists of mails marked as ***SPAM***. I've had a setup with amavisd-new, spamassassin and clamav on another mail server (basically the same thing Chuck described), but for our current usage, these two are efficient enough not to warrant the upgrade to more powerful hardware (which would be required to run SpamAssassin properly). -- Heiko Wundram Product Application Development ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]