Re: Question about OpenSMTPD and Debian package and filters/spam filtering
On 8/21/19 12:50 PM, Michiel van Es wrote: I am running a small VPS with 1 GB memory with Debian 10 amd64 with OpenSMTPD (6.0.3) Hello, can you really use Buster's official opensmptd package? I tried it about 3 weeks ago and it was broken out of the box for me (can't really remember what was the issue at the moment). I had to use pinning and install stretch package.
Re: Question about OpenSMTPD and Debian package and filters/spam filtering
> On 21 Aug 2019, at 13:58, Gilles Chehade wrote:
>
> On Wed, Aug 21, 2019 at 12:50:10PM +0200, Michiel van Es wrote:
>> Hi!
>>
>
> Hi,
>
>
>> I am running a small VPS with 1 GB memory with Debian 10 amd64 with
>> OpenSMTPD (6.0.3) for private email and am looking what my best options are
>> to limit spam.
>> I know there are some filters from Joerg
>> (https://www.mail-archive.com/misc@opensmtpd.org/msg04402.html) but am not
>> sure if these will work with my version of OpenSMTPD (I get a syntax error
>> when trying the old filter syntax).
>>
>> I can also relay everything to Amavisd/SpamAssassin but then email won???t
>> get blocked at the SMTP level, also ASSP or Rspamd is an option but they are
>> pretty resource intensive and will eat all my VPS memory ;)
>>
>> What would be my best option?
>>
>
> 6.0.3 is a fairly old version and there aren't many options available.
>
> if you're forced to stick with that version, which suffers from at least
> one denial of service as far as I know, your best option is to relay via
> something like SpamPD so it can interface with SpamAssassin, but this is
> not going to operate at SMTP level, it will happen at delivery time.
That’s interesting since Debian has a good track record of back porting
security fixes in their stable packages.
I will ask the maintainer if he applied the patch or upgraded the package to
latest version.
For now I use spampd which works fine for bayesian spam detection.
>
> there will be no way of blocking at SMTP level before next release 6.6.0
> that is going to happen in a few weeks, during October, so any option is
> going to be post delivery: either as a custom MDA, or as a relay via for
> some smtp proxy that will reinject in smtpd like the dkimproxy stuff.
I will wait for 6.6.0 ;)
>
> your best option would really be to build from source 6.4.2: it will not
> block at SMTP level but will provide mechanisms to ease interfacing with
> spamassassin or rspamd for post-SMTP handling.
>
> if you're not too easily scared, running the development version is good
> too because it's very close to release now, very stable and will not get
> much changes until October as I'm busy busy these days ;-)
Might give that a try, thanks :)
>
>
>> I like to do some DNSBL and SpamAsssassin checks if possible.
>>
>> My config if that is to any use to give some insights:
>>
>> pki server.pragmasec.nl certificate
>> "/etc/letsencrypt/live/pragmasec.nl/fullchain.pem"
>> pki server.pragmasec.nl key "/etc/letsencrypt/live/pragmasec.nl/privkey.pem"
>> listen on localhost
>> listen on eth0 port 25 tls pki server.pragmasec.nl hostname
>> server.pragmasec.nl auth-optional
>> listen on eth0 port 587 tls-require pki server.pragmasec.nl hostname
>> server.pragmasec.nl auth
>> table vdomains file:/etc/mail/domains
>> table vusers file:/etc/mail/vusers
>> expire 7d
>> limit mta inet4
>> accept from any for domain virtual deliver to mda
>> "/usr/lib/dovecot/dovecot-lda -f %{sender} -a %{rcpt}"
>> accept from local for any relay
>>
>> Cheers,
>>
>> Michiel
>>
>>
>>
>
> --
> Gilles Chehade @poolpOrg
>
> https://www.poolp.orgpatreon: https://www.patreon.com/gilles
Re: Question about OpenSMTPD and Debian package and filters/spam filtering
On Wed, Aug 21, 2019 at 12:50:10PM +0200, Michiel van Es wrote:
> Hi!
>
Hi,
> I am running a small VPS with 1 GB memory with Debian 10 amd64 with OpenSMTPD
> (6.0.3) for private email and am looking what my best options are to limit
> spam.
> I know there are some filters from Joerg
> (https://www.mail-archive.com/misc@opensmtpd.org/msg04402.html) but am not
> sure if these will work with my version of OpenSMTPD (I get a syntax error
> when trying the old filter syntax).
>
> I can also relay everything to Amavisd/SpamAssassin but then email won???t
> get blocked at the SMTP level, also ASSP or Rspamd is an option but they are
> pretty resource intensive and will eat all my VPS memory ;)
>
> What would be my best option?
>
6.0.3 is a fairly old version and there aren't many options available.
if you're forced to stick with that version, which suffers from at least
one denial of service as far as I know, your best option is to relay via
something like SpamPD so it can interface with SpamAssassin, but this is
not going to operate at SMTP level, it will happen at delivery time.
there will be no way of blocking at SMTP level before next release 6.6.0
that is going to happen in a few weeks, during October, so any option is
going to be post delivery: either as a custom MDA, or as a relay via for
some smtp proxy that will reinject in smtpd like the dkimproxy stuff.
your best option would really be to build from source 6.4.2: it will not
block at SMTP level but will provide mechanisms to ease interfacing with
spamassassin or rspamd for post-SMTP handling.
if you're not too easily scared, running the development version is good
too because it's very close to release now, very stable and will not get
much changes until October as I'm busy busy these days ;-)
> I like to do some DNSBL and SpamAsssassin checks if possible.
>
> My config if that is to any use to give some insights:
>
> pki server.pragmasec.nl certificate
> "/etc/letsencrypt/live/pragmasec.nl/fullchain.pem"
> pki server.pragmasec.nl key "/etc/letsencrypt/live/pragmasec.nl/privkey.pem"
> listen on localhost
> listen on eth0 port 25 tls pki server.pragmasec.nl hostname
> server.pragmasec.nl auth-optional
> listen on eth0 port 587 tls-require pki server.pragmasec.nl hostname
> server.pragmasec.nl auth
> table vdomains file:/etc/mail/domains
> table vusers file:/etc/mail/vusers
> expire 7d
> limit mta inet4
> accept from any for domain virtual deliver to mda
> "/usr/lib/dovecot/dovecot-lda -f %{sender} -a %{rcpt}"
> accept from local for any relay
>
> Cheers,
>
> Michiel
>
>
>
--
Gilles Chehade @poolpOrg
https://www.poolp.orgpatreon: https://www.patreon.com/gilles
Question about OpenSMTPD and Debian package and filters/spam filtering
Hi!
I am running a small VPS with 1 GB memory with Debian 10 amd64 with OpenSMTPD
(6.0.3) for private email and am looking what my best options are to limit spam.
I know there are some filters from Joerg
(https://www.mail-archive.com/misc@opensmtpd.org/msg04402.html) but am not sure
if these will work with my version of OpenSMTPD (I get a syntax error when
trying the old filter syntax).
I can also relay everything to Amavisd/SpamAssassin but then email won’t get
blocked at the SMTP level, also ASSP or Rspamd is an option but they are pretty
resource intensive and will eat all my VPS memory ;)
What would be my best option?
I like to do some DNSBL and SpamAsssassin checks if possible.
My config if that is to any use to give some insights:
pki server.pragmasec.nl certificate
"/etc/letsencrypt/live/pragmasec.nl/fullchain.pem"
pki server.pragmasec.nl key "/etc/letsencrypt/live/pragmasec.nl/privkey.pem"
listen on localhost
listen on eth0 port 25 tls pki server.pragmasec.nl hostname server.pragmasec.nl
auth-optional
listen on eth0 port 587 tls-require pki server.pragmasec.nl hostname
server.pragmasec.nl auth
table vdomains file:/etc/mail/domains
table vusers file:/etc/mail/vusers
expire 7d
limit mta inet4
accept from any for domain virtual deliver to mda
"/usr/lib/dovecot/dovecot-lda -f %{sender} -a %{rcpt}"
accept from local for any relay
Cheers,
Michiel
