On 4/14/19 3:03 AM, Jari Fredriksson wrote:
> We have had some discussions of this in the past. But now I became
> worried that all SA users do not have access to their border smtp and
> are NOT configuring postfix with this: https://pastebin.com/LGkdi7NM
>
> Now, I am part of RuleQA. Should I accept everything and pass it so
> SpamAssassin and to my corpus or not? Reindl Harald may have his say as
> a corporate maintainer or something but the SpamAssassin user base is more.
>
> How can I best support SpamAssassin besides having a mass check
> automation and mirrors for the sa-update?
I have a secondary iredmail server hosting a few decommissioned domains
receiving both ham and spam, but mostly spam. This iredmail server has
been stripped down to a very basic/stock Postfix and amavis-new configs
to allow SA to score everything. I sync over my /etc/mail/spamassassin
custom config files and point to the same Bayes DB in redis so it scores
similarly. Dovecot Sieve rules put mail into the ham and spam folders
for my masscheck processing based on very low scores for ham and very
high scores for spam. Messages that score in the middle are checked and
manually moved into the ham or spam folder. I also have a Spamcop
folder that a script runs every 5 minutes to submit to Spamcop. If I am
able to catch a compromised account quickly, then I release that email
to spamcop+postmas...@sa.ena.net which automatically goes into the
Spamcop folder.
Note the sa.ena.net is an internal-only domain that is used to route
mail to my iredmail server for the SA masscheck corpus.
Once you get this type of platform setup, it can be used for other spam
fighting techniques on the primary mail filters like:
- train your shared redis Bayes DB with the ham and spam folder
- fail2ban - run a custom script on the secondary server to block IPs on
the primary filters
- swatch - run custom scripts when certain rules are hit:
- add entries to your own private RBL to catch zero hour spam
- auto release certain messages from quarantine as an attachment
- etc...
--
David Jones
