Am 16.03.2015 um 19:30 schrieb Reindl Harald: > > > Am 16.03.2015 um 19:24 schrieb Robert Schetterer: >> Am 16.03.2015 um 18:33 schrieb Reindl Harald: >>> Am 16.03.2015 um 18:19 schrieb Matus UHLAR - fantomas: >>>> On 16.03.15 00:59, Jude DaShiell wrote: >>>>> I have been getting large spam messages for several years on one of my >>>>> accounts. Since spamassassin cannot handle them, my only recourse are >>>>> procmail recipes. >>>> >>>> spamassassin CAN handle them. I have ocnfigued spamass-milter to >>>> process >>>> all >>>> mail (by setting size to the same as maximum alllowed mail size) and it >>>> does... >>>> >>>> it't just the spamc default that is 512K. spamd maximum is 512M >>>> afaik, I >>>> don't think you receive such big mail... >>> >>> depends on the amount and content of mails since it skips binary >>> attachment contents >>> >>> try really large plaintext content and it takes more than 10 seconds per >>> message with 100% CPU load - you will notice that quickly ba attach a >>> large plaintext logfile in case of spamass-milter on a submission server >>> because it ends in a client timeout >>> >> >> dont use spamass-milter with submission, its to slow > > only for large plaintext content which is the topic of that thread
as i tested it, and judged it unacceptable slow in real world setups but this maybe different elsewhere > >> clamav-milter with sanesecurity fits better ( faster ) > > but it don't find anything countable > > here are a lot of sanesecurity signatures active (inbound MX) and > because the low hit-rate i ordered it finally after SA which catchs much > more and so one content-scanner can be skipped in many cases > >> after all outbound spam scanning is difficult ever > > but sadly needed in case of hacked accounts, in the past more than once > even masked a successful dictionary attack because the bot did not > realize the successful SASL login and continued try other passwords > after the milter-reject > mailadmins are not promised to have an easy life *g a better use would be some "abnormality" detection system for catching hacked accounts, i.e with profiling normal user behave and compare.. Some simple reject match i.e might be many logins from wide different geo ip locations in short time periods etc this might help too in some setups https://www.roessner-network-solutions.com/postfix-milter-vrfydmn/ https://github.com/croessner/vrfydmn ... 2nd scenarion You provde mail services for customers that deliver their mail over submission. If you have infected PCs where bots are going to send mails over users account, they can fake the sender addresses. ... Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
