Date: Mon, 17 Dec 2007 9:36:29 +0100 From: Jorn Argelo <jorn@wcborstel.com> To: girishvenkatachalam@gmail.com Cc: freebsd-questions@freebsd.org Subject: Re: (postfix) SPAM filter? Message-ID: <9cc0a3fa1d403f16f4fc9b2abb49fb75@mail.wcborstel.com> In-Reply-To: <20071216185050.GB26535@brahma.susmita.org> References: <20071216185050.GB26535@brahma.susmita.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 17 Dec 2007 00:20:50 +0530, Girish Venkatachalam <girishvenkatachalam@gmail.com> wrote: > On 14:48:35 Dec 15, Jorn Argelo wrote: >> Greylisting only works so-so nowadays. There was a couple of months it > was >> very effective, but that is long gone. Spammers aren't stupid, and they >> follow the development of anti-spam techniques as much as e-mail admins > do. >> Greylisting is a start, but from my experience it is not nearly enough. >> > > I have heard this said elsewhere too. Yes don't rely solely on greylisting unless you're a lucky guy and don't get a lot of spam. > >> Also I believe that rejecting e-mail is a big point of discussion. We > had >> an internet e-mail environment built about 3 years ago, and there the > users >> were terrorized by spam. We had some users getting 30 spam mails a day > at >> least. This setup was running amavis, spamassassin, postfix, postgrey, > dcc >> and razor. Unfortunately, over time the bayes filter got incorrectly >> trained, and it sometimes rejected valid e-mails. If there's something > you >> DON'T want to happen it's that. And also troubleshooting those kind of >> things can be quite hard ... > > What about CRM114 and dspam? I played with dspam at home but I didn't really got it running as I wanted to. I didn't invest an awful lot of time in it though, so I cannot properly judge it. I never heard of CRM114, so I cannot say anything from that. > > Have you ever tried statistical filtering instead of heuristics with > spamassassin? > > >> We rebuilt the environment from scratch. Right now we are running > OpenBSD >> spamd + OpenBSD Packetfilter. This functions as greylisting / > greptrapping >> in combination with the PF firewall. We made a couple of scripts to trap >> invalid / forged e-mail addresses that are greylisted. Also we make use > of >> the uatraps / nixspam traplists, and our own generated blacklist > generated >> from spam being sent to the postmaster. We had some problems with >> blacklisted entries in the past, but we worked around that. It goes > further >> then that, but I will spare you all the details. > > pf(4) has some amazing features that come in handy for spam control. I > guess it forms a key component of any spam blocking architecture. And it > works in concert with the other OpenBSD niceties you point out like > populating the tables with blacklists and whitelists, greytrapping and > using the pf(4) anchor mechanism to automate stuff. Indeed. PF is very powerful and uses very little resources. Hats off to the OpenBSD guys for this. And indeed, I can recommend every e-mail admin to use a pf and spamd combination. It's awesome and you can do a lot with it. Check out the OpenBSD website for more info. > > The probability and state tracking options in pf(4) are pretty > interesting too if used creatively. Very much so, it opens a lot of new options for you to handle blacklisted entries. > > >> On the second line we run Postfix / ClamSMTP / Clamd / Spamassassin. We >> removed Amavis because it was annoying to upgrade and we wanted to get > rid >> of it, as we had problems with it in the past. With SpamAssassin we use >> sa-update and sa-learn to keep the rules up-to-date and make sure bayes >> gets properly trained. So we are marking e-mail as spam and no longer > block >> it. Why? Simple ... we no longer want to block false positives. Again, >> there is more to this, but I will spare you all the details. > > But if you don't update virus signatures wouldn't that cause worms and > malware propagation? > > I know I am digressing but I thought signature updation was critical to > malware control... Well of course, but with clamd I also ment using freshclam :) So we keep our signature database up-to-date as well. > >> >> Right now we have 2500 happy users. Their local helpdesks helped them > with >> getting an Outlook rule in place to automatically move tagged e-mails to > a >> spam folder. Just like their gmail, hotmail or Yahoo account does at > home. > > Wow, this is great. I am not surprised to hear this. ;) > > >> The environment we have is certainly not the easiest one, but we > automated >> many things, leaving us with practically no work on it. All the updating > of >> rulesets / blacklists / whitelists /whatever goes by itself. Downside of > an >> environment like this is that you will need quite some knowledge of all > the >> components and how they work together. But hey, I got it running at home > as >> well (a bit simpler though) and didn't had a single spam mail in my > mailbox >> the last 4 months. Sure, the ones I do get are getting tagged and moved > to >> my spam folder automatically, which I do with maildrop (though procmail >> does the job nicely too). All in all it works like a charm. > > Using the X-foobar headers I suppose? I just check the Subject header to see if it starts with *****SPAM*****. So yes, using the mail headers :) > >> Well a long story, but maybe it is of use for someone else. As always, >> YMMV. > > Yes, very enlightening, many thanks. Glad to hear. Jorn
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9cc0a3fa1d403f16f4fc9b2abb49fb75>