From owner-freebsd-questions@FreeBSD.ORG Sun Dec 16 13:43:13 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EEE1116A419 for ; Sun, 16 Dec 2007 13:43:13 +0000 (UTC) (envelope-from jorn@wcborstel.com) Received: from mail.wcborstel.com (www.wcborstel.com [82.93.93.17]) by mx1.freebsd.org (Postfix) with ESMTP id 2D51213C45D for ; Sun, 16 Dec 2007 13:43:12 +0000 (UTC) (envelope-from jorn@wcborstel.com) Received: from mail.wcborstel.com (localhost [10.0.0.2]) by mail.wcborstel.com (Postfix) with ESMTP id 718474335CE; Sat, 15 Dec 2007 14:48:55 +0100 (CET) Received: by mail.wcborstel.com (Postfix, from userid 58) id 057CA4335CD; Sat, 15 Dec 2007 14:48:54 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on mail.wcborstel.com X-Spam-Level: X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00, HTML_MESSAGE autolearn=ham version=3.2.3 X-Spam-Report: * -1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP * -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% * [score: 0.0000] * 0.0 HTML_MESSAGE BODY: HTML included in message Received: from [10.0.1.26] (unknown [10.0.1.26]) by mail.wcborstel.com (Postfix) with ESMTP id DC6C54335C9; Sat, 15 Dec 2007 14:48:48 +0100 (CET) Message-ID: <4763DB33.6080908@wcborstel.com> Date: Sat, 15 Dec 2007 14:48:35 +0100 From: Jorn Argelo User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: netslists@gmail.com References: <476086E2.5030402@gmail.com> <200712130859.09396.wundram@beenic.net> In-Reply-To: <200712130859.09396.wundram@beenic.net> X-Virus-Scanned: ClamAV using ClamSMTP Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: (postfix) SPAM filter? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Dec 2007 13:43:14 -0000 Heiko Wundram (Beenic) wrote: > Am Donnerstag, 13. Dezember 2007 03:12:53 schrieb Chuck Swiger: > >> Install the following: >> >> /usr/ports/mail/postfix-policyd-weight >> /usr/ports/mail/postgrey >> > > Just as an added suggestion: these two (very!) lightweight packages suffice to > keep SPAM out of our company pretty much completely. Both are best used to > reject mails before they even have to be delivered (in Postfix, this is a > sender or recipient restriction, see the websites of the two projects for > more details on how to set them up), so as a added bonus, people don't have > to scroll through endless lists of mails marked as "***SPAM***". > Greylisting only works so-so nowadays. There was a couple of months it was very effective, but that is long gone. Spammers aren't stupid, and they follow the development of anti-spam techniques as much as e-mail admins do. Greylisting is a start, but from my experience it is not nearly enough. Also I believe that rejecting e-mail is a big point of discussion. We had an internet e-mail environment built about 3 years ago, and there the users were terrorized by spam. We had some users getting 30 spam mails a day at least. This setup was running amavis, spamassassin, postfix, postgrey, dcc and razor. Unfortunately, over time the bayes filter got incorrectly trained, and it sometimes rejected valid e-mails. If there's something you DON'T want to happen it's that. And also troubleshooting those kind of things can be quite hard ... We rebuilt the environment from scratch. Right now we are running OpenBSD spamd + OpenBSD Packetfilter. This functions as greylisting / greptrapping in combination with the PF firewall. We made a couple of scripts to trap invalid / forged e-mail addresses that are greylisted. Also we make use of the uatraps / nixspam traplists, and our own generated blacklist generated from spam being sent to the postmaster. We had some problems with blacklisted entries in the past, but we worked around that. It goes further then that, but I will spare you all the details. On the second line we run Postfix / ClamSMTP / Clamd / Spamassassin. We removed Amavis because it was annoying to upgrade and we wanted to get rid of it, as we had problems with it in the past. With SpamAssassin we use sa-update and sa-learn to keep the rules up-to-date and make sure bayes gets properly trained. So we are marking e-mail as spam and no longer block it. Why? Simple ... we no longer want to block false positives. Again, there is more to this, but I will spare you all the details. Right now we have 2500 happy users. Their local helpdesks helped them with getting an Outlook rule in place to automatically move tagged e-mails to a spam folder. Just like their gmail, hotmail or Yahoo account does at home. The environment we have is certainly not the easiest one, but we automated many things, leaving us with practically no work on it. All the updating of rulesets / blacklists / whitelists /whatever goes by itself. Downside of an environment like this is that you will need quite some knowledge of all the components and how they work together. But hey, I got it running at home as well (a bit simpler though) and didn't had a single spam mail in my mailbox the last 4 months. Sure, the ones I do get are getting tagged and moved to my spam folder automatically, which I do with maildrop (though procmail does the job nicely too). All in all it works like a charm. Well a long story, but maybe it is of use for someone else. As always, YMMV. - Jorn > I've had a setup with amavisd-new, spamassassin and clamav on another mail > server (basically the same thing Chuck described), but for our current usage, > these two are efficient enough not to warrant the upgrade to more powerful > hardware (which would be required to run SpamAssassin properly). > >