[NCLUG] Re: Spam Help

Stephen Warren swarren at wwwdotorg.org
Thu Dec 4 13:30:12 MST 2008


On Thu, December 4, 2008 11:26 am, Matt Rosing wrote:
> Here's where I prove I'm dangerous: Does spamassasin sit too far down
> the pipe to reject it at smtp time? I use Postfix and I'm not sure how
> spamassasin fit in. I assume the configurations you're talking about
> should be in postfix?

It depends how you configure SA/postfix.

You can make postfix call SA either pre-queue or post-queue.

Equally, you can call SA during delivery (e.g. via procmail or similar),
so postfix doesn't know about it at all.

The only one of those 3 options that'll reject email at SMTP receipt time
is postfix pre-queue. However, be warned: If you set it up this way, SA
will/may become the bottle-neck in your mail receiving. In the worst case,
it could cause so much inbound mail backlog that other sites give up
sending mail to you, and it gets bounced back.

That said, I run clamav pre-queue (along with tumgreyspf first so save
some load) and haven't knowingly had any issues. I do SA during delivery
though, because I have multiple MXs and couldn't be bothered to keep the
SA configuration and learning data automatically in sync between them.

>  > I can't disagree there.  But I don't think it does them favors to work
>  > around their problem.  Instead it would be better for all involved if
>  > it just did not work for them at all until they had a hostile Internet
>  > compatible configuration.
>
> I agree, but it became my problem because nobody else complained.
>
>  > For what it is worth I also use greylisting.  But then there are a
>  > different set of misconfigured mail servers that 1) Drop mail upon a
>  > greylisting.  Those would lose mail in normal operation anyway.  And
>  > those that 2) produce DSNs which confuse the sending user and create
>  > backscatter spam.  And that 3) retry at a very slow rate causing
>  > excessive mail delays.  I still use it anyway.  (shrug)
>
> I see the delays but haven't seen the dropped mail. Well, I guess I
> wouldn't know! But nobody complains like they used to :)
>
>  > Concerning blocking dynamic IP blocks: I have yet to run into anyone
>  > who didn't fall into the hacker wannabe category trying to send me
>  > email that couldn't.  And that is only at the rate of once every few
>  > of years.  In fact it may have been five years or more since the last
>  > time I ran into this issue.  My family and friends all use mail relays
>  > on static ip addresses.  Most importantly I can't think of any
>  > business associations that would ever fall into trouble here.
>
> I must be special.
>
>  > Many ISPs now block outgoing smtp port 25 from their internal networks
>  > as part of their virus spam control policy.  The environment has
>  > changed in recent years.  I think there are much less of these users
>  > on dynamic IP blocks being even partially successful sending mail
>  > these days.  (I would enjoy reading counter examples.)
>
> Could be. I pulled out spamassasin and put in grey listing a little
> over a year ago.
>
>  > Try setting "warn_if_reject" for DUL clients and then taking a survey
>  > of the mail logs later to see if it would have rejected anything that
>  > you didn't want it to reject.  That would be safe.
>
> Thanks for the good idea.
>
> _______________________________________________
> NCLUG mailing list       NCLUG at nclug.org
>
> To unsubscribe, subscribe, or modify
> your settings, go to:
> http://www.nclug.org/mailman/listinfo/nclug
>
>




More information about the NCLUG mailing list