Subject: Re: Spam and Virusscanning
To: Carl Smith <postfix2002@hotmail.com>
From: Chuck Swiger <cswiger@mac.com>
List: netbsd-help
Date: 08/30/2004 12:05:09
Carl Smith wrote:
[ ... ]
> Was looking at SA, Amavis and ClamAV.
This is a good combination of software.
> How do they intergrate in Postfix and how can they be delivered to the
> virtual maidirs .spam does that go automaticly with the virtual delivery
> agent that Im using currently?
You normally want to reject (not bounce, reject) well-known spam and viruses
immediately. For mail that scores borderline as spam, one can use SA to
re-write the headers to include, say, *SPAM*, in the Subject: header, or do
something similar, so that your users get the mail but can easily filter it.
Users can set up filters or junk mail handling in their MTAs, or you can have
whatever your LDA is to look for that header, procmail recipies seem to be
common. Or you can use amavis's QUARANTINEDIR.
Hmm. Postfix wants changes to master.conf and main.conf like:
scan unix - - n - 10 smtp
localhost:10025 inet n - n - - smtpd
-o content_filter=
-o myhostname=example.net
-o local_recipient_maps=
-o relay_recipient_maps=
-o mynetworks=127.0.0.0/8
-o mynetworks_style=host
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
trace unix - - n - 0 bounce
---
content_filter=scan:[127.0.0.1]:10024
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
smtpd_recipient_restrictions = reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
check_recipient_access pcre:/usr/local/etc/postfix/recipient_checks.pcre,
check_helo_access hash:/usr/local/etc/postfix/helo_checks,
# check_sender_access hash:/etc/postfix/sender_checks,
# check_client_access hash:/etc/postfix/client_checks,
# check_client_access pcre:/etc/postfix/client_checks.pcre,
reject_rbl_client sbl.spamhaus.org,
permit
smtpd_data_restrictions = reject_unauth_pipelining, permit
---
amavis.conf is huge but must include something like:
# POSTFIX, or SENDMAIL in dual-MTA setup, or EXIM V4
# (set host and port number as required; host can be specified
# as IP address or DNS name (A or CNAME, but MX is ignored)
$forward_method = 'smtp:127.0.0.1:10025'; # where to forward checked mail
$notify_method = $forward_method; # where to submit notifications
# SMTP SERVER (INPUT) PROTOCOL SETTINGS (e.g. with Postfix, Exim v4, ...)
# (used when MTA is configured to pass mail to amavisd via SMTP or LMTP)
$inet_socket_port = 10024; # accept SMTP on this local TCP port
# (default is undef, i.e. disabled)
--
Spamassassin local.cf looks like:
use_bayes 0
use_dcc 1
use_razor2 1
score MICROSOFT_EXECUTABLE 5.0
score RAZOR2_CHECK 5.0
score DCC_CHECK 2.5
score HTML_90_100 7.0
score HTML_70_90 5.0
score HTML_50_70 3.0
score MARKETING_PARTNERS 5.0
required_hits 5.5
# defang_mime 1
# report_header 1
rewrite_subject 1
subject_tag *SPAM*
use_terse_report 1
ok_languages en
ok_locales en
--
-Chuck