Le 29/10/2010 21:39, Al Zick a écrit :
Currently, I just use procmail to interface with the spam filters. I
would really like to put a bunch of rules into procmail too, for
example: if is sees the word viagra anywhere in the email, it is spam,
there is no reason to go any further with it.
if it's that simple, then you can do it in postfix (body checks). but
such simple rules will generate FPs. for example, your own mail contains
"that word". and if you push the game, you'll encounter sussex, charles
dickens, socialist, via granada, ... etc. besides, it's been a long time
that spammer know how to evade. you've probably seen "\/1...@_gggr@" and
the like.
Right now, I am concerned that I would need a quad core, quad
processor system that was dedicated to just running spamassassin, so I
am looking at other solutions.
did you measure? many commercial companies sell spam filters based on
spamassassin without uch cpu/ram. it's not about spamassassin, perl, ...
etc. it's about what you check. if you look for millions of strings in
mail, then you'll have problems, even if you code that in assembly (or
even if you create a processor that only does that!).
I think that I need to accept and delete email that is being sent to
maybe the top few email address that don't exist and never had
existed. They add the most lines to the log. When I was just accepting
them and deleting them, then the log was very quiet.
don't. if some log lines annoy you, use a script to ignore them. don't
accept and delete mail. what if I mistype your address and write to
a...@family... ? ('k' is near 'l' on my keyboard).
I will definitely be whitelisting all the servers that forward email
to me. I will also be whitelisting all my friend's mail servers. This
will probably help with a lot of the bounce rebouncing.
sure, but unfortunately that's work that never get finished.
What exactly is a backscatter problem?
it's when a server accepts mail during the smtp transaction, then a
bounce is caused later. your logs should tell. (example reasons are:
incorrect address validation. quota. ... etc).
now, I'd bet that your problem is the exit status of procmail. when it
fails because of a temporary error, it should not tell postfix that this
is a permanent failure.
If I do have a backscatter problem, what should the settings be?
hard to tell without knowing what causes the problem. if you don't need
procmail, remove it and see. (I fail to see why you would need procmail
to interface with a spam filter....).
This install of postfix is from a few years ago and it was not up to
date then (it is what installed with the OS and I never updated it). A
friend of mine recompiled OS for better optimization. I think it was
already pretty old when I install it. Really, I was supposed to
upgrade Postfix through the packaging system because there was some
known problems with what came with the OS, but I never did. I had a
friend of mine look at it because it would not receive or send emails
to the outside world, and I am not really sure what he did anymore. I
think he added one line to master.cf and I think he had me make other
changes to master.cf (although, he may have made them). I do remember
that the server would basically not work at all and I think the
process limit was set to something lower and I raised it to 15.
what process limit do you talk about? postfix contains many processes.
This server runs a lot of other things, like 2 web servers, named,
squid, and a whole lot of custom written software, and it pretty much
does everything that both of my other dedicated servers do, so that
may be why it was set so low.
again, this means nothing. a single script can ruin your server (try a
"while (true); do fork; done"). don't count the number of applications,
servers, processes. Instead, measure the load of your system.
[snip]
I spend a lot of time trying to deal with spam. What I have found is
that I need to update my spam filtering often, but still I seem to
need to totally revamp the way that I am dealing with spam. I can't
seem to get away with a lot of false positives, yet I don't want to
deliver the amount of spam that I have been.
I have several websites that I own that are in the top 1,000,000 sites
based on traffic according to Alexa and although this server only
hosts the email for like 30 some domains. I seem to get more than my
fair share of spam.
don't believe that. what is your spam ratio? (I mean spam/(spam+ham)).
if it's less than 90%, then feel lucky...
Right now, it is still manageable, but soon I will need a very high
end dedicated mail server, if I don't change something. Personally, I
feel my config is wrong and that is why I am asking some questions.
the question is: what kind of server do you have and how much mail do
you receive?
I was also looking at something else and it looks like Postfix was
built without pcre. Will I be able to use header checks without this?
if 'postconf -m' output includes 'regexp', then you can use that. but
don't abuse header/body checks. they are not designed to be a general
spam filter.
install amavisd-new and spamassassin and test.
yes, you can use regexp, provided postconf -m returns it.
