Hello Thomas Thanks for your feedback.
> after a bit of reading on the project site, there is one thing, i see a
> little bit critical:
>
> On the "about" page there is a "Simple Setup" example. In this you describe:
> - Postfix accepts and receives (or rejects) the mail and delivers it to the
> Detective.
> - The Detective might reject the mail, which will force postfix to bounce
> it, or passes it again and re-inject it into another postfix process.
>
> I i understand this right, postfix would bounce the mail after it was
> accepted for delivery. This would cause backscatter.
> And a backscattering spamfilter is as bad as a real spamserver.
Ok, that was not lucid, i agree. I clarified this on the about page,
respectively left it the reject-part out to prevent misunderstandings. However,
the Detective server actually can bounce the mail, if he is configured to do so
in the spam.handle directive. There are four different handlers:
1) tag: Default handle. Mail will be tagged (with a X-Decency-header and
possibly a Subject-header prefix, if configured).
2) ignore: Nothing happens to the mail. For testing (and log analysis).
3) delete: Mail will be silently deleted. I clarify that this is not a good
idea in the docu. However, there is the possibility to send a mail to the
recipient ("You received SPAM, we deleted it").
4) bounce: The recognized SPAM mail is bounced back to the sender. The valid
scenario for this is an outbreak-prevention mailserver in which the sender
wants to know whether the mail he send himself would be recognized as SPAM.
Read more here: http://www.decency-antispam.org/docs/detective#spam
The is also planned a fifth handle-type: quarantine, which would store the mail
in a quarantine dir (and the notify-recipient directive should be used).
If you see anything else unclear, please point me at it. I am sure, there is
still a lot..
Greets from Berlin
Ulrich
>> i wrote another anti SPAM framework called Decency, which works perfectly
>> with Postfix. It's based on Perl POE and Mouse and is highly modularized /
>> componentized. Since something last week, it has earned
> it's own website:
>> http://www.decency-antispam.org
>> Also on github:
>> https://github.com/ukautz/decency
>> The CPAN release is heavily outdated and will be renewed at the end of this
>> month.
>>
>> In short what it does:
>> * It has a policy server, called Doorman, implementing techniques such as
>> Greylisting, Geo Weighting, DNSBLs, Honeypot building, SPF and so on.
>> * The second component is a content filter, called Detective, which
>> implements third party filters (CRM114, DSPAM, ..), virus filters (for now:
>> ClamAV) and also performs internal filtering, such as DKIM, deeper
> DNSBLs checks (Received-header) and also can act as an Archiving facility.
>> * Its modular build, everybody can extend it.
>> * Designed for single mail filter boxes as well as distributed structures.
>> * Open source.
>> * Simple configuration (imho).
>> * More on the mentioned website..
>>
>> I used it in production for about half a year. Currently it's going towards
>> public stable version 0.2.0.
>>
>> Any feedback, critic, help, whatever is welcome.
--
Blog http://blog.foaa.de/
ICQ 315125501
Skype ulrich.kautz
GTalk ulrich.ka...@googlemail.com
PGP 0x8089C888
signature.asc
Description: OpenPGP digital signature
