Re: Which Spam Block List to use for a network?

2004-06-19 Thread Paul Johnson 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Francisco Borges <[EMAIL PROTECTED]> writes:

> I've used (through notespam) for my own private email, the following
> lists:
> Visi (relays.visi.com);
> ORDB (relays.ordb.org);
> SpamCop (bl.spamcop.net);
> dorkslayers (orbs.dorkslayers.com).

Spamcop is what I use.  I recommend it.  I also respectfully demand that
for whatever list you use, you reject it WITHOUT mentioning the
blackhole list.  It's not the list's fault that you decided to use their
listings as grounds for rejection, they don't need flak properly
directed at you.  Furthermore, be sure you have exceptions so mandatory
recipients like postmaster and abuse always accept whether or not the
sending host is listed in a BL or your site will get listed in
rfc-ignorant.org's blacklists around the first time someone who is aware
of rfc-ignorant.org tries to report a mail problem or network abuse.

> After dorkslayers started giving false positive to every single query
> I made to it, I droped it and never used it again.

Dorkslayers is dead, AFAIK.

> SpamCop works fine for my own email, where most people are whitelisted,
> but is said [1] not to be suitable for a production environment and what
> we have here is precisely that...

I use it on a 30-user hobby server with users almost exclusively in
North America.  Your mileage may vary with a larger server.

- -- 
Paul Johnson
<[EMAIL PROTECTED]>
Linux.  You can find a worse OS, but it costs more.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA0+xFUzgNqloQMwcRAtQQAKChAAKsZo84/V8+M86BD1kSRam30ACff9l9
xkjqr41x49b096eGRygr2RA=
=oCho
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Which Spam Block List to use for a network?

2004-06-19 Thread Adam Funk 
On Saturday 19 June 2004 07:50, Russell Coker wrote:

> By far the most false-positive entries I have had are from
> postmaster.rfc-ignorant.org and abuse.rfc-ignorant.org.  The

That's because rfc-ignorant.org's lists aren't about spamming.  They are
about domains that fail to conform to certain RFCs.  (Although I
disagree with their listing of *.uk on the grounds that the UK registry
allows people to withhold their private contact details from whois.)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Which Spam Block List to use for a network?

2004-06-19 Thread Russell Coker 
On Sat, 19 Jun 2004 18:04, Adam Funk <[EMAIL PROTECTED]> wrote:
> On Saturday 19 June 2004 07:50, Russell Coker wrote:
> > By far the most false-positive entries I have had are from
> > postmaster.rfc-ignorant.org and abuse.rfc-ignorant.org.  The
>
> That's because rfc-ignorant.org's lists aren't about spamming.  They are
> about domains that fail to conform to certain RFCs.  (Although I
> disagree with their listing of *.uk on the grounds that the UK registry
> allows people to withhold their private contact details from whois.)

They also list all of Australia for the same reason as listing the UK.  It 
seems that whois is not worth much any more.

There is a correlation between lack of support for [EMAIL PROTECTED] and 
[EMAIL PROTECTED] and the domain being a rogue domain used for spam.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Which Spam Block List to use for a network?

2004-06-19 Thread Tim Connors 
Russell Coker <[EMAIL PROTECTED]> said on Sat, 19 Jun 2004 19:54:55 +1000:
> On Sat, 19 Jun 2004 18:04, Adam Funk <[EMAIL PROTECTED]> wrote:
> > On Saturday 19 June 2004 07:50, Russell Coker wrote:
> > > By far the most false-positive entries I have had are from
> > > postmaster.rfc-ignorant.org and abuse.rfc-ignorant.org.  The
> >
> > That's because rfc-ignorant.org's lists aren't about spamming.  They are
> > about domains that fail to conform to certain RFCs.  (Although I
> > disagree with their listing of *.uk on the grounds that the UK registry
> > allows people to withhold their private contact details from whois.)

Haven't they always allowed to be fake anyway? Isn't that how spammers
get away with spamming in the US?

> They also list all of Australia for the same reason as listing the UK.  It 
> seems that whois is not worth much any more.

And all of our national monopoly^Wcarrier are in some other
blacklists, because they are not so prompt in dealing with
spam. Unfortunately, what does every ISP use as an upstream?

-- 
TimC -- http://astronomy.swin.edu.au/staff/tconnors/
Never trust a man who can count to 1,023 on his fingers.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Postfix patching..

2004-06-19 Thread Aaron Goulding 
Okay, so at suggestions, I ran the relay tester at abuse.net and passed all 
15 tests. I get entries like this in my logs:

Jun 18 20:05:59 mephitsune postfix/smtpd[8791]: reject: RCPT from 
www.abuse.net[208.31.42.77]: 554 
<[EMAIL PROTECTED]>: Relay access denied; 
from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]>

What worries me, is the other entries that are showing up:
Jun 18 20:14:01 mephitsune postfix/smtp[9198]: DE193136FD: 
to=<[EMAIL PROTECTED]>, relay=none, delay=69342, status=deferred (connect to 
net.co.com[206.21.217.26]: Connection refused)

And I do get a lot of those. So is my machine relaying, based on this? And 
if so, how do I stop it?

Thanks in advance!
-Aaron, Dreamchaos.net administrator.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: relay protection for Postfix

2004-06-19 Thread Jérôme Warnier 
Le sam 19/06/2004 à 01:29, Aaron Goulding a écrit :
> Okay, there's a lot of talk on -user about spam control, and I'd like to 
> make sure my own server is properly secured. Could anyone recomend basic 
> steps for Debian STABLE running Postfix for the MTA, to make sure it's not 
> being used as a relay point? I want to be able to deliever mail from the 
> box itself (to keep SquirrelMail working) but other than that, no one 
> should be able to deliver mail through my machine.
> 
> I figure this is a pretty simple item, and I'm just missing the steps in 
> the docs. Thanks in advance!
If you just want to allow sending mail from the machine itself
(including Squirrelmail), only allow 127.0.0.1, which is default, I
think.
That's all.

> -Aaron, Dreamchaos.net administrator
-- 
Jérôme Warnier
Consultant
BeezNest
http://beeznest.net

Re: spam from an auto-responder

2004-06-19 Thread Arnt Karlsen 
On Wed, 16 Jun 2004 00:58:34 -0500, Andy wrote in message 
<[EMAIL PROTECTED]>:

> You could always tell him that he's just handing his new email address
> out to all the spambots testing his old one. That might scare him 
> enough to turn the damn thing off.

..or, this could be an opportunity for an useful-uses-of-netcat-pingpong
contest; there _are_ spammers out there, and the lullaby singer senator
who made his son so drowsy after law school that he took SCOvsIBM,
has stated he "is interested" in such methods, at least to curb music
etc file sharing piracy.

-- 
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Postfix MTA and amavisd-new (Debian) calls clamd and spamassassin on a mailgateway (success)

2004-06-19 Thread jb 
I tried your config, but without editing something in the main.cf like
content_filter=amavis this won´t work, this means mail is delivered
without filtering. So far, so good. If i add something like
content_filter=amavis:10024 every check is passed and at the end, the
spamfilter.sh scripts sends the parsed and tagged message with sendmail -i
to postfix, and the fun starts all over again. Is there a mystical device
that stops parsing messages if they are tagged with X-something headers?
It should be logical to endlessly queue the message with your
configuration, or do i miss an important fact?

OK, I think I have Spamassasin working with Clamd on my Debian box.

I using the following Debian packages:

>From Sarge:
ii  razor  2.361-3spam-catcher using a collaborative
filtering
ii  spamassassin   2.63-1 Perl-based spam filter using text analysis
ii  spamc  2.63-1 Client for perl-based spam filtering daemon
ii  amavisd-new20030616p7-3   Interface between MTA and virus
scanner/cont

>From Woody:
ii  postfix1.1.11-0.woody A high-performance mail transport agent
ii  postfix-doc1.1.11-0.woody Postfix documentation
ii  postfix-ldap   1.1.11-0.woody LDAP map support for Postfix
ii  postfix-pcre   1.1.11-0.woody PCRE map support for Postfix
ii  postfix-tls1.1.11+tls0.7. TLS and SASL support for Postfix

My master.cf looks like this:
===

smtp inet n - y - - smtpd -o content_filter=smtp-amavis:[127.0.0.1]:10024
smtp  unix  -   -   -   -   -   smtp
pickupfifo  n   -   -   60  1   pickup
cleanup   unix  n   -   -   -   0   cleanup
qmgr  fifo  n   -   -   300 1   nqmgr
rewrite   unix  -   -   -   -   -   trivial-rewrite
bounceunix  -   -   -   -   0   bounce
defer unix  -   -   -   -   0   bounce
flush unix  n   -   -   1000?   0   flush
smtp  unix  -   -   -   -   -   smtp
showq unix  n   -   -   -   -   showq
error unix  -   -   -   -   -   error
local unix  -   n   n   -   -   local
virtual   unix  -   n   n   -   -   virtual
lmtp  unix  -   -   n   -   -   lmtp

smtp-amavis unix -  -   n   -   10  smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes

127.0.0.1:10025 inet n  -   n   -   10  smtpd
-o content_filter=spamfilter
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes

maildrop  unix  -   n   n   -   30  pipe
user=daemon argv=/usr/bin/maildrop -d $user

spamfilter unix -   n   n   -   10  pipe
user=amavis argv=/etc/postfix/spamfilter.sh -f ${sender} --
${recipient}

uucp  unix  -   n   n   -   -   pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)

ifmailunix  -   n   n   -   -   pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)

bsmtp unix  -   n   n   -   -   pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender
$recipient


My spamfilter looks like this:
===

#!/bin/sh
#
#/etc/postfix/spamfilter.sh
SENDMAIL="/usr/lib/sendmail -i"
SPAMASSASSIN=/usr/bin/spamc

EX UNAVAILABLE=69

$SPAMASSASSIN -f 2>/dev/null \
| $SENDMAIL "$@" || \
 { echo Message content rejected; exit $EX UNAVAILABLE; }
exit 0

My /etc/default/spamd.conf looks like this:

# /etc/default/spamd.conf
# Duncan Findlay

# WARNING read README.spamd before using.  THERE ARE SECURITY RISKS!

# Change to one to enable spamd
ENABLED=1

# Options
# See man spamd for possible options. The -d option is automatically added.
OPTIONS="-c -m 10 -a -H"

# Set nice level of spamd
#NICE="--nicelevel 16"

My /etc/amavis/amavisd.conf looks like this

$mydomain = 'annapolislinux.org';  # (no useful default)
$daemon_user  = 'amavis';   # (no default (undef))
$daemon_group = 'amavis';   # (no default (undef))
$X_HEADER_TAG = 'X-Virus-Scanned';  # (default: undef)
$X_HEADER_LINE = "by $myversion (Debian) at $mydomain";
$forward method = 'smtp:127.0.0.1:10025';  # where to forward checked mail
$notify method = $forward method;  # where to submit notifications


On 01/04/04 09:52 -0500, Theodore Knab wrote:
> This is kind of a Postfix MTA question.
>
> I was wondering if anyon

Re: Which Spam Block List to use for a network?

2004-06-19 Thread Russell Coker 
On Sat, 19 Jun 2004 00:29, Francisco Borges <[EMAIL PROTECTED]> wrote:
> SpamCop works fine for my own email, where most people are whitelisted,
> but is said [1] not to be suitable for a production environment and what
> we have here is precisely that...

I know of some ISPs that use SpamCop.  It generally works well and has good 
proceedures for removing bogus entries.  I have had my mail server using the 
SpamCop DNSBL for years and had hardly any problems of legit mail being 
rejected.

Below is my Postfix configuration line for anti-spam systems.  SpamCop is 
first because it gets the highest hit rate and the majority of spams get 
discarded from it before even having to query other servers (should be good 
for you as you mention having an over-loaded server).  The DNSBL entries 
below are roughly in order of hit rate - the last few entries catch hardly 
any spam due to duplicate entries with other lists.

By far the most false-positive entries I have had are from 
postmaster.rfc-ignorant.org and abuse.rfc-ignorant.org.  The postmaster list 
gets hotmail.com (and many others), and the abuse list gets yahoo.com (with 
many more others).  I was forced to remove the abuse list from my 
configuration as it got so many hits on non-spam email, and the postmaster 
list is a border-line case.

smtpd_client_restrictions = permit_mynetworks, reject_rbl_client 
bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client 
list.dsbl.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client 
dnsbl.njabl.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client 
relays.ordb.org, reject_rhsbl_client rhsbl.sorbs.net, reject_rhsbl_client 
dsn.rfc-ignorant.org, reject_rhsbl_client postmaster.rfc-ignorant.org

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Re: WINNING NOTIFICATION

2004-06-19 Thread Russell Coker 
On Sat, 19 Jun 2004 02:30, [EMAIL PROTECTED] wrote:
> You have lied as far as my winnings I have given what I was supposed to and
> that information is crucial to my identity..I was sent an email that I won
> at my other email address that NOONE knew..I didnt believe it was a hoax..
> I believed it so much that I have given my bank account my ,drivers
> licence, and other crucial information.I even called the NL to speak with

It was all a hoax, any money you have spent has been lost and will never be 
recovered.

Any information that you gave (such as bank account numbers) should be 
changed.  You mention that they called you, it would probably be best if you 
change your phone number so that they can't call you again.

You appear to be in the US, so contacting the FBI is the best thing for you to 
do.  But as more than a million other USians have been fooled in the same way 
as you it's unlikely that the FBI will be able to spend much time on your 
case.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Re: Which Spam Block List to use for a network?

2004-06-19 Thread Paul Johnson 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Francisco Borges <[EMAIL PROTECTED]> writes:

> I've used (through notespam) for my own private email, the following
> lists:
> Visi (relays.visi.com);
> ORDB (relays.ordb.org);
> SpamCop (bl.spamcop.net);
> dorkslayers (orbs.dorkslayers.com).

Spamcop is what I use.  I recommend it.  I also respectfully demand that
for whatever list you use, you reject it WITHOUT mentioning the
blackhole list.  It's not the list's fault that you decided to use their
listings as grounds for rejection, they don't need flak properly
directed at you.  Furthermore, be sure you have exceptions so mandatory
recipients like postmaster and abuse always accept whether or not the
sending host is listed in a BL or your site will get listed in
rfc-ignorant.org's blacklists around the first time someone who is aware
of rfc-ignorant.org tries to report a mail problem or network abuse.

> After dorkslayers started giving false positive to every single query
> I made to it, I droped it and never used it again.

Dorkslayers is dead, AFAIK.

> SpamCop works fine for my own email, where most people are whitelisted,
> but is said [1] not to be suitable for a production environment and what
> we have here is precisely that...

I use it on a 30-user hobby server with users almost exclusively in
North America.  Your mileage may vary with a larger server.

- -- 
Paul Johnson
<[EMAIL PROTECTED]>
Linux.  You can find a worse OS, but it costs more.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA0+xFUzgNqloQMwcRAtQQAKChAAKsZo84/V8+M86BD1kSRam30ACff9l9
xkjqr41x49b096eGRygr2RA=
=oCho
-END PGP SIGNATURE-

Re: Which Spam Block List to use for a network?

2004-06-19 Thread Adam Funk 
On Saturday 19 June 2004 07:50, Russell Coker wrote:

> By far the most false-positive entries I have had are from
> postmaster.rfc-ignorant.org and abuse.rfc-ignorant.org.  The

That's because rfc-ignorant.org's lists aren't about spamming.  They are
about domains that fail to conform to certain RFCs.  (Although I
disagree with their listing of *.uk on the grounds that the UK registry
allows people to withhold their private contact details from whois.)

Re: Which Spam Block List to use for a network?

2004-06-19 Thread Russell Coker 
On Sat, 19 Jun 2004 18:04, Adam Funk <[EMAIL PROTECTED]> wrote:
> On Saturday 19 June 2004 07:50, Russell Coker wrote:
> > By far the most false-positive entries I have had are from
> > postmaster.rfc-ignorant.org and abuse.rfc-ignorant.org.  The
>
> That's because rfc-ignorant.org's lists aren't about spamming.  They are
> about domains that fail to conform to certain RFCs.  (Although I
> disagree with their listing of *.uk on the grounds that the UK registry
> allows people to withhold their private contact details from whois.)

They also list all of Australia for the same reason as listing the UK.  It 
seems that whois is not worth much any more.

There is a correlation between lack of support for [EMAIL PROTECTED] and 
[EMAIL PROTECTED] and the domain being a rogue domain used for spam.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Re: Which Spam Block List to use for a network?

2004-06-19 Thread Tim Connors 
Russell Coker <[EMAIL PROTECTED]> said on Sat, 19 Jun 2004 19:54:55 +1000:
> On Sat, 19 Jun 2004 18:04, Adam Funk <[EMAIL PROTECTED]> wrote:
> > On Saturday 19 June 2004 07:50, Russell Coker wrote:
> > > By far the most false-positive entries I have had are from
> > > postmaster.rfc-ignorant.org and abuse.rfc-ignorant.org.  The
> >
> > That's because rfc-ignorant.org's lists aren't about spamming.  They are
> > about domains that fail to conform to certain RFCs.  (Although I
> > disagree with their listing of *.uk on the grounds that the UK registry
> > allows people to withhold their private contact details from whois.)

Haven't they always allowed to be fake anyway? Isn't that how spammers
get away with spamming in the US?

> They also list all of Australia for the same reason as listing the UK.  It 
> seems that whois is not worth much any more.

And all of our national monopoly^Wcarrier are in some other
blacklists, because they are not so prompt in dealing with
spam. Unfortunately, what does every ISP use as an upstream?

-- 
TimC -- http://astronomy.swin.edu.au/staff/tconnors/
Never trust a man who can count to 1,023 on his fingers.

Postfix patching..

2004-06-19 Thread Aaron Goulding 
Okay, so at suggestions, I ran the relay tester at abuse.net and passed all 
15 tests. I get entries like this in my logs:

Jun 18 20:05:59 mephitsune postfix/smtpd[8791]: reject: RCPT from 
www.abuse.net[208.31.42.77]: 554 
<[EMAIL PROTECTED]>: Relay access denied; 
from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]>

What worries me, is the other entries that are showing up:
Jun 18 20:14:01 mephitsune postfix/smtp[9198]: DE193136FD: 
to=<[EMAIL PROTECTED]>, relay=none, delay=69342, status=deferred (connect to 
net.co.com[206.21.217.26]: Connection refused)

And I do get a lot of those. So is my machine relaying, based on this? And 
if so, how do I stop it?

Thanks in advance!
-Aaron, Dreamchaos.net administrator.

Re: relay protection for Postfix

2004-06-19 Thread Jérôme Warnier 
Le sam 19/06/2004 à 01:29, Aaron Goulding a écrit :
> Okay, there's a lot of talk on -user about spam control, and I'd like to 
> make sure my own server is properly secured. Could anyone recomend basic 
> steps for Debian STABLE running Postfix for the MTA, to make sure it's not 
> being used as a relay point? I want to be able to deliever mail from the 
> box itself (to keep SquirrelMail working) but other than that, no one 
> should be able to deliver mail through my machine.
> 
> I figure this is a pretty simple item, and I'm just missing the steps in 
> the docs. Thanks in advance!
If you just want to allow sending mail from the machine itself
(including Squirrelmail), only allow 127.0.0.1, which is default, I
think.
That's all.

> -Aaron, Dreamchaos.net administrator
-- 
Jérôme Warnier
Consultant
BeezNest
http://beeznest.net

Re: spam from an auto-responder

2004-06-19 Thread Arnt Karlsen 
On Wed, 16 Jun 2004 00:58:34 -0500, Andy wrote in message 
<[EMAIL PROTECTED]>:

> You could always tell him that he's just handing his new email address
> out to all the spambots testing his old one. That might scare him 
> enough to turn the damn thing off.

..or, this could be an opportunity for an useful-uses-of-netcat-pingpong
contest; there _are_ spammers out there, and the lullaby singer senator
who made his son so drowsy after law school that he took SCOvsIBM,
has stated he "is interested" in such methods, at least to curb music
etc file sharing piracy.

-- 
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.

Re: Postfix MTA and amavisd-new (Debian) calls clamd and spamassassin on a mailgateway (success)

2004-06-19 Thread jb 
I tried your config, but without editing something in the main.cf like
content_filter=amavis this won´t work, this means mail is delivered
without filtering. So far, so good. If i add something like
content_filter=amavis:10024 every check is passed and at the end, the
spamfilter.sh scripts sends the parsed and tagged message with sendmail -i
to postfix, and the fun starts all over again. Is there a mystical device
that stops parsing messages if they are tagged with X-something headers?
It should be logical to endlessly queue the message with your
configuration, or do i miss an important fact?

OK, I think I have Spamassasin working with Clamd on my Debian box.

I using the following Debian packages:

>From Sarge:
ii  razor  2.361-3spam-catcher using a collaborative
filtering
ii  spamassassin   2.63-1 Perl-based spam filter using text analysis
ii  spamc  2.63-1 Client for perl-based spam filtering daemon
ii  amavisd-new20030616p7-3   Interface between MTA and virus
scanner/cont

>From Woody:
ii  postfix1.1.11-0.woody A high-performance mail transport agent
ii  postfix-doc1.1.11-0.woody Postfix documentation
ii  postfix-ldap   1.1.11-0.woody LDAP map support for Postfix
ii  postfix-pcre   1.1.11-0.woody PCRE map support for Postfix
ii  postfix-tls1.1.11+tls0.7. TLS and SASL support for Postfix

My master.cf looks like this:
===

smtp inet n - y - - smtpd -o content_filter=smtp-amavis:[127.0.0.1]:10024
smtp  unix  -   -   -   -   -   smtp
pickupfifo  n   -   -   60  1   pickup
cleanup   unix  n   -   -   -   0   cleanup
qmgr  fifo  n   -   -   300 1   nqmgr
rewrite   unix  -   -   -   -   -   trivial-rewrite
bounceunix  -   -   -   -   0   bounce
defer unix  -   -   -   -   0   bounce
flush unix  n   -   -   1000?   0   flush
smtp  unix  -   -   -   -   -   smtp
showq unix  n   -   -   -   -   showq
error unix  -   -   -   -   -   error
local unix  -   n   n   -   -   local
virtual   unix  -   n   n   -   -   virtual
lmtp  unix  -   -   n   -   -   lmtp

smtp-amavis unix -  -   n   -   10  smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes

127.0.0.1:10025 inet n  -   n   -   10  smtpd
-o content_filter=spamfilter
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes

maildrop  unix  -   n   n   -   30  pipe
user=daemon argv=/usr/bin/maildrop -d $user

spamfilter unix -   n   n   -   10  pipe
user=amavis argv=/etc/postfix/spamfilter.sh -f ${sender} --
${recipient}

uucp  unix  -   n   n   -   -   pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)

ifmailunix  -   n   n   -   -   pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)

bsmtp unix  -   n   n   -   -   pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender
$recipient


My spamfilter looks like this:
===

#!/bin/sh
#
#/etc/postfix/spamfilter.sh
SENDMAIL="/usr/lib/sendmail -i"
SPAMASSASSIN=/usr/bin/spamc

EX UNAVAILABLE=69

$SPAMASSASSIN -f 2>/dev/null \
| $SENDMAIL "$@" || \
 { echo Message content rejected; exit $EX UNAVAILABLE; }
exit 0

My /etc/default/spamd.conf looks like this:

# /etc/default/spamd.conf
# Duncan Findlay

# WARNING read README.spamd before using.  THERE ARE SECURITY RISKS!

# Change to one to enable spamd
ENABLED=1

# Options
# See man spamd for possible options. The -d option is automatically added.
OPTIONS="-c -m 10 -a -H"

# Set nice level of spamd
#NICE="--nicelevel 16"

My /etc/amavis/amavisd.conf looks like this

$mydomain = 'annapolislinux.org';  # (no useful default)
$daemon_user  = 'amavis';   # (no default (undef))
$daemon_group = 'amavis';   # (no default (undef))
$X_HEADER_TAG = 'X-Virus-Scanned';  # (default: undef)
$X_HEADER_LINE = "by $myversion (Debian) at $mydomain";
$forward method = 'smtp:127.0.0.1:10025';  # where to forward checked mail
$notify method = $forward method;  # where to submit notifications


On 01/04/04 09:52 -0500, Theodore Knab wrote:
> This is kind of a Postfix MTA question.
>
> I was wondering if anyon