You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by J Thomas Hancock <jt...@bwsys.net> on 2004/10/13 19:10:59 UTC
More Configuration Questions
I apologize for the questions, but this is how my Boss wants things done and
who am I to argue with him. I figure he will listen to me better if I have
a creditable source, the SpamAssassin mailing list, backing me up versus me
by myself.
Part 1:
My boss is convinced that SpamAssassin can delete an email if it crosses a
certain hit threshold. Everything I have read states that SpamAssassin can
only add a flag to the message (be it a subject rewrite, something in the
header, ect) and that the MTA, postfix in our case, rejects the message
based on that flag. So am I correct in stating that SpamAssassin can not
delete a message?
Part 2:
My last question to this list was how to able to flag the message for
deleting if the required_hits exceeds 15, for argument sake, and rewrite the
subject header if the required_hits exceeds 10. I was told SpamAssassin
could not do that. I looked into using MailScanner, but the PHB did not
like that solution since it took too much customization to read the users
preferences from a MySQL table. We came up with 2 ugly solutions.
The first solution is to run two instances of SpamAssassin. Instance one
runs the required_hits for deleting the message and the second instance runs
the scan for rewriting the subject. Each instance of SpamAssassin can run
on a different port/IP address. Does anyone here have any experience with
such a configuration?
The second solution would be to set postfix to reject a message if the
header contains "Spam Score 15", "Spam Score 16", "Spam Score 17" ect.
Ugly, I know.
What are the thoughts of the members of this list? Does anyone have any
other suggestions besides MailScanner and our two solutions?
Thank you for your assistance.
Tom Hancock
Re: More Configuration Questions
Posted by Matt Yackley <sa...@yackley.org>.
Kevin Peuhkurinen said:
>
> J Thomas Hancock wrote:
>
>> I apologize for the questions, but this is how my Boss wants things
>> done and who am I to argue with him. I figure he will listen to me
>> better if I have a creditable source, the SpamAssassin mailing list,
>> backing me up versus me by myself.
>>
>> Part 1:
>>
>> My boss is convinced that SpamAssassin can delete an email if it
>> crosses a certain hit threshold. Everything I have read states that
>> SpamAssassin can only add a flag to the message (be it a subject
>> rewrite, something in the header, ect) and that the MTA, postfix in
>> our case, rejects the message based on that flag. So am I correct in
>> stating that SpamAssassin can not delete a message?
>>
> Correct.
>
>> Part 2:
>>
>> My last question to this list was how to able to flag the message for
>> deleting if the required_hits exceeds 15, for argument sake, and
>> rewrite the subject header if the required_hits exceeds 10. I was told
>> SpamAssassin could not do that. I looked into using MailScanner, but
>> the PHB did not like that solution since it took too much
>> customization to read the users preferences from a MySQL table. We
>> came up with 2 ugly solutions.
>>
>> The first solution is to run two instances of SpamAssassin. Instance
>> one runs the required_hits for deleting the message and the second
>> instance runs the scan for rewriting the subject. Each instance of
>> SpamAssassin can run on a different port/IP address. Does anyone here
>> have any experience with such a configuration?
>>
>> The second solution would be to set postfix to reject a message if the
>> header contains Spam Score 15, Spam Score 16, Spam Score 17 ect.
>>
>> Ugly, I know.
>>
>> What are the thoughts of the members of this list? Does anyone have
>> any other suggestions besides MailScanner and our two solutions?
>>
>> Thank you for your assistance.
>>
>> Tom Hancock
>>
> amavis-new can do this nicely. You can set a "tag" level which allows
> subject re-writing and a "kill" level above which the email can be
> either deleted outright or quarantined (either to a seperate mailbox or
> folder on the server).
>
I agree, amavisd-new handles this pretty well. I use amavisd-new, postfix & SA as
relay server before delivering to Exchange.
1. SA score => -999 points add X-Spam-* headers to the message.
This way I can always see what triggered on a message without searching log files.
2. SA Score => 6.0 points, tag as spam, message is delivered to user. Users can use
rules within their MUA to handle these.
3. SA Score => 10.0 points, message is delivered to quarantine mbox on the relay
server and is not delivered to end user.
4. Amavisd-new blacklisted sender, message bypasses SA tests and is marked as spam
and delivered to quarantine mbox on relay server and is not delivered to end user.
5. Amavisd-new whitelisted sender, message bypasses SA tests and is delivered to end
user. Useful for skipping scanning like SA users mailing list traffic, as I also
use site-wide bayes with auto-learn, I wouldn't want to have SA mails get -100
points and then auto-learn discussions about spam. ;)
The other nice feature was when we first rolled this out, I set final spam
destination to pass, so that at => 12.0 message was delivered to quarantine and the
end user. using this method we were able to tune the system for a few months before
we stopped delivering the really spammy stuff to the users. Also worked our way
down to a kill level of 10 points.
Note: We have a clear policy in place that all comminucations belong to the company
and that no one has a right to privacy. Still, check with your boss & lawyers
before reviewing mail that was destined for other folks.
In the end the answer is no, SpamAssassin can't / won't delete email. You need
another tool to delete the messages based on what SpamAssassin scores the message
at. Oh, and don't blame SA if you loose any real messages. :)
HTH,
Matt
Re: More Configuration Questions
Posted by Kevin Peuhkurinen <ke...@hepcoe.com>.
J Thomas Hancock wrote:
> I apologize for the questions, but this is how my Boss wants things
> done and who am I to argue with him. I figure he will listen to me
> better if I have a creditable source, the SpamAssassin mailing list,
> backing me up versus me by myself.
>
> Part 1:
>
> My boss is convinced that SpamAssassin can delete an email if it
> crosses a certain hit threshold. Everything I have read states that
> SpamAssassin can only add a flag to the message (be it a subject
> rewrite, something in the header, ect) and that the MTA, postfix in
> our case, rejects the message based on that flag. So am I correct in
> stating that SpamAssassin can not delete a message?
>
Correct.
> Part 2:
>
> My last question to this list was how to able to flag the message for
> deleting if the required_hits exceeds 15, for argument sake, and
> rewrite the subject header if the required_hits exceeds 10. I was told
> SpamAssassin could not do that. I looked into using MailScanner, but
> the PHB did not like that solution since it took too much
> customization to read the users preferences from a MySQL table. We
> came up with 2 ugly solutions.
>
> The first solution is to run two instances of SpamAssassin. Instance
> one runs the required_hits for deleting the message and the second
> instance runs the scan for rewriting the subject. Each instance of
> SpamAssassin can run on a different port/IP address. Does anyone here
> have any experience with such a configuration?
>
> The second solution would be to set postfix to reject a message if the
> header contains “Spam Score 15”, “Spam Score 16”, “Spam Score 17” ect.
>
> Ugly, I know.
>
> What are the thoughts of the members of this list? Does anyone have
> any other suggestions besides MailScanner and our two solutions?
>
> Thank you for your assistance.
>
> Tom Hancock
>
amavis-new can do this nicely. You can set a "tag" level which allows
subject re-writing and a "kill" level above which the email can be
either deleted outright or quarantined (either to a seperate mailbox or
folder on the server).
Re: More Configuration Questions
Posted by Tobias von Koch <tv...@weltcharts.de>.
Hey,
On Wed, 13 Oct 2004 12:10:59 -0500, J Thomas Hancock wrote:
JTH>[...]
JTH> What are the thoughts of the members of this list? Does anyone
JTH> have any other suggestions besides MailScanner and our two
JTH> solutions?
Try amavisd-new. It integrates perfectly into the postfix mail system,
*cannot* lose mail and is relatively fast. It supports SA 3 and
per-address settings in an SQL database.
Have a look at http://www.ijs.si/software/amavisd/ .
A quick note to keep you from running into problems with this
setup: When using SA 3.0.0 with amavisd-new turn off Pyzor, DCC
and bayes_learn_to_journal(default off) - or - wait for 3.0.1.
tobias
--
=======================================================
.deSecure, Bahnhofstr. 59, D-85296 Rohrbach, Germany
Ihr Partner für Applikationsentwicklung + Sicherheit
Phone: +49 8442 964 164 -- Fax: +49 8442 964 163
=======================================================
Re: More Configuration Questions
Posted by Jim Maul <jm...@elih.org>.
J Thomas Hancock wrote:
> I apologize for the questions, but this is how my Boss wants things done
> and who am I to argue with him. I figure he will listen to me better if
> I have a creditable source, the SpamAssassin mailing list, backing me up
> versus me by myself.
>
>
>
> Part 1:
>
> My boss is convinced that SpamAssassin can delete an email if it crosses
> a certain hit threshold. Everything I have read states that
> SpamAssassin can only add a flag to the message (be it a subject
> rewrite, something in the header, ect) and that the MTA, postfix in our
> case, rejects the message based on that flag. So am I correct in
> stating that SpamAssassin can not delete a message?
>
>
SpamAssassin can not delete the message, plain and simple.
>
> Part 2:
>
> My last question to this list was how to able to flag the message for
> deleting if the required_hits exceeds 15, for argument sake, and rewrite
> the subject header if the required_hits exceeds 10. I was told
> SpamAssassin could not do that. I looked into using MailScanner, but
> the PHB did not like that solution since it took too much customization
> to read the users preferences from a MySQL table. We came up with 2
> ugly solutions.
>
>
>
> The first solution is to run two instances of SpamAssassin. Instance
> one runs the required_hits for deleting the message and the second
> instance runs the scan for rewriting the subject. Each instance of
> SpamAssassin can run on a different port/IP address. Does anyone here
> have any experience with such a configuration?
>
>
>
> The second solution would be to set postfix to reject a message if the
> header contains “Spam Score 15”, “Spam Score 16”, “Spam Score 17” ect.
>
>
>
> Ugly, I know.
>
>
>
> What are the thoughts of the members of this list? Does anyone have any
> other suggestions besides MailScanner and our two solutions?
>
>
Both SpamAssassin and Postfix should not handle this. What is in
between should. I dont know what you are using to integrate postfix and
SpamAssassin, but I would look around in that program as to how to do
this. I'm using qmail w/ qmail-scanner which (patched) has the ability
to delete messages over a certain spam threshold. I would think many
other integration programs (like qmail-scanner) would be able to do this
as well. This solution is far better than either that you mentioned above.
-Jim
Re: More Configuration Questions
Posted by Loren Wilton <lw...@earthlink.net>.
> > Part 2:
> >
> > The second solution would be to set postfix to reject a message if the
> > header contains “Spam Score 15”, “Spam Score 16”, “Spam Score 17” ect.
In procmail a standard trick is to look at the line of asterisks, which is
one per point.
So if you have 15 or more asterisks in a row, delete the message. One
simple (hopefully!) test.
Loren
Re: More Configuration Questions
Posted by "Jorg B." <jo...@cwo.com>.
J Thomas Hancock wrote:
> I apologize for the questions, but this is how my Boss wants things
> done and who am I to argue with him. I figure he will listen to me
> better if I have a creditable source, the SpamAssassin mailing list,
> backing me up versus me by myself.
>
> Part 1:
>
> My boss is convinced that SpamAssassin can delete an email if it
> crosses a certain hit threshold. Everything I have read states that
> SpamAssassin can only add a flag to the message (be it a subject
> rewrite, something in the header, ect) and that the MTA, postfix in
> our case, rejects the message based on that flag. So am I correct in
> stating that SpamAssassin can not delete a message?
>
You are right, Spamassassin by itself can NOT delete messages....
However, you can delete messages based on the score by using an external
program such as procmail.
There are some examples on the spamassassin web site on how to use
procmail to delete mail marked as spam.
> Part 2:
>
> My last question to this list was how to able to flag the message for
> deleting if the required_hits exceeds 15, for argument sake, and
> rewrite the subject header if the required_hits exceeds 10. I was told
> SpamAssassin could not do that. I looked into using MailScanner, but
> the PHB did not like that solution since it took too much
> customization to read the users preferences from a MySQL table. We
> came up with 2 ugly solutions.
>
> The first solution is to run two instances of SpamAssassin. Instance
> one runs the required_hits for deleting the message and the second
> instance runs the scan for rewriting the subject. Each instance of
> SpamAssassin can run on a different port/IP address. Does anyone here
> have any experience with such a configuration?
>
> The second solution would be to set postfix to reject a message if the
> header contains “Spam Score 15”, “Spam Score 16”, “Spam Score 17” ect.
>
> Ugly, I know.
>
> What are the thoughts of the members of this list? Does anyone have
> any other suggestions besides MailScanner and our two solutions?
>
I don't have any experience with MailScanner... Again by using procmail
you can delete any message that exceeds a score of 15.
You can also add something like [message score _SCORE_] (where _SCORE_
is being replace with the actual score number) to the subject if the
message exceeds a certain value.
I don't see any reason why you would want to run 2 instances of spamc/spamd.
JB
Re: More Configuration Questions
Posted by Fred <sp...@freddyt.com>.
J Thomas Hancock wrote:
> Part 1:
>
> My boss is convinced that SpamAssassin can delete an email if it
> crosses a certain hit threshold. Everything I have read states that
> SpamAssassin can only add a flag to the message (be it a subject
> rewrite, something in the header, ect) and that the MTA, postfix in
> our case, rejects the message based on that flag. So am I correct in
> stating that SpamAssassin can not delete a message?
You are exactly correct, good job doing the research before hand. The
program you use to integrate SA into your mail system will have the end
control of the outcome of a message. In your case, with Procmail, you could
simply delete the message (not recommended) or you could bounce the message
(even worse than the previous idea of deleting) or you could filter it into
a seperate folder / inbox to be reviewed. The last idea is the best idea.
It's never a good idea to just delete or bounce a message.
> Part 2:
>
> My last question to this list was how to able to flag the message for
> deleting if the required_hits exceeds 15, for argument sake, and
> rewrite the subject header if the required_hits exceeds 10. I was
> told SpamAssassin could not do that. I looked into using
> MailScanner, but the PHB did not like that solution since it took too
> much customization to read the users preferences from a MySQL table.
> We came up with 2 ugly solutions.
I bounce messages which score over 6.6, it's been a long road of
whitelisting specific senders and closely watching this sytem to make it
work for us like this.
We use MIMEDefang to accomplish this, it's fairly easy if you know some
perl, but for Procmail, I will leave that to someone who knows more.
>
>
>
> The first solution is to run two instances of SpamAssassin. Instance
> one runs the required_hits for deleting the message and the second
> instance runs the scan for rewriting the subject. Each instance of
> SpamAssassin can run on a different port/IP address. Does anyone
> here have any experience with such a configuration?
Never needed to do anything like this, You could have both configs combined
into one instance. Rewrite the subject and delete / move the message if it
reaches your threshold.