You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Yoda Woda <yo...@yahoo.com> on 2007/10/19 16:30:47 UTC

How to Reject Messages

Here my scenario:  I have postfix and spamassassin installed in a gateway machine.  Postfix accepts incoming messages, pipes them to spamassassin for scoring, which then pipes them back to postfix to be relayed to another machine.  This work fine for us 
   
  What I am trying to do now is to have spamassassin reject a message (say if the score is above 5) before it is re-injected back to postfix for relay.  How can I accomplish this.  Here is my master.cf:
   
    #smtp inet n - n - - smtpd
  smtp inet n - n - - smtpd -o content_filter=spam
  spam unix - n n - - pipe user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail.postfix -oi -f ${sender} ${recipient}
  #smtps inet n - n - - smtpd
  # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
  #submission inet n - n - - smtpd
  # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_etrn_restrictions=reject
  #628 inet n - n - - qmqpd
  pickup fifo n - n 60 1 pickup
  cleanup unix n - n - 0 cleanup
  qmgr fifo n - n 300 1 qmgr
  #qmgr fifo n - n 300 1 oqmgr
  #tlsmgr fifo - - n 300 1 tlsmgr
  rewrite unix - - n - - trivial-rewrite
  bounce unix - - n - 0 bounce
  defer unix - - n - 0 bounce
  trace unix - - n - 0 bounce
  verify unix - - n - 1 verify
  flush unix n - n 1000? 0 flush
  proxymap unix - - n - - proxymap
  smtp unix - - n - - smtp
  relay unix - - n - - smtp
  # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
  showq unix n - n - - showq
  error unix - - n - - error
  #local unix - n n - - local
  virtual unix - n n - - virtual
  lmtp unix - - n - - lmtp
  anvil unix - - n - 1 anvil


 __________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Re: How to Reject Messages

Posted by Per Jessen <pe...@computer.org>.

David B Funk wrote:

> Using sendmail and a milter it is easily possible to do a proper
> reject (571) at incoming SMTP time. How can this be properly done
> using postfix? 

You can do pre-queue filtering with postfix - whether you'll want to do
so depends on your inbound transaction rate.  

/Per Jessen, Zürich

Re: How to Reject Messages

Posted by Noel Jones <no...@gmail.com>.

On 10/19/07, David B Funk <db...@engineering.uiowa.edu> wrote:
> On Fri, 19 Oct 2007, Noel Jones wrote:
>
> > On 10/19/07, Yoda Woda <yo...@yahoo.com> wrote:
> > > Here my scenario:  I have postfix and spamassassin installed in a gateway
> > > machine.  Postfix accepts incoming messages, pipes them to spamassassin for
> > > scoring, which then pipes them back to postfix to be relayed to another
> > > machine.  This work fine for us
> > >
> > > What I am trying to do now is to have spamassassin reject a message (say if
> > > the score is above 5) before it is re-injected back to postfix for relay.
> > > How can I accomplish this.  Here is my master.cf:
> >
> > Don't reject messages once postfix has accepted them.  This makes you
> > a backscatter source and will eventually get you blacklisted.
> >
> > You can discard messages that are over some score threshold by either
> > using a postfix header_checks rule in the reinjection postfix
> > instance, or better, run spamassassin under amavisd-new and use it to
> > quarantine/discard messages over some score.
>
> Using sendmail and a milter it is easily possible to do a proper
> reject (571) at incoming SMTP time. How can this be properly done
> using postfix? Currently I use sendmail+milter in my MXs, I've thought
> about switching to postifx but dont want to lose that functionality.
>
> Dave

Postfix supports milters, use version 2.4.5 or newer for best results.
 You should be able to continue using your existing milter if you like
its feature set.
Postfix also supports pre queue filtering with the smtpd_proxy_filter
setting.  Amavisd-new is one example of a program that can be used in
this manner (but it's recommended to use amavisd-new as a post-queue
content_filter).

See postfix docs or postfix-users list for details.

Note that when using any kind of pre-queue filtering, whether via a
milter or a proxy, peak throughput is limited to the throughput of the
filter.  Running a resource intensive filter such as SpamAssassin
pre-queue is best limited to small sites or larger sites that can
allocate enough hardware to handle the expected peak load.

-- 
Noel Jones

Re: How to Reject Messages

Posted by David B Funk <db...@engineering.uiowa.edu>.

On Fri, 19 Oct 2007, Noel Jones wrote:

> On 10/19/07, Yoda Woda <yo...@yahoo.com> wrote:
> > Here my scenario:  I have postfix and spamassassin installed in a gateway
> > machine.  Postfix accepts incoming messages, pipes them to spamassassin for
> > scoring, which then pipes them back to postfix to be relayed to another
> > machine.  This work fine for us
> >
> > What I am trying to do now is to have spamassassin reject a message (say if
> > the score is above 5) before it is re-injected back to postfix for relay.
> > How can I accomplish this.  Here is my master.cf:
>
> Don't reject messages once postfix has accepted them.  This makes you
> a backscatter source and will eventually get you blacklisted.
>
> You can discard messages that are over some score threshold by either
> using a postfix header_checks rule in the reinjection postfix
> instance, or better, run spamassassin under amavisd-new and use it to
> quarantine/discard messages over some score.

Using sendmail and a milter it is easily possible to do a proper
reject (571) at incoming SMTP time. How can this be properly done
using postfix? Currently I use sendmail+milter in my MXs, I've thought
about switching to postifx but dont want to lose that functionality.

Dave

-- 
Dave Funk                                  University of Iowa
<dbfunk (at) engineering.uiowa.edu>        College of Engineering
319/335-5751   FAX: 319/384-0549           1256 Seamans Center
Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{

Re: How to Reject Messages

Posted by Noel Jones <no...@gmail.com>.

On 10/19/07, Yoda Woda <yo...@yahoo.com> wrote:
> Here my scenario:  I have postfix and spamassassin installed in a gateway
> machine.  Postfix accepts incoming messages, pipes them to spamassassin for
> scoring, which then pipes them back to postfix to be relayed to another
> machine.  This work fine for us
>
> What I am trying to do now is to have spamassassin reject a message (say if
> the score is above 5) before it is re-injected back to postfix for relay.
> How can I accomplish this.  Here is my master.cf:

Don't reject messages once postfix has accepted them.  This makes you
a backscatter source and will eventually get you blacklisted.

You can discard messages that are over some score threshold by either
using a postfix header_checks rule in the reinjection postfix
instance, or better, run spamassassin under amavisd-new and use it to
quarantine/discard messages over some score.

-- 
Noel Jones

Re: How to Reject Messages

Posted by Evan Platt <ev...@espphotography.com>.

SpamAssassin won't / can't reject mail. You'd need to use procmail or 
another similar method.

At 07:30 AM 10/19/2007, Yoda Woda wrote:
>Here my scenario:  I have postfix and spamassassin installed in a 
>gateway machine.  Postfix accepts incoming messages, pipes them to 
>spamassassin for scoring, which then pipes them back to postfix to 
>be relayed to another machine.  This work fine for us
>
>What I am trying to do now is to have spamassassin reject a message 
>(say if the score is above 5) before it is re-injected back to 
>postfix for relay.  How can I accomplish this.  Here is my master.cf:

Re: How to Reject Messages

Posted by Per Jessen <pe...@computer.org>.

Yoda Woda wrote:

> Here my scenario:  I have postfix and spamassassin installed in a
> gateway machine.  Postfix accepts incoming messages, pipes them to
> spamassassin for scoring, which then pipes them back to postfix to be
> relayed to another machine.  This work fine for us
>    
>   What I am trying to do now is to have spamassassin reject a message
>   (say if the score is above 5) before it is re-injected back to
>   postfix for relay.  How can I accomplish this.  

Leave it to postfix to reject messages.  You could use a header_check to
look at the Spam-Summary added by spamassassin. 


/Per Jessen, Zürich

Re: How to Reject Messages

Posted by LEVEAU Stanislas <st...@ac-caen.fr>.

hi

use a filter as amavisd-new for example.
Spamassassin give a score and amavisd-new with this score reject or 
accept a message


in amavisd.conf  (file configuration) :

$sa_tag2_level_deflt = 5; (score)
$sa_kill_level_deflt = $sa_tag2_level_deflt;
$final_spam_destiny       = D_DISCARD;

if a message score is equal or  > 5   message is discard

regards

Yoda Woda a écrit :
> Here my scenario:  I have postfix and spamassassin installed in a 
> gateway machine.  Postfix accepts incoming messages, pipes them to 
> spamassassin for scoring, which then pipes them back to postfix to be 
> relayed to another machine.  This work fine for us 
>  
> What I am trying to do now is to have spamassassin reject a message 
> (say if the score is above 5) before it is re-injected back to postfix 
> for relay.  How can I accomplish this.  Here is my master.cf:
>  
> #smtp inet n - n - - smtpd
> smtp inet n - n - - smtpd -o content_filter=spam
> spam unix - n n - - pipe user=spamd argv=/usr/bin/spamc -f -e 
> /usr/sbin/sendmail.postfix -oi -f ${sender} ${recipient}
> #smtps inet n - n - - smtpd
> # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
> #submission inet n - n - - smtpd
> # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o 
> smtpd_etrn_restrictions=reject
> #628 inet n - n - - qmqpd
> pickup fifo n - n 60 1 pickup
> cleanup unix n - n - 0 cleanup
> qmgr fifo n - n 300 1 qmgr
> #qmgr fifo n - n 300 1 oqmgr
> #tlsmgr fifo - - n 300 1 tlsmgr
> rewrite unix - - n - - trivial-rewrite
> bounce unix - - n - 0 bounce
> defer unix - - n - 0 bounce
> trace unix - - n - 0 bounce
> verify unix - - n - 1 verify
> flush unix n - n 1000? 0 flush
> proxymap unix - - n - - proxymap
> smtp unix - - n - - smtp
> relay unix - - n - - smtp
> # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
> showq unix n - n - - showq
> error unix - - n - - error
> #local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> anvil unix - - n - 1 anvil
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>

-- 
*LEVEAU Stanislas**
*Rectorat de Caen
SIAC
168, rue Caponière
B.P. 6184
14061 CAEN Cedex
	/

Service Informatique de l'académie de Caen
Département Systèmes & Réseaux/


 Tel : 02.31.30.17.86