You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Chris Rouffer <ch...@rouffer.com> on 2007/03/29 18:03:14 UTC
SpamAssassin as a filter, without running a mail server?
Hello,
I've read the FAQ, and searched on Google for a couple of days now, but
can't seem to find the answer I need. It may be that I'm simply asking the
wrong question, or misunderstanding what I read, but hopefully someone here
can help me.
I've been given the job of adding an Internet Content filter, firewall, and
spam filter to a small network in a non-profit organizaiton. Right now
there are about 5 email accounts, and their mail server is at their
web-host. Is it possible for me to run SpamAssassin as a filter on the
firewall box, so that it simply filters email when the user retrieves it
from the mail server:
RemoteMailServer------->[Firewall/Spamfilter/ContentFilter]--------->User's
Machines
I have no access to the RemoteMailServer. The
[Firewall/Spamfilter/ContentFilter] is a Ubuntu Dapper box running Shorewall
and DansGuardian. The user machines are Win2k and WindowsXP. I'd prefer
not to mess with the user accounts, if possible, so that we can add new
users or change email passwords without playing with the firewall box.
With DansGuardian, I forward all http traffic to a specific port, it's
filtered by DansGuardian, then forwarded on. Can I do the same thing with
SpamAssassin? Forward all inbound smtp traffic through some sort of mail
proxy and SA, or am I approaching this completely wrong?
Thanks for your help.
Chris
Re: SpamAssassin as a filter, without running a mail server?
Posted by Phil Barnett <ph...@philb.us>.
On Thursday 29 March 2007 12:03, Chris Rouffer wrote:
> I've been given the job of adding an Internet Content filter, firewall, and
> spam filter to a small network in a non-profit organizaiton. Right now
> there are about 5 email accounts, and their mail server is at their
> web-host. Is it possible for me to run SpamAssassin as a filter on the
> firewall box, so that it simply filters email when the user retrieves it
> from the mail server:
I'd start with IPCop for the firewall.
http://www.ipcop.org
Then I'd add CopPlus (which is Dan's Guardian packaged for IPCop).
http://home.earthlink.net/~copplus/
Then I'd add CopFilter to finish it off.
http://www.copfilter.org
That would get you a nice appliance that has all the administration controls
available via web pages.
An alternative to CopFilter would be to build a second box and build up a
MailScanner box for the email. For a small place, that would probably be
overkill. For a large outfit, I'd probably go that route and split mail
scanning off from the firewall.
I have a recipe for a MailScanner box here:
http://www.leap-cf.org/presentations/MailScanner/
I believe that ClarkConnect can also do all the things you mention, but I
think you have to purchase some of the modules.
--
Ballmer is basically saying: We know there's a problem but we're not going to
tell you what it is because we want to ambush you in the future.
Re: SpamAssassin as a filter, without running a mail server?
Posted by "John D. Hardin" <jh...@impsec.org>.
On Thu, 29 Mar 2007, Chris Rouffer wrote:
> I've read the FAQ, and searched on Google for a couple of days
> now, but can't seem to find the answer I need. It may be that I'm
> simply asking the wrong question, or misunderstanding what I read,
> but hopefully someone here can help me.
>
> I've been given the job of adding an Internet Content filter,
> firewall, and spam filter to a small network in a non-profit
> organizaiton. Right now there are about 5 email accounts, and
> their mail server is at their web-host. Is it possible for me to
> run SpamAssassin as a filter on the firewall box, so that it
> simply filters email when the user retrieves it from the mail
> server:
>
> RemoteMailServer------->[Firewall/Spamfilter/ContentFilter]--------->User's
> Machines
>
> I have no access to the RemoteMailServer.
It sounds to me like you have a few options:
(1) set up local mail accounts, and feed them off the hosted mailboxes
using fetchmail. This would let you shim SA et. al. into the local
delivery path. Users would have to reconfigure their POP/IMAP settings
to talk to the local mail server so it wouldn't be a change that is
*completely* transparent to them.
(2) get some sort of POP proxy that allows messages to be filtered by
SA (and possibly virus scanned). I don't know if the POP protocol
lends itself to refusing to retrieve a message for adminstrative
reasons, so that the proxy could retrieve the message and refuse to
deliver it to the client if it scores high or is contaminated.
Unfortunately I can't recommend any such as I've never had to
implement one, but searching on "pop proxy" or "pop3 proxy" might
help. Somebody else on the list may have direct experience and be
able to offer better advice.
(3) go whole hog and set up a local MTA and mailbox server that is
under your control, and point your domain's MX at it. That lets you do
anything you want.
Sorry if you've already figured all these options out for yourself...
:)
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
You are in a maze of twisty little protocols,
all written by Microsoft.
----------------------------------------------------------------------
15 days until Thomas Jefferson's 264th Birthday