SA both at external and internal servers

["N. Raghavendra" <ra...@hri.res.in>]

I work in a setup where the external mail server (say,
extmail.example.com) in a DMZ runs Spamassassin as soon as mail arrives
from the Internet, and then passes the mail to an internal mail server
(say, intmail.example.com) which has user maildirs.

The trouble is that the Spamassassin filtering at extmail isn't good,
and a lot of spam get through as ham to intmail.  However, the intmail
machine also has Spamassassin.  Is it possible for me, as a user, to
refilter the mail coming in from extmail through Spamassassin using
procmail on intmail?

In case, it's relevant, the mail coming in from extmail has headers like
this:

X-FOO-MailScanner-Information: Please contact *** for more info
X-FOO-MailScanner-ID: CD5545F305.A22A6
X-FOO-MailScanner: Found to be clean
X-FOO-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
	score=-5.818, required 5, autolearn=not spam, BAYES_00 -1.90,
	HTML_IMAGE_RATIO_04 0.56, HTML_MESSAGE 0.00, MIME_HTML_MOSTLY 0.43,
	MPART_ALT_DIFF 0.79, RCVD_IN_DNSWL_HI -5.00, RP_MATCHES_RCVD -0.70,
	T_REMOTE_IMAGE 0.01, UNPARSEABLE_RELAY 0.00)
X-FOO-MailScanner-From: epromotions@bar.com
X-Spam-Status: No

Thanks and best regards,
Raghu.

-- 
N. Raghavendra <ra...@hri.res.in>, http://www.retrotexts.net/
Harish-Chandra Research Institute, http://www.hri.res.in/

Re: SA both at external and internal servers

["N. Raghavendra" <ra...@hri.res.in>]

At 2013-08-02T13:25:45+01:00, RW wrote:

> It is, but the existing SA installation already has Bayes and network
> test running. You're only going to improve on it by better Bayes
> training and active management (tweaking and rule writing). 
>
> I think you might get better results, with less maintenance, by using a
> stand-alone statistical filter and having procmail combine the results
> from the two filters. I recommend using Bogofilter configured to use
> multi-word tokenization.

Many thanks for the suggestion.  The internal mail server now has
Bogofilter too, so I'll try it out on the mail coming through SA on the
external mail server.

Best regards,
Raghu.

-- 
N. Raghavendra <ra...@hri.res.in>, http://www.retrotexts.net/
Harish-Chandra Research Institute, http://www.hri.res.in/

Re: SA both at external and internal servers

[RW <rw...@googlemail.com>]

On Fri, 02 Aug 2013 01:39:45 +0530
N. Raghavendra wrote:

> I work in a setup where the external mail server (say,
> extmail.example.com) in a DMZ runs Spamassassin as soon as mail
> arrives from the Internet, and then passes the mail to an internal
> mail server (say, intmail.example.com) which has user maildirs.
> 
> The trouble is that the Spamassassin filtering at extmail isn't good,
> and a lot of spam get through as ham to intmail.  However, the intmail
> machine also has Spamassassin.  Is it possible for me, as a user, to
> refilter the mail coming in from extmail through Spamassassin using
> procmail on intmail?

It is, but the existing SA installation already has Bayes and network
test running. You're only going to improve on it by better Bayes
training and active management (tweaking and rule writing). 

I think you might get better results, with less maintenance, by using a
stand-alone statistical filter and having procmail combine the results
from the two filters. I recommend using Bogofilter configured to use
multi-word tokenization.

Re: SA both at external and internal servers

[James Griffin <jm...@kontrol.kode5.net>]

================Sat  3.Aug'13 at  9:19:49 +0530, N. Raghavendra================
> At 2013-08-02T09:38:42+01:00, James Griffin wrote:
> 
> > Yes, of course you can. You can put SA on any machine that processes
> > mail no matter if it's been scanned prior to arriving at your server.
> 
> Thanks for the reply.  However, since it's been pointed out by others
> that it may be better to use another Bayesian filter, I'll go with that.
> The internal mail server here now has Bogofilter, so I'll probably use
> that on the SA-filtered mail coming from the external mail server.
> 
> Best regards,
> Raghu.

Sure. The suggestions given are surely better. I was simply stating that
you can, if you wanted to, run SA on any mail server you administrate.

Best wishes,
-- 


James Griffin: jmz at kontrol.kode5.net 

A4B9 E875 A18C 6E11 F46D  B788 BEE6 1251 1D31 DC38

Re: SA both at external and internal servers

["N. Raghavendra" <ra...@hri.res.in>]

At 2013-08-02T09:38:42+01:00, James Griffin wrote:

> Yes, of course you can. You can put SA on any machine that processes
> mail no matter if it's been scanned prior to arriving at your server.

Thanks for the reply.  However, since it's been pointed out by others
that it may be better to use another Bayesian filter, I'll go with that.
The internal mail server here now has Bogofilter, so I'll probably use
that on the SA-filtered mail coming from the external mail server.

Best regards,
Raghu.

-- 
N. Raghavendra <ra...@hri.res.in>, http://www.retrotexts.net/
Harish-Chandra Research Institute, http://www.hri.res.in/

Re: SA both at external and internal servers

[James Griffin <jm...@kontrol.kode5.net>]

................Fri  2.Aug'13 at 12:55:40 +0530, N. Raghavendra................
> At 2013-08-02T01:39:45+05:30, N. Raghavendra wrote:
> 
> > I work in a setup where the external mail server (say,
> > extmail.example.com) in a DMZ runs Spamassassin as soon as mail arrives
> > from the Internet, and then passes the mail to an internal mail server
> > (say, intmail.example.com) which has user maildirs.
> >
> > The trouble is that the Spamassassin filtering at extmail isn't good,
> > and a lot of spam get through as ham to intmail.  However, the intmail
> > machine also has Spamassassin.  Is it possible for me, as a user, to
> > refilter the mail coming in from extmail through Spamassassin using
> > procmail on intmail?
> 
> Apologies for replying to myself.  In case it clarifies things, here's
> an analogous question.  Suppose I get all my mail from an ISP who uses
> SA before sending the mail to me.  Can I, as a user, use SA again with
> procmail on the incoming mail in my mail server?
 
Yes, of course you can. You can put SA on any machine that processes
mail no matter if it's been scanned prior to arriving at your server.

Re: SA both at external and internal servers

["N. Raghavendra" <ra...@hri.res.in>]

At 2013-08-02T01:39:45+05:30, N. Raghavendra wrote:

> I work in a setup where the external mail server (say,
> extmail.example.com) in a DMZ runs Spamassassin as soon as mail arrives
> from the Internet, and then passes the mail to an internal mail server
> (say, intmail.example.com) which has user maildirs.
>
> The trouble is that the Spamassassin filtering at extmail isn't good,
> and a lot of spam get through as ham to intmail.  However, the intmail
> machine also has Spamassassin.  Is it possible for me, as a user, to
> refilter the mail coming in from extmail through Spamassassin using
> procmail on intmail?

Apologies for replying to myself.  In case it clarifies things, here's
an analogous question.  Suppose I get all my mail from an ISP who uses
SA before sending the mail to me.  Can I, as a user, use SA again with
procmail on the incoming mail in my mail server?

Best regards,
Raghu.

-- 
N. Raghavendra <ra...@hri.res.in>, http://www.retrotexts.net/
Harish-Chandra Research Institute, http://www.hri.res.in/

Re: SA both at external and internal servers

["N. Raghavendra" <ra...@hri.res.in>]

At 2013-08-03T13:07:40+05:30, Ram wrote:

> Bayes and dnswl rules are causing spams to get mis classified here.

Unfortunately, nothing I can do there, since I have no say in the
administration of that server.

> You can ( allegedly :-) )  train your bayes , but I could not do this
> successfully myself with spammers deliberately putting junk text in
> mails

I haven't used SA earlier, but I've used and trained Bogofilter with
fairly good effect on a machine that I ran.

> Filtering twice with the same rules, IMHO , will be really
> pointless. Just more cpu cycles consumed

Yes, I understand that.  I was planning to use sa-learn on my personal
spam, which'd have supplemented the rules from the earlier run of SA in
the external mail server.  However, I've now decided instead to use
Bogofilter for my personal filtering on the internal mail server.

Thanks and best regards,
Raghu.

-- 
N. Raghavendra <ra...@hri.res.in>, http://www.retrotexts.net/
Harish-Chandra Research Institute, http://www.hri.res.in/

Re: SA both at external and internal servers

[Ram <ra...@netcore.co.in>]

On 08/02/2013 01:39 AM, N. Raghavendra wrote:
> I work in a setup where the external mail server (say,
> extmail.example.com) in a DMZ runs Spamassassin as soon as mail arrives
> from the Internet, and then passes the mail to an internal mail server
> (say, intmail.example.com) which has user maildirs.
>
> The trouble is that the Spamassassin filtering at extmail isn't good,
> and a lot of spam get through as ham to intmail.  However, the intmail
> machine also has Spamassassin.  Is it possible for me, as a user, to
> refilter the mail coming in from extmail through Spamassassin using
> procmail on intmail?
>
> In case, it's relevant, the mail coming in from extmail has headers like
> this:
>
> X-FOO-MailScanner-Information: Please contact *** for more info
> X-FOO-MailScanner-ID: CD5545F305.A22A6
> X-FOO-MailScanner: Found to be clean
> X-FOO-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
> 	score=-5.818, required 5, autolearn=not spam, BAYES_00 -1.90,
> 	HTML_IMAGE_RATIO_04 0.56, HTML_MESSAGE 0.00, MIME_HTML_MOSTLY 0.43,
> 	MPART_ALT_DIFF 0.79, RCVD_IN_DNSWL_HI -5.00, RP_MATCHES_RCVD -0.70,
> 	T_REMOTE_IMAGE 0.01, UNPARSEABLE_RELAY 0.00)
> X-FOO-MailScanner-From: epromotions@bar.com
> X-Spam-Status: No

Bayes and dnswl rules are causing spams to get mis classified here.
You can ( allegedly :-) )  train your bayes , but I could not do this 
successfully myself with spammers deliberately putting junk text in mails

Use better network based rules


Filtering twice with the same rules, IMHO , will be really pointless. 
Just more cpu cycles consumed













> Thanks and best regards,
> Raghu.
>