[IMC-Tech] Re: [Imc-web] Email and imsahp Tue Aug 22 10:42 CDT
reboot
Zach M
leftistmuppet at gmail.com
Wed Aug 23 10:00:24 CDT 2006
Keeping imsahp up to date on security patches. Run these as root:
apt-get update
apt-get dist-upgrade
Be preparated to check that anything that got upgraded actually still
works. Keep an eye on http://www.debian.org/security/ to understand
what the updates are about.
On 8/23/06, Zach M <leftistmuppet at gmail.com> wrote:
> I just upgraded clamav which had a recently discovered buffer overrun
> that allowed a denial of service attack. The mail queue is now empty.
> I suspect this may have been the problem.
>
> There is no customer list. Someone has to generate one. Look at all
> the mailman lists and all the virtual hosts in apache. Figure out who
> runs each organization. Ask me about ones you can't figure out.
>
> Mail works like this:
>
> Postfix receives a message via smtpd.
>
> The message is first passed to postgrey which does greylisting (if no
> messages have been previously received from this
> <sender,recipient,sender-ip> triple before then delivery acceptance
> is deferred for 300 seconds. Correctly configured mail daemons resend
> every 5-15 minutes. Some spammers tend not to resend. Postgray is a
> service that gets a message a message on a localhost port and simply
> returns an answer of whether the message should be accepted or
> deferred.
>
> When the message gets past postgrey it is sent to amavisd. Which is a
> spam and virus filtering daemon that coordinates spamassassin and
> clamav. Amavis receives an SMTP style message on a localhost port and
> then re-delivers an SMTP style message back to a special localhost
> port on postfox.
>
> Amavis sends the message to clamav for a virus check.
>
> If the message passes clamav, Amavis sends the message through
> spamassassin for a spam check.
>
> If the message passed spamassassin, amavis sends the message back to
> postfix for final delivery.
>
> Things you can tweak: There are a number of envelope checks that
> postfix can do that you could enable. You could prevent postfix from
> ever even accepting certain messages from certain kinds of spam
> sources (using black hole lists, using checks for non-RFC compliant
> SMTP behavior, etc). Every one of these checks introduces the
> possibility that ham will be lost forever without sender or recipient
> knowing that it was mis-identified. These policies must be very
> carefully researched and considered.
>
> Spam assassin rules can be adjusted/updated.
>
> Spamassassin rules live in /etc/spamassassin. In particulate check out
> /etc/spamassassin/local.cf
>
> Postfix configs live in /etc/postfix. In particularly check out
> main.cf and master.cf.
>
> Amavis configs live in /etc/amavis/amavisd.conf
>
> Caught spam and virus mails live in /var/lib/amavis/virusmails (which
> I occasionally rotate out since it has tens of thousands of messages
> in it).
>
> I have several utilities for redelivering caught spam at:
> /home/wolfgang/bin/process_spam.pl and /etc/wolfgang/bin/redeliver_non_spam.pl
>
> If you are going to use the spam redelivery programs PLEASE read them
> carefully and understand what they do first. They are quick hacks that
> I put together myself and I need you to understand them before running
> them.
>
More information about the IMC-Tech
mailing list