[IMC-Tech] Re: [Imc-web] Email and imsahp Tue Aug 22 10:42 CDT
reboot
dan blah
dan.blah at gmail.com
Wed Aug 23 20:11:25 CDT 2006
awesome... thanks for the info. what do you think about using the sa
blacklists and moving to spamd/spamc? also, i was thinking about
using temfs for the spool directory used to create the tmp files for
scanning. dunno if all of this will help or hurt performance. as it
seems to me fixing/moving apache will solve lots.
On 8/23/06, Zach M <leftistmuppet at gmail.com> wrote:
> I just upgraded clamav which had a recently discovered buffer overrun
> that allowed a denial of service attack. The mail queue is now empty.
> I suspect this may have been the problem.
>
> There is no customer list. Someone has to generate one. Look at all
> the mailman lists and all the virtual hosts in apache. Figure out who
> runs each organization. Ask me about ones you can't figure out.
>
> Mail works like this:
>
> Postfix receives a message via smtpd.
>
> The message is first passed to postgrey which does greylisting (if no
> messages have been previously received from this
> <sender,recipient,sender-ip> triple before then delivery acceptance
> is deferred for 300 seconds. Correctly configured mail daemons resend
> every 5-15 minutes. Some spammers tend not to resend. Postgray is a
> service that gets a message a message on a localhost port and simply
> returns an answer of whether the message should be accepted or
> deferred.
>
> When the message gets past postgrey it is sent to amavisd. Which is a
> spam and virus filtering daemon that coordinates spamassassin and
> clamav. Amavis receives an SMTP style message on a localhost port and
> then re-delivers an SMTP style message back to a special localhost
> port on postfox.
>
> Amavis sends the message to clamav for a virus check.
>
> If the message passes clamav, Amavis sends the message through
> spamassassin for a spam check.
>
> If the message passed spamassassin, amavis sends the message back to
> postfix for final delivery.
>
> Things you can tweak: There are a number of envelope checks that
> postfix can do that you could enable. You could prevent postfix from
> ever even accepting certain messages from certain kinds of spam
> sources (using black hole lists, using checks for non-RFC compliant
> SMTP behavior, etc). Every one of these checks introduces the
> possibility that ham will be lost forever without sender or recipient
> knowing that it was mis-identified. These policies must be very
> carefully researched and considered.
>
> Spam assassin rules can be adjusted/updated.
>
> Spamassassin rules live in /etc/spamassassin. In particulate check out
> /etc/spamassassin/local.cf
>
> Postfix configs live in /etc/postfix. In particularly check out
> main.cf and master.cf.
>
> Amavis configs live in /etc/amavis/amavisd.conf
>
> Caught spam and virus mails live in /var/lib/amavis/virusmails (which
> I occasionally rotate out since it has tens of thousands of messages
> in it).
>
> I have several utilities for redelivering caught spam at:
> /home/wolfgang/bin/process_spam.pl and /etc/wolfgang/bin/redeliver_non_spam.pl
>
> If you are going to use the spam redelivery programs PLEASE read them
> carefully and understand what they do first. They are quick hacks that
> I put together myself and I need you to understand them before running
> them.
>
--
Daniel
More information about the IMC-Tech
mailing list