Loading ...
Sorry, an error occurred while loading the content.

prevent archiving SPAM mails

Expand Messages
  • Nalinda Herath
    Hi all, Recently I have integrated spmassassin to my existing postfix system. But now I need to tune my archiving settings in postfix to prevent from
    Message 1 of 17 , Jul 18, 2012
    • 0 Attachment
      Hi all,

      Recently I have integrated spmassassin to my existing postfix system. But now I need to tune  my archiving settings in postfix to prevent from archiving mails tagged as spam.

      It will be really helpful If someone can help me on this. Thanks.

      Regards,
      Nalinda


      --
      Regards,
      Nalinda


    • Noel Jones
      ... General procedure -- apply anti-spam and anti-virus before the archiving procedure. One way to do this is to run spamassassin in a pre-queue
      Message 2 of 17 , Jul 18, 2012
      • 0 Attachment
        On 7/18/2012 11:22 AM, Nalinda Herath wrote:
        > Hi all,
        >
        > Recently I have integrated spmassassin to my existing postfix
        > system. But now I need to tune my archiving settings in postfix to
        > prevent from archiving mails tagged as spam.
        >
        > It will be really helpful If someone can help me on this. Thanks.
        >
        > Regards,
        > Nalinda
        >
        > --
        > Regards,
        > Nalinda
        >
        >


        General procedure -- apply anti-spam and anti-virus before the
        archiving procedure.

        One way to do this is to run spamassassin in a pre-queue
        smtpd_proxy_filter or milter so only clean mail enters postfix. Or
        with a traditional postfix after queue content_filter, do your
        archiving in the after-filter postfix instance.

        If you need a more specific answer, you'll need to share full
        details of your postfix setup, your archiving procedure, and how
        you've integrated spamassassin.
        http://www.postfix.org/DEBUG_README.html#mail


        -- Noel Jones
      • M. Fioretti
        ... so if it was a false positive, there won t be any copy whatsoever, anywhere on your server? Marco http://mfioretti.com
        Message 3 of 17 , Jul 18, 2012
        • 0 Attachment
          On Wed, Jul 18, 2012 21:52:56 PM +0530, Nalinda Herath wrote:
          > Hi all,
          >
          > Recently I have integrated spmassassin to my existing postfix system. But now I
          > need to tune my archiving settings in postfix to prevent from archiving mails
          > tagged as spam.

          so if it was a false positive, there won't be any copy whatsoever, anywhere on your server?

          Marco
          http://mfioretti.com
        • Reindl Harald
          ... well, we have days with 500000 spams log with the reason why it was blocked is enough
          Message 4 of 17 , Jul 19, 2012
          • 0 Attachment
            Am 19.07.2012 07:32, schrieb M. Fioretti:
            > On Wed, Jul 18, 2012 21:52:56 PM +0530, Nalinda Herath wrote:
            >> Hi all,
            >>
            >> Recently I have integrated spmassassin to my existing postfix system. But now I
            >> need to tune my archiving settings in postfix to prevent from archiving mails
            >> tagged as spam.
            >
            > so if it was a false positive, there won't be any copy whatsoever, anywhere on your server?

            well, we have days with 500000 spams
            log with the reason why it was blocked is enough
          • Nalinda Herath
            In my current setup, server will not discard any mail even though they are tagged as SPAM. all the spam mails are routed to the junk folder s of each user.
            Message 5 of 17 , Jul 19, 2012
            • 0 Attachment

              In my current setup, server will not discard any mail even though they are tagged as SPAM. all the spam mails are routed to the junk folder's of each user. According to our policy, we cannot discard any mail, and users are allowed to check whether any mail has been accidentally tagged as SPAM.

              We simply BCC the emails which are received to the server by setting always_bcc = <email address>

              I need some workaround to prevent archiving mails tagged as spam by Spamassassin.

              Regards,
              Nalinda



              On Wed, Jul 18, 2012 at 10:22 PM, Noel Jones <njones@...> wrote:
              On 7/18/2012 11:22 AM, Nalinda Herath wrote:
              > Hi all,
              >
              > Recently I have integrated spmassassin to my existing postfix
              > system. But now I need to tune  my archiving settings in postfix to
              > prevent from archiving mails tagged as spam.
              >
              > It will be really helpful If someone can help me on this. Thanks.
              >
              > Regards,
              > Nalinda
              >
              > --
              > Regards,
              > Nalinda
              >
              >


              General procedure -- apply anti-spam and anti-virus before the
              archiving procedure.

              One way to do this is to run spamassassin in a pre-queue
              smtpd_proxy_filter or milter so only clean mail enters postfix.  Or
              with a traditional postfix after queue content_filter, do your
              archiving in the after-filter postfix instance.

              If you need a more specific answer, you'll need to share full
              details of your postfix setup, your archiving procedure, and how
              you've integrated spamassassin.
              http://www.postfix.org/DEBUG_README.html#mail


                -- Noel Jones



              --
              Regards,
              Nalinda


            • Robert Schetterer
              ... as an option, archive spam tagged mail as usual filter tagged spam mails in archive mailbox in junk folder with i.e sieve as usual delete per cron tagged
              Message 6 of 17 , Jul 19, 2012
              • 0 Attachment
                Am 19.07.2012 10:23, schrieb Nalinda Herath:
                >
                > In my current setup, server will not discard any mail even though they
                > are tagged as SPAM. all the spam mails are routed to the junk folder's
                > of each user. According to our policy, we cannot discard any mail, and
                > users are allowed to check whether any mail has been accidentally tagged
                > as SPAM.
                >
                > We simply BCC the emails which are received to the server by setting
                > always_bcc = <email address>
                >
                > I need some workaround to prevent archiving mails tagged as spam by
                > Spamassassin.
                >
                > Regards,
                > Nalinda


                as an option, archive spam tagged mail as usual
                filter tagged spam mails in archive mailbox in junk folder with i.e
                sieve as usual

                delete per cron tagged spam mail in the archive mailbox junk folder
                after X days

                i with dovecot

                http://wiki2.dovecot.org/Plugins/Expire

                >
                >
                >
                > On Wed, Jul 18, 2012 at 10:22 PM, Noel Jones <njones@...
                > <mailto:njones@...>> wrote:
                >
                > On 7/18/2012 11:22 AM, Nalinda Herath wrote:
                > > Hi all,
                > >
                > > Recently I have integrated spmassassin to my existing postfix
                > > system. But now I need to tune my archiving settings in postfix to
                > > prevent from archiving mails tagged as spam.
                > >
                > > It will be really helpful If someone can help me on this. Thanks.
                > >
                > > Regards,
                > > Nalinda
                > >
                > > --
                > > Regards,
                > > Nalinda
                > >
                > >
                >
                >
                > General procedure -- apply anti-spam and anti-virus before the
                > archiving procedure.
                >
                > One way to do this is to run spamassassin in a pre-queue
                > smtpd_proxy_filter or milter so only clean mail enters postfix. Or
                > with a traditional postfix after queue content_filter, do your
                > archiving in the after-filter postfix instance.
                >
                > If you need a more specific answer, you'll need to share full
                > details of your postfix setup, your archiving procedure, and how
                > you've integrated spamassassin.
                > http://www.postfix.org/DEBUG_README.html#mail
                >
                >
                > -- Noel Jones
                >
                >
                >
                >
                > --
                > Regards,
                > Nalinda
                >
                >


                --
                Best Regards
                MfG Robert Schetterer
              • Reindl Harald
                ... no, they only get qurantine notifies but not about blocked messages ... i am allowed to use a Barracuda Networks spam/anti-virus firewall as it is ... why
                Message 7 of 17 , Jul 19, 2012
                • 0 Attachment
                  Am 19.07.2012 13:36, schrieb M. Fioretti:
                  > On Thu, Jul 19, 2012 10:13:36 AM +0200, Reindl Harald wrote:
                  >
                  >>> so if it was a false positive, there won't be any copy whatsoever,
                  >>> anywhere on your server?
                  >>
                  >> well, we have days with 500000 spams log with the reason why it was
                  >> blocked is enough
                  >
                  > but do your users get an excerpt of those logs with the
                  > subjects/senders of the spam addressed to them?

                  no, they only get qurantine notifies but not about
                  blocked messages

                  > Are you allowed to not give them any way whatsoever to find out that
                  > they "lost" some legitimate, but misclassified message

                  i am allowed to use a Barracuda Networks spam/anti-virus
                  firewall as it is

                  > before some angry customer calls
                  > asking why they did not answer?

                  why should they?
                  the get a bounce from THEIR OWN mailserver

                  this is the way how email works

                  * you send a message over your SMTP
                  * your mailserver contacts the MX
                  * if the MX rejects you get a bounce from YOUR mailserver
                  * postmaster is not filtered, so any admin can contact me

                  --

                  Reindl Harald
                  the lounge interactive design GmbH
                  A-1060 Vienna, Hofmühlgasse 17
                  CTO / CISO / Software-Development
                  p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
                  icq: 154546673, http://www.thelounge.net/

                  http://www.thelounge.net/signature.asc.what.htm
                • Robert Schetterer
                  ... why not use i.e spamass milter to block spam tagged mails during smtp income stage at defined value man spamass-milter -r nn Reject scanned email if it
                  Message 8 of 17 , Jul 19, 2012
                  • 0 Attachment
                    Am 19.07.2012 13:36, schrieb M. Fioretti:
                    > On Thu, Jul 19, 2012 10:13:36 AM +0200, Reindl Harald wrote:
                    >
                    >>> so if it was a false positive, there won't be any copy whatsoever,
                    >>> anywhere on your server?
                    >>
                    >> well, we have days with 500000 spams log with the reason why it was
                    >> blocked is enough
                    >
                    > but do your users get an excerpt of those logs with the
                    > subjects/senders of the spam addressed to them? Are you allowed to not
                    > give them any way whatsoever to find out that they "lost" some
                    > legitimate, but misclassified message before some angry customer calls
                    > asking why they did not answer?
                    >
                    > I am not complaining, mind you. Just really curious.
                    >
                    > Marco
                    >

                    why not use i.e spamass milter
                    to block spam tagged mails during smtp income stage at defined value

                    man spamass-milter

                    -r nn Reject scanned email if it greater than or equal to nn. If -1,
                    reject scanned email if SpamAssassin tags it as spam (useful if you are
                    also using the -u flag,
                    and users have changed their required_hits value).

                    this reduces spam tagged mail which you have to sort in users in users
                    mailbox junk folders in general

                    i.e if you flag spam about a level at 5 , all over level 10 should be no
                    problem get rejected, between 5-10 flag it only , beyond nothing happens

                    this method i legal in germany

                    also you might consider using clamav-milter with sanesecurity antispam
                    signatures, wich helps al lot here too
                    --
                    Best Regards
                    MfG Robert Schetterer
                  • M. Fioretti
                    ... but do your users get an excerpt of those logs with the subjects/senders of the spam addressed to them? Are you allowed to not give them any way whatsoever
                    Message 9 of 17 , Jul 19, 2012
                    • 0 Attachment
                      On Thu, Jul 19, 2012 10:13:36 AM +0200, Reindl Harald wrote:

                      > > so if it was a false positive, there won't be any copy whatsoever,
                      > > anywhere on your server?
                      >
                      > well, we have days with 500000 spams log with the reason why it was
                      > blocked is enough

                      but do your users get an excerpt of those logs with the
                      subjects/senders of the spam addressed to them? Are you allowed to not
                      give them any way whatsoever to find out that they "lost" some
                      legitimate, but misclassified message before some angry customer calls
                      asking why they did not answer?

                      I am not complaining, mind you. Just really curious.

                      Marco
                    • M. Fioretti
                      ... because they see their email treated as spam, of course. However, I had completely forgotten about bounces in the first place. Now it is clear, thanks.
                      Message 10 of 17 , Jul 19, 2012
                      • 0 Attachment
                        On Thu, Jul 19, 2012 11:52:08 AM +0200, Reindl Harald wrote:
                        > > before some angry customer calls
                        > > asking why they did not answer?
                        >
                        > why should they?

                        because they see their email treated as spam, of course. However, I
                        had completely forgotten about bounces in the first place. Now it is
                        clear, thanks.

                        Marco
                      • Benny Pedersen
                        ... point is its accepted not blocked
                        Message 11 of 17 , Jul 19, 2012
                        • 0 Attachment
                          Den 2012-07-19 10:13, Reindl Harald skrev:
                          >> so if it was a false positive, there won't be any copy whatsoever,
                          >> anywhere on your server?
                          > well, we have days with 500000 spams
                          > log with the reason why it was blocked is enough

                          point is its accepted not blocked
                        • Benny Pedersen
                          ... so there we go again, what do you do with spam in postmaster account ? i have being there, beginned to recieve spams there and the sender domain got my
                          Message 12 of 17 , Jul 19, 2012
                          • 0 Attachment
                            Den 2012-07-19 11:52, Reindl Harald skrev:

                            > * you send a message over your SMTP
                            > * your mailserver contacts the MX
                            > * if the MX rejects you get a bounce from YOUR mailserver
                            > * postmaster is not filtered, so any admin can contact me

                            so there we go again, what do you do with spam in postmaster account ?

                            i have being there, beginned to recieve spams there and the sender
                            domain got my attention to bloc the leaseweb servers, so thay leasrn it
                            did not work for them, if i wanted cartoons i can get them elsewhere

                            Stop sending us spam. We don't need your cheap Viagra or fake Rolex. Do
                            something else, work in a Subway or McDonalds, or sell hotdogs, but
                            don't send us spam.

                            could not resist posting it
                          • Reindl Harald
                            ... if you accept spam you are doing it wrong
                            Message 13 of 17 , Jul 20, 2012
                            • 0 Attachment
                              Am 20.07.2012 03:11, schrieb Benny Pedersen:
                              > Den 2012-07-19 10:13, Reindl Harald skrev:
                              >>> so if it was a false positive, there won't be any copy whatsoever, anywhere on your server?
                              >> well, we have days with 500000 spams
                              >> log with the reason why it was blocked is enough
                              >
                              > point is its accepted not blocked

                              if you accept spam you are doing it wrong
                            • Reindl Harald
                              ... sieve is your friend for this crap :-) if header :matches [ Subject ] [ We grow thin quickly* , Start Working Today* , Job Proposal* , Current Open
                              Message 14 of 17 , Jul 20, 2012
                              • 0 Attachment
                                Am 20.07.2012 03:31, schrieb Benny Pedersen:
                                > Den 2012-07-19 11:52, Reindl Harald skrev:
                                >
                                >> * you send a message over your SMTP
                                >> * your mailserver contacts the MX
                                >> * if the MX rejects you get a bounce from YOUR mailserver
                                >> * postmaster is not filtered, so any admin can contact me
                                >
                                > so there we go again, what do you do with spam in postmaster account?

                                sieve is your friend for this crap :-)

                                if header :matches ["Subject"]
                                [
                                "We grow thin quickly*",
                                "Start Working Today*",
                                "Job Proposal*",
                                "Current Open Position*",
                                "Administrative Sales*",
                                "Administrative Assistant*",
                                "Job Opportunity*",
                                "Start New Employment Today*",
                                "Assistant Vacancy*",
                                "Get a New Job*",
                                "Working Part Time*",
                                "Virtual Manager*",
                                "Current Vacancy*",
                                "Job Offer*",
                                "Virtual Assistant*",
                                "Submit your nomination*",
                                "Database Management*",
                                "my hot pics*",
                                "hey honey*",
                                "A call for nomination*",
                                "Employment*",
                                "Vacancy*",
                                "Fantastische Ergebnisse*",
                                "Open Vacancy*",
                                "New job*",
                                "Listados de*",
                                "PAID SURVEYS*",
                                "Part-Time Work*",
                                "Career opportunity*",
                                "it`s me again*",
                                "Control de Accesos*",
                                "Add the title*",
                                "Job ad*",
                                "Position opening*",
                                "Bases de empresas*",
                                "hi honey*",
                                "Es ist der magische*",
                                "As a matter*",
                                "READ ME*",
                                "*got those pics*",
                                "hey there*",
                                "Bekommen Sie Philip Stein*",
                                "I seek for your sincere*",
                                "hi sweetie*",
                                "Re: your profile",
                                "Spy devices*",
                                "postmaster order on www.gsm-proslushka.com",
                                "my pics for you",
                                "*Your monthly income can be increased*",
                                "*We will advise you for free*",
                                "*We offer you a personal decision*",
                                "*per hour for remote assistance*",
                                "*We invite you to a remote job*",
                                "*We are looking for assistants in your town*",
                                "*Wake up her true desires*",
                                "*can earn more*",
                                "*financial consulting*",
                                "*fw: job",
                                "*fw: reseume*",
                                "*Great opportunity*",
                                "*Re: my profile*",
                                "*my profile*",
                                "*PAYMENT NEW CODE*",
                                "*Promocione*",
                                "*re: reseume*",
                                "*We are currently looking to recruit",
                                "fw: work*",
                                "Working in Europe",
                                "Full recruitment*",
                                "Most Good Recruiters",
                                "*Consultant*",
                                "*methods of power*",
                                "*with the advertising*",
                                "*promotion company looking*",
                                "You can earn an additional*",
                                "*hour work week*",
                                "*Wir suchen einen Operationsmanager*",
                                "Re: Urgent Notification*",
                                "*INVESTMENT PARTNERSHIP*",
                                "*Arbeitsmarkt Naturwissenschaften*",
                                "Angebote im Netz",
                                "You are nominated*",
                                "Soka job*",
                                "Re: remember me*",
                                "Karriarcenter*",
                                "Jobbvagledare*",
                                "RE: Jobbsokande*",
                                "Abwesend: Spam Quarantine*",
                                "Do you desire*",
                                "Small helper for*",
                                "Do you want to gratify*"
                                ]
                                {
                                discard;
                                }
                                else
                                {
                                keep;
                                }
                              • Kris Deugau
                                ... That class of filtering gets **really** tiresome to maintain though. :/ Personally, I ve found that running SpamAssassin with a threshold of 8 instead of
                                Message 15 of 17 , Jul 20, 2012
                                • 0 Attachment
                                  Reindl Harald wrote:
                                  > sieve is your friend for this crap :-)

                                  That class of filtering gets **really** tiresome to maintain though. :/

                                  Personally, I've found that running SpamAssassin with a threshold of 8
                                  instead of 5 works quite well; legitimate abuse reports (even with
                                  complete attached spams) rarely go over 8 points.

                                  -kgd
                                • Reindl Harald
                                  ... well i do not use any self-built spam-filter on my servers because i am not only mail-admin and have enough other work with all sort of servertypes as also
                                  Message 16 of 17 , Jul 20, 2012
                                  • 0 Attachment
                                    Am 20.07.2012 16:18, schrieb Kris Deugau:
                                    > Reindl Harald wrote:
                                    >> sieve is your friend for this crap :-)
                                    >
                                    > That class of filtering gets **really** tiresome to maintain though. :/
                                    >
                                    > Personally, I've found that running SpamAssassin with a threshold of 8
                                    > instead of 5 works quite well; legitimate abuse reports (even with
                                    > complete attached spams) rarely go over 8 points.

                                    well i do not use any self-built spam-filter on my servers
                                    because i am not only mail-admin and have enough other work
                                    with all sort of servertypes as also software development
                                    and security-auditing (own software and servers)

                                    for me the mailserver has just to work after put a lot
                                    of hpurs in the setup and backend-development

                                    so barracuda networks does the job of mail-filtering really
                                    good the last seven years and the subject-list for sieve is
                                    not so long - customers needs access to quarantine mails
                                    and options to override global settings - not funny to
                                    implement all this safe and secure with SpamAssassin

                                    there are only few idiots spamming postmaster-accounts
                                  • mouss
                                    ... how do you deliver the archived mail? if it s via an LDA such as dovecot or maildrop or procmail, you can create a rule to discard mail which has a header
                                    Message 17 of 17 , Jul 22, 2012
                                    • 0 Attachment
                                      Le 19/07/2012 10:23, Nalinda Herath a écrit :
                                      > In my current setup, server will not discard any mail even though they are
                                      > tagged as SPAM. all the spam mails are routed to the junk folder's of each
                                      > user. According to our policy, we cannot discard any mail, and users are
                                      > allowed to check whether any mail has been accidentally tagged as SPAM.
                                      >
                                      > We simply BCC the emails which are received to the server by setting
                                      > always_bcc = <email address>
                                      >


                                      how do you deliver the archived mail? if it's via an LDA such as dovecot
                                      or maildrop or procmail, you can create a rule to discard mail which has
                                      a header that says it's spam (X-Spam-Flag: YES).

                                      if you want that in postfix, then you need to do some work.

                                      [multiple instances of postfix]
                                      if you accept to run multiple instances (run postfix multiple times,
                                      with different configurations etc), then make ue a specific domain for
                                      the archive (for exemple: archive.example.com), then use transport maps
                                      to direct such mail to its own instance. and in this instance, use
                                      header_checks to discard mail tagged as spam.


                                      [in a single instance]
                                      with a single instance, you can't use routing (transport_maps) because
                                      transport_maps is global to an instance, and you don't want to creat a
                                      loop. but you can create a dedicated smtpd listener.
                                      here is an example:

                                      1- use a different domain for mail archiving. but instead of always_bcc,
                                      I'll recommend using recipient_bcc_maps:
                                      recipient_bcc_maps = pcre:/etc/postfix/recipient_bcc.pcre

                                      then in recipient_bcc.pcre, something like
                                      /(.*)@example\.com$/ bcc+$1@...

                                      add an expression for any domain you want to archive mail for.

                                      side benefit: you have the original recipient in the bcc address!
                                      (this assumes you have recipient_delimiter = +).


                                      2- In your after-the-filter smtpd (assuming you are using a filter such
                                      as amavisd-new), add a check_recipient_access to pass such mail to a
                                      specific smtpd (that you need to add):
                                      ...
                                      ...
                                      check_recipient_access hash:/etc/postfix/filter_bcc.hash

                                      and in filter_bcc.hash:

                                      archive.example.com FILTER filter:[127.0.0.1]:10624
                                      .archive.example.com FILTER filter:[127.0.0.1]:10624

                                      (here, I assume you start an smtpd on 10624 for such mail, and I assume
                                      you defined a filter named "filter". this may be the same as you use to
                                      passe your mail to your "standard" filter).

                                      3- for the smtpd on 10624, create a cleanup service that uses a
                                      check_headers to do
                                      /^X\-Spam\-Flag: YES/ DISCARD


                                      PS. instead of discarding such spam, better deliver it to a special
                                      account which is purged more often. this gives you a chance to
                                      re-archive a message if someone says it was a false positive... etc.
                                      (and it gives you the content if someone claims it is a false positive
                                      but you don't agree. of course, reading other people's mail requires
                                      their consent and/or support by your local policy. but you almost always
                                      can run a script to parse the Received headers and show that the message
                                      passed via bad networks, without ever touching the body...).
                                      debating this is however off-topic here. I only wanted you to kknow that
                                      this is a possibility...

                                      > I need some workaround to prevent archiving mails tagged as spam by
                                      > Spamassassin.
                                      >
                                      > Regards,
                                      > Nalinda
                                      >
                                      >
                                      >
                                      > On Wed, Jul 18, 2012 at 10:22 PM, Noel Jones <njones@...> wrote:
                                      >
                                      >> On 7/18/2012 11:22 AM, Nalinda Herath wrote:
                                      >>> Hi all,
                                      >>>
                                      >>> Recently I have integrated spmassassin to my existing postfix
                                      >>> system. But now I need to tune my archiving settings in postfix to
                                      >>> prevent from archiving mails tagged as spam.
                                      >>>
                                      >>> It will be really helpful If someone can help me on this. Thanks.
                                      >>>
                                      >>> Regards,
                                      >>> Nalinda
                                      >>>
                                      >>> --
                                      >>> Regards,
                                      >>> Nalinda
                                      >>>
                                      >>>
                                      >>
                                      >>
                                      >> General procedure -- apply anti-spam and anti-virus before the
                                      >> archiving procedure.
                                      >>
                                      >> One way to do this is to run spamassassin in a pre-queue
                                      >> smtpd_proxy_filter or milter so only clean mail enters postfix. Or
                                      >> with a traditional postfix after queue content_filter, do your
                                      >> archiving in the after-filter postfix instance.
                                      >>
                                      >> If you need a more specific answer, you'll need to share full
                                      >> details of your postfix setup, your archiving procedure, and how
                                      >> you've integrated spamassassin.
                                      >> http://www.postfix.org/DEBUG_README.html#mail
                                      >>
                                      >>
                                      >> -- Noel Jones
                                      >>
                                      >
                                      >
                                      >
                                    Your message has been successfully submitted and would be delivered to recipients shortly.