Re: [courier-users] integrating courier + virus + spam checking

Wed, 11 Feb 2004 14:18:26 -0800 

On Tue, 10 Feb 2004 19:09:19 -0800
Moshe Gurvich <[EMAIL PROTECTED]> diligently divulged:

> I have working Courier + SpamAssassin + Amavis + F-Prot setup without 
> patching anything.
> 
> /etc/courier/courierd:
> #=#=#=#=#=#=#=#=#=#
> DEFAULTDELIVERY="| /usr/sbin/amavis | /usr/lib/courier/bin/maildrop"
> #=#=#=#=#=#=#=#=#=#
> 
> /etc/courierd/maildroprc:
> [...]

Hi 

But this means that messages will only get filtered when being delivered locally.

I would like to virus-check every message (and possibly reject it at the smtp level) 
that passes the system, and do spam-checks at the user level.


BTW (and just for the record) the below setup works for all practical reasons - the 
only problem is the smtp return code to the client is not "550 5.7.1 Content 
rejected", but "550 Redirection failed" (probably an amavisd issue) if a virus is 
found.

Setup:

- amavisd installed as a global filter, with spam checking disabled (runs as courier 
user, has to be started by hand after courier, as courierfilter just hangs and waits 
for something that never happens)
- clamd (runs as courier user)
- courier esmtpd

This takes care of the smtp part. All mails gets scanned by clamd via amavisd and 
rejected if infected

- spamd
- etc/courierd: DEFAULTDELIVERY="| /usr/local/bin/spamc |/usr/courier/etc/maildroprc"
- etc/maildroprc:
if(/^X-Spam-Level: -----.*$/)
{
to "Maildir/.SPAM"
}

This filters all local messages through spamc, which tags it with hyphens "-" and has 
maildrop take a system wide default action if the spam level exceeds 5. .SPAM gets 
created if it doesn't exist in a user's Maildir. This honours SA user_prefs. 

- Additionally, each user can have their own filter rules in .mailfilter which get 
applied if the system threshold was not passed.

For virtual users, this is a bit tricky: .mailfilter will be executed, but spamd can't 
find their homes. As Bowie pointed out in his mail, you can tell spamd where to look 
for user_prefs: the -x  and --virtual-config-dir directives take care of that. You 
could then create links for real local users from virtual-config-dir to their 
effective $home. I decided to just have one generic SA user_prefs for all virtual 
users - since they're virtual, they don't have a system account and won't be logging 
in and edit their spam preferences.


Well, just my .02 anyhow

krgds /markus

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to