[qmailtoaster] Re: More SPAM

Fri, 07 Mar 2014 11:41:19 -0800

spamdyke will reject 80+% of spam w/out even receiving it. That lightens the load on your server considerably as well, as none of these messages are scanned by clamav and spamassassin, which are cpu intensive.
Everyone should run spamdyke. It's 'stock' in the upcoming QMT packages. You should use qtp-install-spamdyke to install it on "legacy" QMT hosts. 


Sanesecurity will mostly just get phishing attempts. I do use 
sanesecurity, but found that FPs sometimes happen from Financial 
Institutions (Chase, Amex, et al), so I've set up tcp.smtp (based on 
their SPF records) to bypass scanning from their servers.



On 03/07/2014 12:22 PM, Scot Needy wrote:




Wait spamdyke is more robust ?


If you're running spamdyke, it's very likely that spamassassin won't
find much spam.


Based on that comment I ran qtp-install-sanesecurity.

Still getting these obvious txt based spam mails.

qmlog -f smtp  Does look like simscan is being run and
03-07 14:11:51 policy_check: policy allows transmission
03-07 14:11:52 simscan:[1730]:CLEAN (1.30/12.00):1.0847s:5.1.45.0
Relaunch Staging Release - STARTED: ….


The domain is a small domain, mostly aliases to a few service addreses.
I’d prefer to be on the more secure side as from line staff seem to get
click happy with links in e-mails.


On Mar 7, 2014, at 1:24 PM, Eric Shubert <e...@shubes.net
<mailto:e...@shubes.net>> wrote:


Your QMAILQUEUE appears to be ok. Otherwise, you wouldn't be seeing
any messages in the spamd log.

Do you have spamdyke installed? That's where the robust spam control
is happening. You'll see the results when you
# qmlog -f smtp

--
-Eric 'shubes'

On 03/07/2014 11:07 AM, Scot Needy wrote:

I didn’t think NAT had anything to do with it. Just wanted to make sure
that was not the issue.

Searching around google results and the lists I find a lot of helpful
information but it’s in small chunks like correcting the tcp.smtp rules
to include simscan to the QMAILQUE variable.

Installed QmailToaster and QMT+ on CentOS 5.1.

I guess I expected a more robust spam control out of the box and was
concerned it wasn’t working at all.

How des SaneSecurity compare?   Recommendations ?





On Mar 7, 2014, at 11:31 AM, Eric Shubert <e...@shubes.net
<mailto:e...@shubes.net>
<mailto:e...@shubes.net>> wrote:


On 03/07/2014 07:39 AM, Scot Needy wrote:

My spam assassin does not appear to be working.


Appears to me to be working.
If you're running spamdyke, it's very likely that spamassassin won't
find much spam.



Anyone have any good links for validating and troubleshooting spam
through a NAT ?


What's a NAT have to do with it?






@400000005319d7120170bc7c Mar  7 09:26:16.024 [31183] info: prefork:
child states: II
@400000005319d7b1226759a4 Mar  7 09:28:55.577 [31082] info: spamd:
connection from localhost.localdomain [127.0.0.1] at port 33833
@400000005319d7b122b48774 Mar  7 09:28:55.582 [31082] info: spamd:
processing message
<ed8099add9ae4778a5795ebca031d...@blupr01mb438.prod.exchangelabs.com 
<mailto:ed8099add9ae4778a5795ebca031d...@blupr01mb438.prod.exchangelabs.com>
<mailto:ed8099add9ae4778a5795ebca031d...@blupr01mb438.prod.exchangelabs.com>>
for clamav:89
@400000005319d7b1324abf8c Mar  7 09:28:55.844 [31082] info: spamd:
clean message (1.3/5.0) for clamav:89 in 0.3 seconds, 12049 bytes.
@400000005319d7b1324c84ac Mar  7 09:28:55.844 [31082] info: spamd:
result: . 1 - AWL,HTML_MESSAGE,RDNS_NONE
scantime=0.3,size=12049,user=clamav,uid=89,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33833,mid=<ed8099add9ae4778a5795ebca031d...@blupr01mb438.prod.exchangelabs.com
<mailto:ed8099add9ae4778a5795ebca031d...@blupr01mb438.prod.exchangelabs.com>
<mailto:ed8099add9ae4778a5795ebca031d...@blupr01mb438.prod.exchangelabs.com>>,autolearn=no
@400000005319d7b1348390bc Mar  7 09:28:55.881 [31183] info: prefork:
child states: II
@400000005319d8840f4ed0cc Mar  7 09:32:26.257 [31082] info: spamd:
connection from localhost.localdomain [127.0.0.1] at port 33880
@400000005319d8840f726244 Mar  7 09:32:26.259 [31082] info: spamd:
processing message (unknown) for clamav:89
@400000005319d8841b4b443c Mar  7 09:32:26.458 [31082] info: spamd:
clean message (2.8/5.0) for clamav:89 in 0.2 seconds, 588 bytes.
@400000005319d8841b4ce24c Mar  7 09:32:26.458 [31082] info: spamd:
result: . 2 - MISSING_DATE,MISSING_MID,RDNS_NONE
scantime=0.2,size=588,user=clamav,uid=89,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33880,mid=(unknown),autolearn=no
@400000005319d8841d755414 Mar  7 09:32:26.494 [31183] info: prefork:
child states: II
@400000005319d8be30ffec24 Mar  7 09:33:24.822 [31082] info: spamd:
connection from localhost.localdomain [127.0.0.1] at port 33882
@400000005319d8be3355a3c4 Mar  7 09:33:24.861 [31082] info: spamd:
processing message <d0efa248.1628.cc7e.c...@nanopy.asia
<mailto:d0efa248.1628.cc7e.c...@nanopy.asia>
<mailto:d0efa248.1628.cc7e.c...@nanopy.asia>> for clamav:89
@400000005319d8bf09937444 Mar  7 09:33:25.161 [31082] info: spamd:
clean message (-1.0/5.0) for clamav:89 in 0.3 seconds, 383288 bytes.
@400000005319d8bf099550d4 Mar  7 09:33:25.161 [31082] info: spamd:
result: . 0 - ALL_TRUSTED,HTML_MESSAGE
scantime=0.3,size=383288,user=clamav,uid=89,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33882,mid=<d0efa248.1628.cc7e.c...@nanopy.asia
<mailto:d0efa248.1628.cc7e.c...@nanopy.asia>
<mailto:d0efa248.1628.cc7e.c...@nanopy.asia>>,autolearn=ham
---------------------------------------------------------------------
To unsubscribe,
e-mail:qmailtoaster-list-unsubscr...@qmailtoaster.com
<mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com>
<mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com>
For additional commands,
e-mail:qmailtoaster-list-h...@qmailtoaster.com
<mailto:qmailtoaster-list-h...@qmailtoaster.com>
<mailto:qmailtoaster-list-h...@qmailtoaster.com>





--
-Eric 'shubes'


---------------------------------------------------------------------
To unsubscribe,
e-mail:qmailtoaster-list-unsubscr...@qmailtoaster.com
<mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com>
<mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com>
For additional commands,
e-mail:qmailtoaster-list-h...@qmailtoaster.com
<mailto:qmailtoaster-list-h...@qmailtoaster.com>
<mailto:qmailtoaster-list-h...@qmailtoaster.com>







---------------------------------------------------------------------
To unsubscribe, e-mail:qmailtoaster-list-unsubscr...@qmailtoaster.com
<mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com>
For additional commands,
e-mail:qmailtoaster-list-h...@qmailtoaster.com
<mailto:qmailtoaster-list-h...@qmailtoaster.com>



--
-Eric 'shubes'


---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com























					Reply via email to