Re: Alternative to Postfix header_checks?
Gerald Turner a écrit : > [snip] > > It is before-queue while the SMTP connection is still active. I like to > bounce in case legitimate people that have yet to be whitelisted trigger > a false-positive. > yes, reject is generally better than discard. > > Other than possibly dropping a false-positive is there anything else I > should know of? > No. just false positives. but this is a real problem. of course, this is site/person dependent. Instead of discarding mail, deliver it to a mailbox or folder that you can review. This review can be done quickly (sort by subject, ... etc). > > Yes but I think I'm getting what I want in this case: list spam is > discarded, whether forged or not. > Indeed. I hope you are aware that mail from some lists (such as this one) may contain spammy text or patterns (people sending a sample, ... etc). >> - There are other cases when you don't want to reject (mail to >> ab...@example.com, ... etc). > > That's the other problem I'm trying to solve (don't reject mail sent to > these "quasi-spamtrap" addresses, simply discard) - I can see how to do > it now with custom rules checked in X-Spam-Status header. Thanks for > the suggestion. > No, mail to ab...@* should be read. if there is a problem with your server, this is how we would tell you. and to avoid N steps conversations, we will include headers or the content of the spam we received from you... etc. abuse@ and postmaster@ are part of the mail system. don't let spammers destroy this system.
Re: Alternative to Postfix header_checks?
On Fri, 9 Jan 2009, Gerald Turner wrote: - There are other cases when you don't want to reject (mail to ab...@example.com, ... etc). That's the other problem I'm trying to solve (don't reject mail sent to these "quasi-spamtrap" addresses, simply discard) - I can see how to do it now with custom rules checked in X-Spam-Status header. How is abuse@ a spamtrap address, even quasi-? I would suggest that discarding mail to abuse@ is a bad idea, too. How would someone report abuse of your systems with evidence, if the evidence attached to the report gets the report discarded? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Men by their constitutions are naturally divided in to two parties: 1. Those who fear and distrust the people and wish to draw all powers from them into the hands of the higher classes. 2. Those who identify themselves with the people, have confidence in them, cherish and consider them as the most honest and safe, although not the most wise, depository of the public interests. -- Thomas Jefferson --- 8 days until Benjamin Franklin's 303rd Birthday
Re: Alternative to Postfix header_checks?
mouss writes: > Gerald Turner a écrit : >> Hello, I have been using SpamAssassin integrated with Postfix via >> spampd SMTP proxy and I have the following header_checks file: >> >> /^X-Spam-Level: \*{8,}/ DISCARD Spam score 8+ >> /^X-Spam-Level: \*{4,}/ REJECT Spam score 4+ >> >> There are cases where I'd rather DISCARD the low score mail (>= 4, < >> 8) than REJECT, for instance: >> >>When the mail contains mailing-list headers - some mailing lists >>unsubscribe after too many bounces, particularly Debian with >>open/unmoderated lists. >> >>When the mail was sent to a quasi-spamtrap address - I'm aliased >>on a few hosts with webmas...@example.com type addresses, some of >>which will generate bounce warnings to mailer-daemon who is >>aliased to several people, evil! >> >> Unfortunately Postfix header_checks can only process one header at a >> time, there's no way to compound conditions of multiple headers. >> I've searched and can't seem to come up with any possibility of >> configuring Postfix to conditionally discard rather than bounce. I'm >> on the verge of customizing an example Perl milter to do the job, but >> it seems like something that should be built-in to either Postfix, >> spampd, or perhaps amavisd-new - any suggestions? >> > > first, add an SA rule to detect mailing lists. for example > > header H_FROM_ML ... > score H_FROM_ML 0.01 > > (actually, you will need multiple rules, then combine them with a > meta). > > then your header checks would become > > /^X-Spam-Status: Yes, score=([8-9]|\d{2}).*H_FROM_ML/ > Excellent! Checking X-Spam-Status rather than X-Spam-Level totally escaped me, thanks. > some notes: > > - unless you are calling SA during the smtp transaction, you should > not reject mail (ie after it was queued by postfix) > It is before-queue while the SMTP connection is still active. I like to bounce in case legitimate people that have yet to be whitelisted trigger a false-positive. > - discarding mail is risky. > Other than possibly dropping a false-positive is there anything else I should know of? > - spammers can forge list headers... > Yes but I think I'm getting what I want in this case: list spam is discarded, whether forged or not. > - There are other cases when you don't want to reject (mail to > ab...@example.com, ... etc). That's the other problem I'm trying to solve (don't reject mail sent to these "quasi-spamtrap" addresses, simply discard) - I can see how to do it now with custom rules checked in X-Spam-Status header. Thanks for the suggestion. -- Gerald Turner Email: gtur...@unzane.com JID: gtur...@jabber.unzane.com GPG: 0xFA8CD6D5 21D9 B2E8 7FE7 F19E 5F7D 4D0C 3FA0 810F FA8C D6D5
Re: Alternative to Postfix header_checks?
Gerald Turner a écrit : > Hello, I have been using SpamAssassin integrated with Postfix via spampd > SMTP proxy and I have the following header_checks file: > > /^X-Spam-Level: \*{8,}/ DISCARD Spam score 8+ > /^X-Spam-Level: \*{4,}/ REJECT Spam score 4+ > > There are cases where I'd rather DISCARD the low score mail (>= 4, < 8) > than REJECT, for instance: > >When the mail contains mailing-list headers - some mailing lists >unsubscribe after too many bounces, particularly Debian with >open/unmoderated lists. > >When the mail was sent to a quasi-spamtrap address - I'm aliased on a >few hosts with webmas...@example.com type addresses, some of which >will generate bounce warnings to mailer-daemon who is aliased to >several people, evil! > > Unfortunately Postfix header_checks can only process one header at a > time, there's no way to compound conditions of multiple headers. I've > searched and can't seem to come up with any possibility of configuring > Postfix to conditionally discard rather than bounce. I'm on the verge > of customizing an example Perl milter to do the job, but it seems like > something that should be built-in to either Postfix, spampd, or perhaps > amavisd-new - any suggestions? > first, add an SA rule to detect mailing lists. for example header H_FROM_ML ... score H_FROM_ML 0.01 (actually, you will need multiple rules, then combine them with a meta). then your header checks would become /^X-Spam-Status: Yes, score=([8-9]|\d{2}).*H_FROM_ML/ some notes: - unless you are calling SA during the smtp transaction, you should not reject mail (ie after it was queued by postfix) - discarding mail is risky. - spammers can forge list headers... - There are other cases when you don't want to reject (mail to ab...@example.com, ... etc).
Re: Alternative to Postfix header_checks?
On Tue, 2009-01-06 at 14:39 -0800, Gerald Turner wrote: > Hello, I have been using SpamAssassin integrated with Postfix via spampd > SMTP proxy and I have the following header_checks file: > > /^X-Spam-Level: \*{8,}/ DISCARD Spam score 8+ > /^X-Spam-Level: \*{4,}/ REJECT Spam score 4+ > > There are cases where I'd rather DISCARD the low score mail (>= 4, < 8) > than REJECT, for instance: > >When the mail contains mailing-list headers - some mailing lists >unsubscribe after too many bounces, particularly Debian with >open/unmoderated lists. Any particular reason you are focusing on a postfix solution to a SA score issue? What about custom rules, to assign negative scores to such messages? Or maybe simply use whitelist_from_rcvd for the messages in question. After all, they seem to exhibit special relays and addresses known in advance. guenther -- char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Alternative to Postfix header_checks?
On Tue, 6 Jan 2009, Gerald Turner wrote: Not with header_checks (http://www.postfix.org/header_checks.5.html), although there is a REPLACE action, it still couldn't operate on a combination of headers. Think two passes, one to check for the SA score and another to check for the presence of the mailing list headers. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- W-w-w-w-w-where did he learn to n-n-negotiate like that? --- 11 days until Benjamin Franklin's 303rd Birthday
Re: Alternative to Postfix header_checks?
LuKreme writes: > On 6-Jan-2009, at 15:39, Gerald Turner wrote: >> Unfortunately Postfix header_checks can only process one header at a >> time, there's no way to compound conditions of multiple headers. >> I've searched and can't seem to come up with any possibility of >> configuring Postfix to conditionally discard rather than bounce. I'm >> on the verge of customizing an example Perl milter to do the job, but >> it seems like something that should be built-in to either Postfix, >> spampd, or perhaps amavisd-new - any suggestions? > > Can't you rewrite a header based on conditions? > Not with header_checks (http://www.postfix.org/header_checks.5.html), although there is a REPLACE action, it still couldn't operate on a combination of headers. > The other thing you could do is setup a separate submission port for > tested messages? Or a policy server? > Yeah, that's kind of what I'm thinking with writing a hacked up Perl milter. Thanks. -- Gerald Turner Email: gtur...@unzane.com JID: gtur...@jabber.unzane.com GPG: 0xFA8CD6D5 21D9 B2E8 7FE7 F19E 5F7D 4D0C 3FA0 810F FA8C D6D5
Re: Alternative to Postfix header_checks?
On 6-Jan-2009, at 15:39, Gerald Turner wrote: Unfortunately Postfix header_checks can only process one header at a time, there's no way to compound conditions of multiple headers. I've searched and can't seem to come up with any possibility of configuring Postfix to conditionally discard rather than bounce. I'm on the verge of customizing an example Perl milter to do the job, but it seems like something that should be built-in to either Postfix, spampd, or perhaps amavisd-new - any suggestions? Can't you rewrite a header based on conditions? That is, check for spam score of 4-8, and if true, then write a header X-myexample-test: True Then test for, say, mailing list header and if found, rewrite x- myexample-test to X-myexample-test: True, Maillist The other thing you could do is setup a separate submission port for tested messages? Or a policy server? -- Not that I condone fascism, or any -ism for that matter. -Ism's in my opinion are not good. A person should not believe in an -ism, he should believe in himself. I quote John Lennon, "I don't believe in The Beatles, I just believe in me." Good point there. After all, he was The Walrus. I could be The Walrus and I'd still have to bum rides off of people.
Alternative to Postfix header_checks?
Hello, I have been using SpamAssassin integrated with Postfix via spampd SMTP proxy and I have the following header_checks file: /^X-Spam-Level: \*{8,}/ DISCARD Spam score 8+ /^X-Spam-Level: \*{4,}/ REJECT Spam score 4+ There are cases where I'd rather DISCARD the low score mail (>= 4, < 8) than REJECT, for instance: When the mail contains mailing-list headers - some mailing lists unsubscribe after too many bounces, particularly Debian with open/unmoderated lists. When the mail was sent to a quasi-spamtrap address - I'm aliased on a few hosts with webmas...@example.com type addresses, some of which will generate bounce warnings to mailer-daemon who is aliased to several people, evil! Unfortunately Postfix header_checks can only process one header at a time, there's no way to compound conditions of multiple headers. I've searched and can't seem to come up with any possibility of configuring Postfix to conditionally discard rather than bounce. I'm on the verge of customizing an example Perl milter to do the job, but it seems like something that should be built-in to either Postfix, spampd, or perhaps amavisd-new - any suggestions? -- Gerald Turner Email: gtur...@unzane.com JID: gtur...@jabber.unzane.com GPG: 0xFA8CD6D5 21D9 B2E8 7FE7 F19E 5F7D 4D0C 3FA0 810F FA8C D6D5