Re: using spamassassin in an isp environment ?
On Wednesday 09 April 2003 11:42, Tomàs Núñez Lirola wrote: > Hi > I've thought several times about using DNSRBLs, but I don't know nothing > about them... Do you recommend them to me? Are they difficult to add to my > sendmail? Any doc where I can get more info about them? http://spews.org has a number of links - about spam in general, and also to all important DNSRBLs. Most DNSRBLs have a website with instructions how to set them up with popular MTAs, IIRC it's just a FEATURE(blah blah, rbl_address) or so (I use postfix, so I don't know such things exactly). Before you use them: carefully read what the policies are on the balcklists you'll be using. Understand how a host may end up on a blacklist and how it goes off. So you can properly guess how much legitimate mail will be bounced for your system. When you have a few hundred users, you're quite certain that at least one of your users will expect some mail from addresses you block. (the SPEWS list has recently blocked most of yahoo groups, for instance). I have also set up my abuse@ and postmaster@ address to accept mail from everywhere, so people having problems can reach me (under the assumption that they or their admin will try my postmaster address.) As I've said, I had not problems so far, but I don't have a big system here, so I'd not expect it. I haven't made the statistics, but I roughly, rejected spam is - 10% rejected because of bad EHLO hostname (I don't require it to be correct, only that it is a FQDN and that it resolves) - 35% rejected because of bad (unresolvable) MAIL From domain - 10% rejected because of protocol errors (spammers use extremely broken software, I'm really amazed) - 10% rejected because of my private blacklist - 35% rejected because of the DNS blacklists Note that the tests are done in the order they're listed above, so mail rejected by the early checks is likely to be in some blacklist, too, but it doesn't appear as such in the stats. cheers -- vbi -- get my gpg key here: http://fortytwo.ch/gpg/92082481 pgp5BbPlkbZmY.pgp Description: signature
Re: using spamassassin in an isp environment ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well... heh, I made a simple query to Google that lead me to (guess it) dnsrbl.com, where I found that using its lists is as simple as adding a line to sendmail.mc FEATURE(dnsbl,`spam.dnsrbl.net')dnl So having solved the question of how to use DNSRBLs, only remains the other question: Do you recommend them? Any 'false positive'? Thank you El Miércoles, 9 de Abril de 2003 11:42, Tomàs Núñez Lirola escribió: > Hi > I've thought several times about using DNSRBLs, but I don't know nothing > about them... Do you recommend them to me? Are they difficult to add to my > sendmail? Any doc where I can get more info about them? > > Thanks in advance > > El Miércoles, 9 de Abril de 2003 09:48, Adrian 'Dagurashibanipal' von > Bidder > > escribió: > > On Tuesday 08 April 2003 20:25, Markus Welsch wrote: > > [spamassassin] > > > > > since it's written in perl it will be a huge performance decrease, > > > right? > > > > The biggest problem with spamassassin is the startup delay until the > > interpreter is loaded and the perl program is compiled. Running with > > spamd/spamc should make the load manageable in most cases, given enough > > RAM. > > > > Depending on your setup, you may want to use spamassassin in the delivery > > agent instead of content_filter and allow your users to tune spamassassin > > (ask on their mailing list, IIRC there were some webfrontends under > > development). > > > > Filtering for only some domains: you probably can do it by defining a > > content_filter enabled transport in master.cf and a transport without, > > and using a transport table to direct mail to the relevant transport > > agent depending on the domain. > > > > I recommend putting some DNSRBLs in front of the system; for me the > > blacklists catch >80% of the spam and only the remainder is piped through > > spamassassin, this lessens the load massively (I think I can say that > > although load is not a problem in my system - too small). > > > > DNS lists I use right now: > > sbl.spamhaus.org, > > list.dsbl.org, > > relays.ordb.org, > > spam.dnsrbl.net, > > proxies.blackholes.wirehub.net, > > korea.blackholes.us, > > china.blackholes.us, > > ipwhois.rfc-ignorant.org > > > > No false positives that I know of, so far. I think about adding spews > > (spews.relays.osirusoft.com, IIRC), but you probably don't want this as > > they are quite aggressive. I also don't recommend using the spamcop list > > to block (I use it from spamassassin to tag mail), as they are too > > trigger happy (OTOH erroneous blocks disappear quickly, too). > > > > Depending on your policy, you may want to add some of the dialup > > blocklists. As I send mail from my dialup link regularly myself, I don't > > use these. OTOH I can understand people who do this. > > > > If you have some very important people you never want to lose > > connectivity, make sure to whitelist them, so you'll not get trouble if > > they land on one of the blacklists. > > > > cheers > > -- vbi -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+k/RPGOU6HQZ81TcRAuLIAJ9VaiCuNVmKAfBKZxxyU6b2BQNreACeNyHc Y2JARbyyBgc/nK0FEpEHkgE= =TFSh -END PGP SIGNATURE-
Re: using spamassassin in an isp environment ?
On Wed, 09 Apr 2003 11:42:48 +0200, =?iso-8859-1?q?Tom=E0s=20N=FA=F1ez=20Lirola >I've thought several times about using DNSRBLs, but I don't know nothing ab= >out=20 >them... Do you recommend them to me? Are they difficult to add to my=20 >sendmail? Any doc where I can get more info about them? http://www.google.com/search?q=sendmail.mc+dnsbl+blackholes.mail-abuse.org cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / signature.ng Description: PGP signature
Re: using spamassassin in an isp environment ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi I've thought several times about using DNSRBLs, but I don't know nothing about them... Do you recommend them to me? Are they difficult to add to my sendmail? Any doc where I can get more info about them? Thanks in advance El Miércoles, 9 de Abril de 2003 09:48, Adrian 'Dagurashibanipal' von Bidder escribió: > On Tuesday 08 April 2003 20:25, Markus Welsch wrote: > [spamassassin] > > > since it's written in perl it will be a huge performance decrease, right? > > The biggest problem with spamassassin is the startup delay until the > interpreter is loaded and the perl program is compiled. Running with > spamd/spamc should make the load manageable in most cases, given enough > RAM. > > Depending on your setup, you may want to use spamassassin in the delivery > agent instead of content_filter and allow your users to tune spamassassin > (ask on their mailing list, IIRC there were some webfrontends under > development). > > Filtering for only some domains: you probably can do it by defining a > content_filter enabled transport in master.cf and a transport without, and > using a transport table to direct mail to the relevant transport agent > depending on the domain. > > I recommend putting some DNSRBLs in front of the system; for me the > blacklists catch >80% of the spam and only the remainder is piped through > spamassassin, this lessens the load massively (I think I can say that > although load is not a problem in my system - too small). > > DNS lists I use right now: > sbl.spamhaus.org, > list.dsbl.org, > relays.ordb.org, > spam.dnsrbl.net, > proxies.blackholes.wirehub.net, > korea.blackholes.us, > china.blackholes.us, > ipwhois.rfc-ignorant.org > > No false positives that I know of, so far. I think about adding spews > (spews.relays.osirusoft.com, IIRC), but you probably don't want this as > they are quite aggressive. I also don't recommend using the spamcop list to > block (I use it from spamassassin to tag mail), as they are too trigger > happy (OTOH erroneous blocks disappear quickly, too). > > Depending on your policy, you may want to add some of the dialup > blocklists. As I send mail from my dialup link regularly myself, I don't > use these. OTOH I can understand people who do this. > > If you have some very important people you never want to lose connectivity, > make sure to whitelist them, so you'll not get trouble if they land on one > of the blacklists. > > cheers > -- vbi -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+k+sbGOU6HQZ81TcRApSZAJ9pzsn1ZlZ6CZB1f6aoQGQVNXNBhQCgpJma aA3HwyA3n92th4OEP6pyQcQ= =b1Av -END PGP SIGNATURE-
Re: using spamassassin in an isp environment ?
On Tuesday 08 April 2003 20:25, Markus Welsch wrote: [spamassassin] > since it's written in perl it will be a huge performance decrease, right? The biggest problem with spamassassin is the startup delay until the interpreter is loaded and the perl program is compiled. Running with spamd/spamc should make the load manageable in most cases, given enough RAM. Depending on your setup, you may want to use spamassassin in the delivery agent instead of content_filter and allow your users to tune spamassassin (ask on their mailing list, IIRC there were some webfrontends under development). Filtering for only some domains: you probably can do it by defining a content_filter enabled transport in master.cf and a transport without, and using a transport table to direct mail to the relevant transport agent depending on the domain. I recommend putting some DNSRBLs in front of the system; for me the blacklists catch >80% of the spam and only the remainder is piped through spamassassin, this lessens the load massively (I think I can say that although load is not a problem in my system - too small). DNS lists I use right now: sbl.spamhaus.org, list.dsbl.org, relays.ordb.org, spam.dnsrbl.net, proxies.blackholes.wirehub.net, korea.blackholes.us, china.blackholes.us, ipwhois.rfc-ignorant.org No false positives that I know of, so far. I think about adding spews (spews.relays.osirusoft.com, IIRC), but you probably don't want this as they are quite aggressive. I also don't recommend using the spamcop list to block (I use it from spamassassin to tag mail), as they are too trigger happy (OTOH erroneous blocks disappear quickly, too). Depending on your policy, you may want to add some of the dialup blocklists. As I send mail from my dialup link regularly myself, I don't use these. OTOH I can understand people who do this. If you have some very important people you never want to lose connectivity, make sure to whitelist them, so you'll not get trouble if they land on one of the blacklists. cheers -- vbi -- featured link: http://fortytwo.ch/time pgprXOG4yopjc.pgp Description: signature
Re: using spamassassin in an isp environment ?
If you have external MX boxes that are not your main mail server, through dns you can ponit the domains you want filtered to the mx hosts, and the other non-filtered domains to the main mail server. I currently run a mail system somewhat like that and we use qmail with spamassassin combined with several dnsbl lists like the one spamcop offers (www.spamcop.net). I would not use only spamassassin. Since it is public information, spammers use this to avoid getting caught by it. It works great for virus scanning, but it does not catch too much spam. I do have ours turned down, but you will have to do that if you are scanning mail for clients. What do you mean 15GB mail traffic / server? Mine currently handles about 300k pieces of mail, and it's load balanced over two dual piii-733 dell power edges running debian. They run about 75% loaded all day, with a load of about 1.5. CPU speed is important, but don't forget about ram. The machines would not handle the load with 256 megs of ram (random crashing). -Jason Markus Welsch wrote: hi all, does any of you use latest version of spamassassin in your isp environment? i'm considering installing it as content-filter (Postfix 2.07 as MTA) on both mx servers ... the only thing that holds me back is how it responses to performance for 15 GB mail traffic / server. how are your experiences with it? since it's written in perl it will be a huge performance decrease, right? would it be possible to do filtering just for specified domains ? greetings, markus
using spamassassin in an isp environment ?
hi all, does any of you use latest version of spamassassin in your isp environment? i'm considering installing it as content-filter (Postfix 2.07 as MTA) on both mx servers ... the only thing that holds me back is how it responses to performance for 15 GB mail traffic / server. how are your experiences with it? since it's written in perl it will be a huge performance decrease, right? would it be possible to do filtering just for specified domains ? greetings, markus