Re: opensmtpd spam filtering

Thu, 11 Jul 2013 16:00:05 -0700 

On 2013-07-01 03:18, Jason Barbier wrote:
> On 07/01/2013 12:48 AM, Gilles Chehade wrote:
> > On Mon, Jul 01, 2013 at 05:35:20PM +1000, oneofthem wrote:
> >> How does opensmtpd handle spam?
> >>
> > it delivers it correctly ;)
> >
> >
> >
> >> Does it have some kind of built in spam filtering or except an external
> >> program to handle spam filtering?
> >>
> > no, it doesn't perform any kind of content inspection and to deal with
> > spam one has to use external tools.
> >
> > there is a filtering API in progress that will allow writing filters run
> > by the smtp server itself, but it's not ready.
> >
> >
> ++ to what he said. What I do to deal with spam is based on what Gilles
> did to deal with DKIM proxy. I relay all mail to amavisd which scans it
> with spam assassin and calmav, then on its way back in it tags it as
> "clean" and messages tagged as clean get pushed to dovecot for delivery
> and sieving it looks like this config wise. Please note the order of the
> receive rules is vital. If you put  them the wrong way around you start
> a loop between smtpd and amavisd.
> 
> listen on lo0 tls certificate crt auth-optional
> listen on lo0 port 10025 tag Filtered
> listen on lo0 port 10026 tag Filtered
> listen on em0 port 25 tls certificate crt auth-optional
> listen on em0 port 587 tls certificate crt auth
> listen on em0 port 465 tls certificate crt auth

Slightly off-topic, but port 465 was reserved for the now-deprecated
SMTPS, not SMTP+TLS. :)

> 
> #Tables
> table aliases db:/etc/mail/aliases.db
> 
> #queue
> queue compression
> 
> #Receive connectors
> accept tagged Filtered for any alias <aliases> deliver to mda
> "/usr/local/libexec/dovecot/deli
> ver -f %{sender}"
> accept from any for domain "serversave.us" alias <aliases> relay via
> "smtp://127.0.0.1:10024"
> accept for local alias <aliases> deliver to mda
> "/usr/local/libexec/dovecot/deliver -f %{sende
> r}"
> 
> #Send Connectors
> accept for any relay
> 
> -- 
> Jason Barbier
> 
> 
> -- 
> You received this email because you are subscribed to mailing list: 
> [email protected]
> To unsubscribe, send mail with subject:
>         [[email protected]] unregister

I've a small doubt. If you're in a shared environment, how do you keep
rogue users from listening at port 10024 and intercepting all your email
if amavisd somehow crashes?
You wouldn't have that issue with ports < 1024, but that's not the
case. Has anyone taken this into consideration?

Thanks,

-- 
Hugo Osvaldo Barrera

Attachment: pgpHPo8pauAKE.pgp
Description: PGP signature

Reply via email to