procmail
[Top] [All Lists]

Re: Spam and Procmail

2005-12-09 11:10:13
Hi there,

On Fri, 9 Dec 2005 Ruud H.G. van Tol wrote:

Don't reinveent the wheel

+1

For a serious mail server, in order:

  1. SMTP-level: DNSBL, DCC-check, etc.
  2. central: virus detection
  3a. user: sender whitelist

I'm not sure how effective sender whitelisting can be as an anti-spam
tool, unless you know in advance exactly who will be sending you mail. :)

  3b. central: spam detection
  4. user: procmail

(please comment)

Here's roughly the structure I use on my mailservers:

iptables drops all packets from the most spam-prolific netblocks
sendmail:
  /etc/mail/access
    Greetpause
    Domain-name-based reject list
  Reject non-RFC-compliant senders, bad commands, HTTP etc.
  Milters:
    Greylisting
    Recipient filtering
    IP-based blocking
    Sender Policy Framework
    Content-based blocking
      milter-regex (for example - one of my favourites)
      ClamAV
    dnsbl
      SBL CSMA SPEWS SORBS NJABL SPAMCOP VIRBL (depends on user)
    MimeDefang
      SpamAssassin (site-wide)
SpamAssassin (yes, again - for individual users:)

All of this will need to be tailored to your specific profiles.
In general I try to keep the heavily CPU intensive processes to
the later parts of the defences - no sense in wasting a lot of
cycles on junk that can be rejected with just a few.

FWIW the only anti-spam feature in which procmail is involved
in my systems is calling a per-user SpamAssassin, if any.

Most people haven't the faintest idea how much work is involved in
keeping the bulk of spam and other junk at bay.  Be prepared for a
long haul, there's a lot of work in my list above.

All I can offer by way of reward is a perverse kind of pleasure when
you check the logs, and see just how much effort those spammers have
wasted trying to get their crap through your defences.  It's rather
poor reward for all the effort, but at least it's something.

73,
Ged.

____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>