[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: spamassassin
Yes... I thought about using Eugene's newer zmscanner (which I'll
probably use for antivirus w/clam-av), but, in this ISP environment I
can't afford to reject legit messages which show up as SpamAssassin false
positives, that is why I have to tag and deliver.
smptserver's contentfilter doesn't let me do that.
OTOH, I'm talking about 2M messages/day, rather than 100k msgs/week... I
can (and will) throw hardware at it, but not 10 dual xeon... :-)
El 6 Nov 2003 a las 14:20, James MacKinnon escribiķ:
> Hi Mariano,
>
> I wouldn't try to do it via process.cf
>
> Eugene at one time wrote a little insert for smtpserver called
> 'lean-mean-contentfilter' (in contrib/ in the source).
>
> I modified that a bit and use it directly in the smtpserver
> (so spamd is invoked inline during initial message receipt, and the
> result flags the contentfilter mechanism to accept/reject during
> the SMTP chat).
>
> zmailer already has hooks set up for a 'contentfilter'
>
> I have, in smtpserver.conf:
>
> # External program for received message content analysis:
> # my custom contentfilter is a hook to $MAILBIN/spamc.sh
> PARAM contentfilter $MAILBIN/contentfilter
>
>
> contentfilter really just passes a filename off to a shell script
> which then invokes spamd. It sets exit on the result back to
> contentfilter (which expects exit values 0 and -1).
>
> Typical smtpserver log entry on a spam transaction:
>
> ...
> NFww30942r MAIL From:<y5clzkuow@hotmail.com> SIZE=2867
> NFww30942w 250 2.1.0 Sender syntax Ok
> NFww30942# -- pipeline input exists 6 bytes
> NFww30942r RCPT To:<vf889r6@phys.ualberta.ca>
> NFww30942# test-rcpt-dns-rbl test; rblmsg='<none>'
> NFww30942w 250 2.1.5 Ok; can accomodate 2867 byte message for
> <vf889r6@phys.ualberta.ca>
> NFww30942r DATA
> NFww30942w 354 Start mail input; end with <CRLF>.<CRLF>
> NFww30942# policyprogram said: -1 550 5.7.1 Content Policy rejection
> - not acceptable content
> NFww30942# Content-policy analysis ordered message rejection.
> (code=-1); msg='550 5.7.1 Content Policy rejection - not
> acceptable content'
> NFww30942w 550 5.7.1 Content Policy rejection - not acceptable
> content
> NFww30942r QUIT
> NFww30942w 221 2.0.0 relay.phys.ualberta.ca Out
>
>
> It's been working very well now for just over a year here. My total
> smtp transaction volume is on the order of 100000 per week (I guess
> that might be considered small), but the machine rarely sees a load
> average greater than 0.5
>
> You could very easily put your idea into place using the
> existing contentfilter mechanism, and set it up to just tag
> rather than reject.
>
> Cheers,
> -Jim
>
>
> On Thu, 6 Nov 2003, Mariano Absatz wrote:
>
> > I know, I know... every 2 months someone (like me) comes to the list
> > asking how to integrate spamassassin with zmailer...
> >
> > I also know what Eugene will say: "spamassassin is waaaaay too slow to
> > handle any real traffic" :-)
> >
> > However, I'm being asked to do AntiSpam tagging (not deleting) for a
> > relatively high volume ISP, and the only open tool I know is
> > spamassassin...
> >
> > Situation is, I'm on a border smtp gateway with no users in it, just
> > accept, tag, and deliver.
> >
> > I don't like the procmail approach... Eugene once said he did it in
> > cf/process.cf ( http://www.zmailer.org/mhalist/2003/msg00166.html ).
> >
> > How would that be done?
> >
> > I don't know how to zmsh, but I could write a small C filter that reads a
> > queue file from stdin, calls spamd using libspamc passing the original
> > message (sāns envelope) and, based on what spamd answers, adds a couple
> > of headers before writing it (with envelope) to standard output...
> >
> > That should be invoked (if I understand correctly) just before calling
> > the rfc822 function... but can this be done without an intermediate file?
> >
> > Otherwise, could it look like this (on cf/process.cf)?
> > ========================<CUT>=============================
> > case "$file" in
> > # [0-9]*.x400) x400 "$file" ;;
> > # [0-9]*.uucp) uucpfilter "$file" > /tmp/X.$$
> > # cat /tmp/X.$$ > "$file"
> > # rfc822 "$file" ;;
> > [0-9]*) /usr/local/bin/CheckSpam "$file" > chkspm."$file"
> > /bin/rm -f "$file"
> > rfc822 chkspm."$file" ;;
> > core*) /bin/mv "$file" ../$file.router.$$
> > return
> > ;;
> > *) /bin/mv "$file" ../postman/rtr."$file".$$
> > return
> > ;;
> > esac
> > ========================<CUT>=============================
> >
> > or maybe:
> > ========================<CUT>=============================
> > case "$file" in
> > # [0-9]*.x400) x400 "$file" ;;
> > # [0-9]*.uucp) uucpfilter "$file" > /tmp/X.$$
> > # cat /tmp/X.$$ > "$file"
> > # rfc822 "$file" ;;
> > [0-9]*) /usr/local/bin/CheckSpam "$file" > chkspm."$file"
> > /bin/mv chkspm."$file" "$file"
> > rfc822 "$file" ;;
> > core*) /bin/mv "$file" ../$file.router.$$
> > return
> > ;;
> > *) /bin/mv "$file" ../postman/rtr."$file".$$
> > return
> > ;;
> > esac
> > ========================<CUT>=============================
> >
> > is this correct?
> > is it less unefficient than other methods?
> >
> > TIA.
> >
> > --
> > Mariano Absatz
> > El Baby
> > ----------------------------------------------------------
> > There's too much blood in my caffeine system.
> >
> >
> > -
> > To unsubscribe from this list: send the line "unsubscribe zmailer" in
> > the body of a message to majordomo@nic.funet.fi
> >
>
> --
> James S. MacKinnon Office: P-139 Avadh-Bhatia Physics Lab
> Team Physics Voice : (780) 492-8226 [old AC 403]
> University of Alberta email : Jim.MacKinnon@Phys.UAlberta.CA
> Edmonton, Canada T6G 2N5 WWW : http://www.phys.ualberta.ca/
>
> char*f="char*f=%c%s%c;main(){printf(f,34,f,34,10);}%c";main(){printf(f,34,f,34,10);}
> for all that we know the universe could cease to exist at any mo
--
Mariano Absatz
El Baby
----------------------------------------------------------
Too much of a good thing can be wonderful.
-- Mae West
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi