NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2004-03

DSpam + Postfix filtering outbound email

From: Aaron Williams (aaronwattbi.com)
Date: Wed Mar 24 2004 - 02:11:53 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,

I've been having a lot of problems with Spam Assassin for some time with
it not catching a lot of spam and generating too many false positives.
I have since managed to get DSpam working, and so far it is doing a much
better job of filtering my mail.

The problem I have is that it is filtering outbound as well as inbound
email. With this, it is creating a database for every recipient of
email, whether that recipient is local or not. Is there some way I can
limit postfix to only filter email destined to one of the local domains?

The other problem I have is I would very much like to be able to
automate spam learning by having alias accounts such as
user-spammydomain.org and user-hammydomain.org. I have thus far been
unable to get this to work for filtering purposes. Any help here would
be greatly appreciated.

I've also got it tied into Cyrus imap so I can use the Sieve filter to
automatically place spam into a spam folder on the server side.

This is running on SuSE Linux 8.2.

So far I am very impressed with DSpam. It appears to learn very quickly
and after only a couple of days it's already catching 90% of my spam and
quickly improving with zero false positives. I seeded it with around
100 recent spams to begin with and forced it to learn spams it missed.

-Aaron (aaronw-deletethisattbi.com)

main.cf:

readme_directory = /usr/share/doc/packages/postfix/README_FILES
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_maps = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = mail.doofus.org
program_directory = /usr/lib/postfix
inet_interfaces = all
masquerade_domains = doofus.org
mydestination = doofus.org, crinum.org, aaronw.com
mynetworks = 192.168.0.0/24, 127.0.0.0/8
defer_transports =
disable_dns_lookups = no
relayhost = smtp.comcast.net
#content_filter = /usr/local/bin/dspam -t -Y -a "$DOMAIN" --user "$USER"
-d "$USER"
#mailbox_command = /usr/local/bin/dspam -t -Y -a "$DOMAIN" --user
"$USER" -d "$USER"
# --user "$USER" -d "%u"
mailbox_transport = lmtp:unix:public/lmtp
#mailbox_transport = dspam:lmtp:unix:public/lmtp
fallback_transport = cyrus
# Tarpit
smtpd_error_sleep_time = 60s
smtpd_soft_error_limit = 5
smtpd_hard_error_limit = 20

#smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_rbl_client dul.maps.vix.com, reject_rbl_client
bl.spamcop.net, reject_rbl_client relays.orbs.org, reject_rbl_client
nigeria.blackholes.us, reject_rbl_client china.blackholes.us,
reject_rbl_client russia.blackholes.us
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_tls_clientcerts, permit_mynetworks, reject_unauth_destination
smtp_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
#smtpd_sasl_local_domain = $my
smtpd_sasl_auth_enable = yes
smtpd_use_tls = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_cert_file = /etc/postfix/ssl/newcert.pem
smtpd_tls_key_file = /etc/postfix/ssl/newreq.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_daemon_random_source = dev:/dev/urandom
tls_random_source = dev:/dev/urandom
relay_clientcerts = hash:/etc/postfix/relay_ccerts
smtpd_tls_ask_ccert = yes
alias_maps = hash:/etc/aliases
mailbox_size_limit = 51200000
message_size_limit = 10240000

# DSPAM settings
dspam_destination_recipient_limit = 1
dspam-add_destination_recipient_limit = 1
dspam-fp_destination_recipient_limit = 1

master.cf:
# DSPAM
smtp inet n - n - - smtpd -o
cleanup_service_name=pre-cleanup -o content_filter=dspam:dspam -o
dspam_destination_recipient_limit=1
#smtps inet n - n - - smtpd
# -o content_filter=procmail:filter
#
# DSPAM
smtps inet n - n - - smtpd
-o cleanup_service_name=pre-cleanup
-o content_filter=dspam:dspam
-o dspam_destination_recipient_limit=1

#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
pre-cleanup unix n - n - 0 cleanup
-o canonical_maps=
-o sender_canonical_maps=
-o recipient_canonical_maps=
-o masquerade_domains=
-o virtual_alias_maps=
-o always_bcc=
-o sender_bcc_maps=
-o recipient_bcc_maps=
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 nqmgr
tlsmgr fifo - - n 300 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp -o
content_filter=filter:
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local -o
cotennnnnllllll
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
#localhost:10025 inet n - n - - smtpd -o
content_filter=
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m
${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
vscan unix - n n - 10 pipe
user=vscan argv=/usr/sbin/amavis ${sender} ${recipient}
procmail unix - n n - - pipe
flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc
${sender} ${recipient}
postfixfilter unix - n n - - pipe
flags=Rq user=postfixfilter argv=/usr/bin/postfixfilter -e -r ${sender}
-m ${extension} ${user}

#
# dspam
#
dspam unix - n n - - pipe flags=Rhq
user=dspam argv=/usr/local/bin/dspam -t -m /etc/procmailrc ${sender}
${recipient} --user ${user}
dspam-add unix - n n - - pipe
flags=Rq user=dspam argv=/usr/local/bin/dspam --user ${user} --addspam
dspam-fp unix - n n - - pipe
flags=Rq user=dspam argv=/usr/local/bin/dspam --user ${user}
--falsepositive

!DSPAM:406142bc21229974011339!

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]