On Fri, 13 Sep 2002, Dan Liston wrote:
>
> Perhaps if you also provided a mail flow diagram for those of us
> that are not familiar with the tools you are using...
I'll try, but I installed these from rpms and then made a few changes
in configurations.
As background, I've been running a web server for about five years
(located at brama.com), the last three of which I've also installed
majordomo and have been running about ten low-volume email lists.
These then are webified by mhonarc (an older version, but one
which seems to do what's necessary, not cause problems, and hence
no need to upgrade). For the last two years, the OS has been Linux.
The MTA is sendmail which makes use of the aliases and virtusertable.
The email lists are setup per guidelines of Alan Schwartz's
_Managing Mailing Lists_ published by O'Reilly. Only subscribers
can post and reply to list-based email; all non-subscriber email
bounces to the listowner (me) of which almost all is spam of some
sort. It's that which I'd like to just get rid of or just properly
tag.
That motivation led me to pay heed to the anti-spam and anti-virus
related entries on freshmeat.net. The two which showed upoften and
won freshmeat's popularity rating (mouse clicks with the intent of
downloading do count for something, no?) and ones which I selected
were MailScanner (wonderful generic-sounding name) and SpamAssassin
(now that one is a bit more clever).
Both items are available in rpms and seem to get plenty of
attention and development (hence, rpms conincide with the latest
production release). Documentation walks you easily throught setup.
The critical point of the setup (as I see it) is that MailScanner
uses two mail queue directories - /var/spool/mqueue.in (for
inbound mail) and /var/spool/mqueue. MailScanner also has its
own rc script which is to be used to take the place of the stock
sendmail one. Restart looks something like this:
Shutting down MailScanner daemons:
MailScanner: [ OK ]
incoming sendmail: [ OK ]
outgoing sendmail: [ OK ]
Starting MailScanner daemons:
incoming sendmail: [ OK ]
outgoing sendmail: [ OK ]
MailScanner: [ OK ]
Important to put your chkconfig to work here (chkconfig --del sendmail and
chkconfig --add mailscanner).
Email-borne viruses get quarantined in /var/spool/MailScanner; messages
get sent to recipients and senders that the offending portion
of the email is being held and gives instructions on how to get
in touch w/ the postmaster for more info, etc. SpamAssassin
piggybacks on MailScanner and uses a heuristic scoring system; any email
which exceeds the score in the subject line gets labelled with
{SPAM?} by default. This can be changed via configurations so that
it can be deleted on a user-by-user basis or on a whole domain
one. Also, the total score threshold for marking spam can be changed;
by default it comes set to '5'. This might be a little too low,
falsely tagging email which isn't spam. '11' appears to be working
w/o false negatives.
Information about the scoring can be found in a message's mail headers:
X-MailScanner-SpamCheck: SpamAssassin (score=19, required 11, FRONTPAGE,
BIG_FONT, MAILTO_LINK, CHARSET_FARAWAY, CHARSET_FARAWAY_HEADERS,
CTYPE_JUST_HTML, SUBJ_ALL_CAPS, SUBJ_FULL_OF_8BITS)
Everything is pretty much working as intended, except trying to figure
out a way of ridding listowners of bounced spam.
As I see it, spam gets sent to an email list - test@brama.com,
goes through the incoming queue and checked and tagged if
necessary. Continuing, it is sent to an email list and checked
against a list of subscribers, and then bounced back to the listowner.
What I'd like to know is how to eliminate it before it even gets sent
to the listowner. In /usr/local/MailScanner/etc/spam.actions.conf
I've set it up so that email directed to lists should be deleted.
The directives go something like this:
# Each line can contain:
# <address> <action>
# where <action> is either 'deliver', 'store' or 'delete'
# and <address> is either a full email address (e.g. user@sub.domain.com)
# or a domain name (e.g. sub.domain.com)
# or a wildcard domain (e.g. *.domain.com)
# or the keyword 'default'.
Yet, it seems to continue onward to the listowner.
In going on to the listowner there is an extra set
of mail headers in the bounce which don't have the mail headers
indicating spam or viruses, so they just land in my mail box.
Any advice? Am I missing the flow? Do you need more info?
> A message comes into your domain and is received by sendmail.
> Sendmail accepts or rejects the message based on your passwd file,
> aliases file, and virtusertable.
> If the message is to one of your mailing lists (aliases file),
> majordomo is triggered and sendmail considers the delivery complete.
> (this message has not gone through any procmail or other recipes)
> etc, etc, etc.
>
Max
> Dan Liston
>
> Max Pyziur wrote:
> >
> > Greetings all,
> >
> > Recently, I installed an email virus and spam tagger - MailScanner and SpamAssassin.
> > It works relatively well, catching most email-borne viruses; not as well in the
> > spam-catching, but best to let some sneak through rather than tag legitimate
> > email.
> >
> > With our majordomo-served email lists, I have the restrict_post set to be list-specific.
> > This means non-member emails bounce back to the owner (me).
> >
> > I was wondering if anyone has implemented any of these pieces (MailScanner and
> > SpamAssassin) to work in concert w/ majordomo. Specifically, what I hope to
> > resolve is to eliminate bounces of spam and only receive bounces of legitimate email
> > which might be of interest to list memebers.
> >
> > Looking at the mail headers it passes the appropriate tests, and gets
> > labelled, but even when I modify the spam.actions.conf file to read:
> > owner-politics@xxx.com delete
> > politics@xxxx.com delete
> >
> > They still go to the 'owners' email.
> >
> > Thanks for any advice!
> >
> > Max Pyziur
> > pyz@panix.com
> >
> > Headers:
> > #################################################
> > Return-Path: <owner-politics@xxxx.com>
> > Received: (from lists@localhost)
> > by brama.com (8.11.6/8.11.6) id g8AC8W112945;
> > Tue, 10 Sep 2002 08:08:32 -0400
> > Date: Tue, 10 Sep 2002 08:08:32 -0400
> > From: owner-politics@xxxx.com
> > Message-Id: <200209101208.g8AC8W112945@brama.com>
> > To: owner-politics@xxxx.com
> > Subject: BOUNCE politics@xxxx.com: Non-member submission from [bestbud6@hotmail.com]
> >
> > >From owner-politics@xxxx.com Tue Sep 10 08:08:09 2002
> > Received: from krtnserver.krtn.co.kr ([211.210.93.131])
> > by xxxx.com (8.11.6/8.11.6) with ESMTP id g8AC81N12880
> > for <politics@xxxx.com>; Tue, 10 Sep 2002 08:08:01 -0400
> > Received: from bgmicro.com (210.22.129.122 [210.22.129.122]) by krtnserver.krtn.co.kr with SMTP (Microsoft Exchange Internet Mail
> > Service Version 5.5.1960.3)
> > id SJ4TRHNG; Tue, 10 Sep 2002 20:31:13 +0900
> > Message-ID: <00002046495c$00004b9d$00003af8@adlink.net>
> > To: deleted
> > From: bestbud6@hotmail.com
> > Subject: {SPAM?} Fwd: The next dimension of PC control starts here.
> > Date: Tue, 10 Sep 2002 07:28:46 -1600
> > MIME-Version: 1.0
> > Content-Type: text/html;
> > charset="iso-8859-1"
> > Content-Transfer-Encoding: quoted-printable
> > Reply-To: bestbud6@hotmail.com
> > X-MailScanner: Found to be clean
> > X-MailScanner-SpamCheck: ORDB-RBL, SpamAssassin (score=25, required 11,
> > SUBJ_HAS_SPACES, INVALID_DATE_TZ_ABSURD, NO_REAL_NAME,
> > FOR_JUST_SOME_AMT, CLICK_BELOW, CALL_FREE, OPT_IN, REMOVE_PAGE,
> > FRONTPAGE, BIG_FONT, CTYPE_JUST_HTML, FORGED_HOTMAIL_RCVD)
>
References:
|
|
