Antispam solutions
George Georgalis
george at galis.org
Tue Apr 5 20:58:03 PDT 2005
On Tue, Apr 05, 2005 at 11:00:16AM -0500, Phillip Salzman wrote:
>
>So - my question is what some of you were using for ISP-based antispam, and
>do you know of a user-manageable quarantine for SA? We have roughly 90k
>users and 11k domains.
>
The following system works well for me. Use QMAILQUEUE patch and the
following program to queue mail from tcpserver (which has lots of
whitelisted subnets from trusted/prefiltered domains). Since you want
per user quarantine, I would suggest rather than 'maildir "${scq}" ...'
you extract RCPT from env and qmail-inject it with an envelope from
quarantine at you.com, and whitelist that delivery IP.
* anything that your SA processes as ham will be handed to qmail-queue
during smtp, with status returned to sending smtp
* anything that your SA processes as spam will be rejected in smtp but
still delivered to rcpt in a way that they can filter it with their
client and that will prevent spam with wrong addressed from being
returned to forged from
I've been thinking about extending my system the way you describe for
a while, just not done it yet. the script below has worked very well
for nearly a year, multiple concurrent mx work fine, and with that many
clients you will probably want a spamd cluster network.
(The sleep commands are very effective for emergency throttling of
spamd)
#!/bin/bash
# exit 31 = permanently refuse
# exit 71 = temporarily refusee
# pwd is /var/qmail
echo $0 # for the logs
scq="spamc-queue" # a maildir with qmaild write perms
tmp="${scq}/`safecat "${scq}/tmp" "${scq}" </dev/stdin`" \
|| { echo "Error $?"; exit 71; } # put the pipeline to disk, if possible
# ${scq}/tmp is a temp for this function ${scq} is temp for this program
score=`spamc -x -c <"$tmp"` # score it with spamd
sce=$?
echo $score # for the logs
case $sce in
0) # ham
sleep 0 # if system starts swapping, reduce incoming concurrency, and add 20 seconds
host=`cat control/me`
formail -f -A "X-spamc: ${score} by ${host}; `date -R`" \
| bin/qmail-queue # mark it and pass to the regular queue
qqe=$?
rm "$tmp"
exit $qqe # return whatever qmail-queue exits as
;;
1) # spam
sleep 0 # if system starts swapping, reduce incoming concurrency, and add 20 seconds
maildir "${scq}" >/dev/null <"$tmp" # save it to verify no falseys
rm "$tmp"
exit 31
;;
*) # spamc error,
echo "$0 error, spamc exit $sce"
exit 71
esac
exit 81 # Internal bug
my /service/spamd/run
#!/bin/sh
exec spamd -i -A 127.0.0.0/8,10.0.0.0/8,192.168.0.0/16 -m ${MAX} --username=qmaild --syslog=stderr 2>&1
// George
--
George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:george at galis.org
More information about the freebsd-isp
mailing list