Re: mail server setup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



You would be much better off googling for tutorials on setting up each of those tools. I mean if I just posted my config files, they wouldn't make a lot of sense. I'd have to spend so much time editing them for security and explaing the customizations I made that it would be like writing a tutorial. But the ones already out there are better than I could do in the time allotted.

All of the tools I mentioned are like most linux tools, they take 2 minuts to get working and 2 days to get working right.

A few  notes:

1. Spamassassin has this fuzzy logic feature. It's all under the bayesian filtering heading. Users can tell spamassassin that a message is spam and it will mark similar messages as spam in the future. I used spamassassin's mysql interface to store those fuzzy logic rules in a single database so all of my users would benefit when any one of them marked a message as spam.

2. My dcc, razor, and pyzor configurations were pretty standard. The one thing I'd suggest if you are going to set those up is to google for information on testing to see if they are actually working. All 3 of those tools tend to fail silently if there is anything wrong with the configuration. In a way, that's not the fault of the tools. Mostly, its that it's hard to know what to do when a tool is part of a pipeline. You have to send the message on to the next tool in the pipeline so it looks like the filter worked but didn't think the message was spam.

3. There are spamassassin rule sets you can download nightly. At the very least, you should update the rule set supplied by spamassassin every night. Here is the crontab entry I used to do that:

32 6 * * * root /usr/bin/sa-update --channel updates.spamassassin.org && service spamassassin restart > /dev/null


On 01/18/2016 04:17 PM, Janina Sajka wrote:
Well, John. You might just change my mind about spamassassin. Care to
share your configuration somewhere? I'm willing to give it another try.

I agree that crowd-sourced enhancements could indeed be powerful in this
use case.

Janina

John G Heim writes:
I don't think there is a better spam filtering tool than spamassassin. I ran
the mail server for my department and all by myself, I was able to get
filtering as efficient as the campus mail server which used a commercial
product and had a full-time employee tuning it. The secret is crowd
sourcing. I had it download a new set of rules nightly and configured it to
use 3 crowd sourced systems, dcc, razor and pyzor. It took a while to set
all that up but once it was done, all I had to do was sit back and let the
world tune my spam filter.

Spamassassin is a bigger resource hog than anything else in a mail system. I
think that is probably true of any spam/virus filter. There is just a lot to
do.  And really, it's the virus scanning part that is the worst. You don't
want to skip that. We had about 200 users on a machine with 16 cores and 32
Gb of ram. It never had a problem with the load.

On 01/11/2016 01:43 PM, Janina Sajka wrote:
Hi,

I've got my crm set up via my personal ~/.procmailrc . It can also be
setup system wide, however I haven't needed that recently.

The crm home page does discuss site wide deployment:
http://crm114.sourceforge.net/wiki/doku.php

I note one can even use it with Spamassassin. I didn't go that way. I
dropped Spamassassin because it was spawning far too many processes that
were absorbing far too much of my available system resources, so that
other tasks on my server were suffering.

Am I completely happy with the results? No. I still get too many false
positives and consequently still need to look at my spam folder from
time to time. I've white-listed many more email sources than I would
have expected.

However, I see no more than a dozen or so emails in my inbox daily, and
that's a big improvement over what I was getting from Spamassassin.

hth

Janina


covici@xxxxxxxxxxxxxx writes:
How would you use crm114 for spam filtering?  Also, I am unfamiliar with
dkim and dmark, -- I do have sendmail -- how would those help?

Janina Sajka <janina@xxxxxxxxxxx> wrote:

Juan Hernandez writes:
I need webmail, imap, virtual domains, spam/antivirus protection, etc.
Let's take them one at a time ...

webmail
This one is easy. Go with squirrelmail .

  imap
  Another easy one, dovecot .

  virtual domains
  Any mta worth its salt will give you this. It's pretty trivial, e.g. in
  sendmail you simply add domains into a config file, one per line. If
  need be, you can get more elaborate, e.g. direct mail addressed to
  a@b.c. to d@e.f. It's all very doable.

  spam/antivirus protection
  This one is more complicated, and more important. I'm sure you're not
  interested in becoming an open relay for every spammer on the planet?
  So:

  Antivirus -- You probably only care if you have users on Windows.
  clamav is my choice for this, though mine is curently broken--I don't
  have windows clients.

  anti-spam -- much of this depends on a good mta configuration. Today's
  mta's, you'll probably select either sendmail or procmail, set you up
  by default with a pretty good configuration. You'll want to carefully
  read your way through the config file to understand what's going on.
  This is the starting point.

  Next is the process of sorting the mail that arrives into "probably OK"
  and "probably junk" piles. People used to rely on spamassassin for
  that, but I found it far too resource heavy and stopped using it about
  two years ago. I'm now using crm114. And, with Jason White, I'm looking
  at possibly moving to rstampd .

  In any case, you'll want to configure dkim and dmark for your mta.
  These assist the net in assuring you and everyone else that what you
  receive, and what you send is legit.

  Spam is a never ending battle. Expect to need to work on your
  configurations and approaches from time to time as the months and years
  go by.

  If this sounds daunting, that's probably good. It's not a trivial task,
  but it can be fun and certainly can be rewarding. I certainly have no
  interest in giving up my setup for some service somewhere else.

  hth

  Janina



--

Janina Sajka,	Phone:	+1.443.300.2200
			sip:janina@xxxxxxxxxxxxxxxxxxxx
		Email:	janina@xxxxxxxxxxx

Linux Foundation Fellow
Executive Chair, Accessibility Workgroup:	http://a11y.org

The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
Chair, Accessible Platform Architectures	http://www.w3.org/wai/apa

_______________________________________________
Speakup mailing list
Speakup@xxxxxxxxxxxxxxxxx
http://linux-speakup.org/cgi-bin/mailman/listinfo/speakup

--
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

          John Covici
          covici@xxxxxxxxxxxxxx
_______________________________________________
Speakup mailing list
Speakup@xxxxxxxxxxxxxxxxx
http://linux-speakup.org/cgi-bin/mailman/listinfo/speakup
_______________________________________________
Speakup mailing list
Speakup@xxxxxxxxxxxxxxxxx
http://linux-speakup.org/cgi-bin/mailman/listinfo/speakup

_______________________________________________
Speakup mailing list
Speakup@xxxxxxxxxxxxxxxxx
http://linux-speakup.org/cgi-bin/mailman/listinfo/speakup




[Index of Archives]     [Linux for the Blind]     [Fedora Discussioin]     [Linux Kernel]     [Yosemite News]     [Big List of Linux Books]
  Powered by Linux