You would be much better off googling for tutorials on setting up each
of those tools. I mean if I just posted my config files, they wouldn't
make a lot of sense. I'd have to spend so much time editing them for
security and explaing the customizations I made that it would be like
writing a tutorial. But the ones already out there are better than I
could do in the time allotted.
All of the tools I mentioned are like most linux tools, they take 2
minuts to get working and 2 days to get working right.
A few notes:
1. Spamassassin has this fuzzy logic feature. It's all under the
bayesian filtering heading. Users can tell spamassassin that a message
is spam and it will mark similar messages as spam in the future. I used
spamassassin's mysql interface to store those fuzzy logic rules in a
single database so all of my users would benefit when any one of them
marked a message as spam.
2. My dcc, razor, and pyzor configurations were pretty standard. The one
thing I'd suggest if you are going to set those up is to google for
information on testing to see if they are actually working. All 3 of
those tools tend to fail silently if there is anything wrong with the
configuration. In a way, that's not the fault of the tools. Mostly, its
that it's hard to know what to do when a tool is part of a pipeline. You
have to send the message on to the next tool in the pipeline so it looks
like the filter worked but didn't think the message was spam.
3. There are spamassassin rule sets you can download nightly. At the
very least, you should update the rule set supplied by spamassassin
every night. Here is the crontab entry I used to do that:
32 6 * * * root /usr/bin/sa-update --channel updates.spamassassin.org &&
service spamassassin restart > /dev/null
On 01/18/2016 04:17 PM, Janina Sajka wrote:
Well, John. You might just change my mind about spamassassin. Care to
share your configuration somewhere? I'm willing to give it another try.
I agree that crowd-sourced enhancements could indeed be powerful in this
use case.
Janina
John G Heim writes:
I don't think there is a better spam filtering tool than spamassassin. I ran
the mail server for my department and all by myself, I was able to get
filtering as efficient as the campus mail server which used a commercial
product and had a full-time employee tuning it. The secret is crowd
sourcing. I had it download a new set of rules nightly and configured it to
use 3 crowd sourced systems, dcc, razor and pyzor. It took a while to set
all that up but once it was done, all I had to do was sit back and let the
world tune my spam filter.
Spamassassin is a bigger resource hog than anything else in a mail system. I
think that is probably true of any spam/virus filter. There is just a lot to
do. And really, it's the virus scanning part that is the worst. You don't
want to skip that. We had about 200 users on a machine with 16 cores and 32
Gb of ram. It never had a problem with the load.
On 01/11/2016 01:43 PM, Janina Sajka wrote:
Hi,
I've got my crm set up via my personal ~/.procmailrc . It can also be
setup system wide, however I haven't needed that recently.
The crm home page does discuss site wide deployment:
http://crm114.sourceforge.net/wiki/doku.php
I note one can even use it with Spamassassin. I didn't go that way. I
dropped Spamassassin because it was spawning far too many processes that
were absorbing far too much of my available system resources, so that
other tasks on my server were suffering.
Am I completely happy with the results? No. I still get too many false
positives and consequently still need to look at my spam folder from
time to time. I've white-listed many more email sources than I would
have expected.
However, I see no more than a dozen or so emails in my inbox daily, and
that's a big improvement over what I was getting from Spamassassin.
hth
Janina
covici@xxxxxxxxxxxxxx writes:
How would you use crm114 for spam filtering? Also, I am unfamiliar with
dkim and dmark, -- I do have sendmail -- how would those help?
Janina Sajka <janina@xxxxxxxxxxx> wrote:
Juan Hernandez writes:
I need webmail, imap, virtual domains, spam/antivirus protection, etc.
Let's take them one at a time ...
webmail
This one is easy. Go with squirrelmail .
imap
Another easy one, dovecot .
virtual domains
Any mta worth its salt will give you this. It's pretty trivial, e.g. in
sendmail you simply add domains into a config file, one per line. If
need be, you can get more elaborate, e.g. direct mail addressed to
a@b.c. to d@e.f. It's all very doable.
spam/antivirus protection
This one is more complicated, and more important. I'm sure you're not
interested in becoming an open relay for every spammer on the planet?
So:
Antivirus -- You probably only care if you have users on Windows.
clamav is my choice for this, though mine is curently broken--I don't
have windows clients.
anti-spam -- much of this depends on a good mta configuration. Today's
mta's, you'll probably select either sendmail or procmail, set you up
by default with a pretty good configuration. You'll want to carefully
read your way through the config file to understand what's going on.
This is the starting point.
Next is the process of sorting the mail that arrives into "probably OK"
and "probably junk" piles. People used to rely on spamassassin for
that, but I found it far too resource heavy and stopped using it about
two years ago. I'm now using crm114. And, with Jason White, I'm looking
at possibly moving to rstampd .
In any case, you'll want to configure dkim and dmark for your mta.
These assist the net in assuring you and everyone else that what you
receive, and what you send is legit.
Spam is a never ending battle. Expect to need to work on your
configurations and approaches from time to time as the months and years
go by.
If this sounds daunting, that's probably good. It's not a trivial task,
but it can be fun and certainly can be rewarding. I certainly have no
interest in giving up my setup for some service somewhere else.
hth
Janina
--
Janina Sajka, Phone: +1.443.300.2200
sip:janina@xxxxxxxxxxxxxxxxxxxx
Email: janina@xxxxxxxxxxx
Linux Foundation Fellow
Executive Chair, Accessibility Workgroup: http://a11y.org
The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
Chair, Accessible Platform Architectures http://www.w3.org/wai/apa
_______________________________________________
Speakup mailing list
Speakup@xxxxxxxxxxxxxxxxx
http://linux-speakup.org/cgi-bin/mailman/listinfo/speakup
--
Your life is like a penny. You're going to lose it. The question is:
How do
you spend it?
John Covici
covici@xxxxxxxxxxxxxx
_______________________________________________
Speakup mailing list
Speakup@xxxxxxxxxxxxxxxxx
http://linux-speakup.org/cgi-bin/mailman/listinfo/speakup
_______________________________________________
Speakup mailing list
Speakup@xxxxxxxxxxxxxxxxx
http://linux-speakup.org/cgi-bin/mailman/listinfo/speakup
_______________________________________________
Speakup mailing list
Speakup@xxxxxxxxxxxxxxxxx
http://linux-speakup.org/cgi-bin/mailman/listinfo/speakup
