Re: Spamassassin on Debian HOWTO?

To: LIST - Debian-User <debian-user@lists.debian.org>
Subject: Re: Spamassassin on Debian HOWTO?
From: hanasaki <hanasaki@hanaden.com>
Date: Sun, 28 Dec 2003 08:59:27 -0600
Message-id: <[🔎] 3FEEEFCF.7000807@hanaden.com>

How is it that Spamassasign and Razor are integrated? I am usingamavis-new with spamc/clamv for virus checking. Still haven't quitegotten razor or spamassagin to work with it.

	running debian sarge + exim4

Thanks

Carl Fink said:

>>>>Lucas Said:
>>>> Is their a backport of spamassassin for stable?
>
>>
>> Several.
>

>>>> I generally use the testing mimedefang/spamassassin becuase ituses the

>>>> newer perl version 5.8.
>
>>
>> Why is that an advantage, given SpamAssassin 2.61 with Perl 5.6?

I was not aware of backports, and I ususally stay with the standard
repositories.
No real advantage to useing 5.8 over 5.6, except for if you wish to use
the embedded perl interpreter you need to run 5.8, for mimedefang.
This lowers you memory usage, but has not been released as a mimedefang
package.
I have been amazed with the amount of spam I have been blocking with
razor+pyzor+dcc+rbl-checks+SA+Evil Rules+mimedefang+greylisting.
(razor,pyzor+dcc)=distributed checksums for spam.
SA+Evil Rules for some really good extra cf rules, my local rules way in
at over 10,000 lines.
Greylisting is delivering a temporary delivery error for 2-3 minutes, and
spammers will not reattempt delivery and regular senders will re-attempt
delivery. I have been using it on my mail server, and have not gotten any
complaints. It will lower the mail load on your server, as you can reject
wtihout performing content analysis with sa.
Go read about greylisting on google.
Mimedefang supports greylisting, and I implemented some code based on
mimedefang creater's code.
It's also possible to implement stateful greylisting in which you delay
mail from virus relays or high spam sites long enough to either reject the
mail completelly, or lower the load on your server, without interfering
with regular mail on the system.
I am still incrementally implementing this.
The idea is to add to your spamassassin score by maintaing a database of
the behavior or all the senders and ip relays in the past.
How often do they re-attempt delivery?
What is their average spam score from that relay or sender?
When do they attempt delivery?
Have they sent a virus recently?
Are they forging helo headers?
Etc...
I have the greylisting working, and am working on the throttle mail in
which you can set a threshold for how many messages a particular ip
address can send. I have a number of machines that mail cron reports, so I
throttel them back so the mail server will only accept 1 mail message from
the machines every 30 seconds.
This just builds on maintaining ip state via mimedefang.
My next step is to raise the temporary rejection time for machines that
are infected, 95% of the time a virus relay will only send virus's for an
hour or less.
The important consideration is to always generate a rejection error when a
message is rejected, and not have any false postitves. So people never
lose mail, and users don't complain.
(Obbious goals.)

--Luke

Reply to:

Follow-Ups:
- Re: Spamassassin on Debian HOWTO?
  - From: Carl Fink <carlf@fink.to>

Prev by Date: Re: Realtek rtl8139 nic and 2.4.20 kernel
Next by Date: Re: OO1.1 fails to start
Previous by thread: Re: network install via dialup?
Next by thread: Re: Spamassassin on Debian HOWTO?
Index(es):
- Date
- Thread