public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
From: Michael Orlitzky <michael@orlitzky.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] clamav and spamassassin
Date: Sat, 03 Dec 2011 17:54:23 -0500	[thread overview]
Message-ID: <4EDAA89F.3090308@orlitzky.com> (raw)
In-Reply-To: <CAN0CFw11Fh48TzBLst=TWz5ccDpEdOgmQKfr50ZRX8T8nTmrQg@mail.gmail.com>

On 12/03/2011 02:52 PM, Grant wrote:
> I haven't set up any antivirus measures on my Gentoo systems so I
> think I should.  Is clamav run as a scheduled filesystem scanner on
> each system and as an email scanner on the mail server all that's
> necessary?

Nobody (as far as I know?) scans linux filesystems unless there's a 
legal requirement or the files might wind up on a Windows box.


> I'm currently greylisting email to prevent spam from getting through.
> It catches a lot, but more and more gets through.  I'm not using any
> mailfilters now and If I set up a clamav mailfilter I think I may as
> well set up a spamassassin mailfilter to take the place of
> greylisting.  Is this the best guide for clamav and spamassassin:

SpamAssassin shouldn't take the place of greylisting; they reject 
different stuff. Keep the greylisting unless the delays bother you, but 
use postscreen to do it (see below).


> http://www.gentoo.org/doc/en/mailfilter-guide.xml
>
> Could I run into any problems with clamav or spamassassin that might
> make we wish I hadn't implemented them?

Yeah. The first is false positives. The second, related problem is that 
you'll have to manage a quarantine unless you stick amavisd-new in front 
of the postfix queue.

It's in that respect that the tutorial is outdated; otherwise, it looks 
good (I just skimmed it).

There is great benefit to the before-queue setup: mail will never 
disappear. Senders either get a rejection, or the mail is delivered. 
With the after-queue setup, you can no longer reject or else you'll be 
backscattering. So, you either deliver the spam, or you quarantine it 
(very bad if it's a false positive).

The downside is that you use more resources: one amavisd-new per 
connection. However, the addition of postscreen to postfix has largely 
ameliorated this. Since postscreen rejects most of the junk, amavis only 
gets started for smtpd sessions that are likely to succeed.

The easiest way to migrate is through incremental improvement. We used 
to use a system like the one in that guide. I enabled postscreen over 
the course of a week, and retired postgrey, which we had been using for 
greylisting. Once that was working properly, I simply dropped the 
content_filter in favor of smtpd_proxy_filter to move amavis in front of 
the queue.



  reply	other threads:[~2011-12-03 22:56 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-12-03 19:52 [gentoo-user] clamav and spamassassin Grant
2011-12-03 22:54 ` Michael Orlitzky [this message]
2011-12-04  0:59   ` Grant
2011-12-04  1:35     ` Michael Orlitzky
2011-12-04  1:57       ` Grant
2011-12-04  2:10         ` Michael Orlitzky
2011-12-04  1:59   ` Pandu Poluan
2011-12-04  2:17     ` Michael Orlitzky
2011-12-04  2:48       ` Pandu Poluan
2011-12-04  3:06         ` Michael Orlitzky
2011-12-04  8:27           ` Pandu Poluan
2011-12-06  0:15       ` Grant
2011-12-06  0:45         ` Pandu Poluan
2011-12-06  0:52           ` Michael Orlitzky
2011-12-06  1:01             ` Pandu Poluan
2011-12-06  1:14               ` Michael Orlitzky
2011-12-06  3:24             ` Grant
2011-12-06  4:43               ` Michael Orlitzky
2011-12-06 16:32                 ` Grant
2011-12-06 17:11                   ` Michael Orlitzky
2011-12-06 19:17                     ` Paul Hartman
2011-12-07  0:16                       ` Pandu Poluan
2011-12-06 21:34                     ` Grant
2011-12-06 22:20                       ` Michael Orlitzky
2011-12-07  1:02                         ` Grant
2011-12-07 16:38                           ` Michael Orlitzky
2011-12-07 18:16                             ` Grant
2011-12-07 18:56                               ` Michael Orlitzky
2011-12-07 19:00                                 ` Michael Orlitzky
2011-12-08  0:49                                 ` Grant
2011-12-07  9:15                         ` Pandu Poluan
2011-12-07 16:01                           ` Grant
2011-12-07 16:47                             ` Pandu Poluan
2011-12-07  0:57                     ` Grant
2011-12-07  1:11                       ` Pandu Poluan
2011-12-07 16:34                       ` Michael Orlitzky
2011-12-07 18:08                         ` Grant

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4EDAA89F.3090308@orlitzky.com \
    --to=michael@orlitzky.com \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox