From: Michael Orlitzky <michael@orlitzky.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] clamav and spamassassin
Date: Sat, 03 Dec 2011 20:35:50 -0500 [thread overview]
Message-ID: <4EDACE76.9060400@orlitzky.com> (raw)
In-Reply-To: <CAN0CFw2AbWTfBk+FUY25NK05DqHevtQSDBzuGAK7V-OYkZxwpg@mail.gmail.com>
On 12/03/2011 07:59 PM, Grant wrote:
>>> I haven't set up any antivirus measures on my Gentoo systems so I
>>> think I should. Is clamav run as a scheduled filesystem scanner on
>>> each system and as an email scanner on the mail server all that's
>>> necessary?
>>
>>
>> Nobody (as far as I know?) scans linux filesystems unless there's a legal
>> requirement or the files might wind up on a Windows box.
>
> Very cool. I found out clamscan and avgfree scan the filesystem so I
> thought I should set it up, but if it's not necessary I won't bother.
> All of my mail users are on Gentoo so do I need to bother having
> clamav scan my incoming mail?
Well, they aren't going to get infected with anything, but ClamAV could
still keep the virus message (which is obviously unwanted) out of their
inbox. There are also some third-party signatures[1] for ClamAV that
catch scam/phishing mail.
>>> I'm currently greylisting email to prevent spam from getting through.
>>> It catches a lot, but more and more gets through. I'm not using any
>>> mailfilters now and If I set up a clamav mailfilter I think I may as
>>> well set up a spamassassin mailfilter to take the place of
>>> greylisting. Is this the best guide for clamav and spamassassin:
>>
>>
>> SpamAssassin shouldn't take the place of greylisting; they reject different
>> stuff. Keep the greylisting unless the delays bother you, but use postscreen
>> to do it (see below).
>
> I just did some reading on postscreen but it doesn't sound like a
> greylister. Should I use postscreen in addition to postgrey, or are
> they substitutes for each other?
>
Postscreen isn't a greylist daemon per se, but it has the same effect if
you enable the "deep protocol" tests. Once it gets past the initial
greeting (into the "deep" stages), postscreen can no longer hand off the
session to a real smtpd. So, even if the client passes all of the tests,
postscreen will send it a "4xx try again." That's essentially greylisting.
Postscreen, like Postgrey, keeps a database of good clients, so you
shouldn't lose any functionality there. This is what makes the
aforementioned 4xx strategy work: when the client reconnects, it
bypasses postscreen entirely and goes to a real smtpd.
I would make the switch when you have some free time. Postscreen is part
of postfix, so it removes one dependency from your mail system. It also
adds a couple of nice anti-spam features for free. And, if you ever
decide to implement Amavis, postscreen makes the before-queue setup viable.
>>> http://www.gentoo.org/doc/en/mailfilter-guide.xml
>>>
>>> Could I run into any problems with clamav or spamassassin that might
>>> make we wish I hadn't implemented them?
>>
>>
>> Yeah. The first is false positives. The second, related problem is that
>> you'll have to manage a quarantine unless you stick amavisd-new in front of
>> the postfix queue.
>
> Now that sounds like a hassle. Greylisting leaves me with about 50/50
> spam/legit mail and maybe incorporating postscreen I'll do even
> better. Deleting spam in my inbox might be easier than dealing with
> false positives and managing a quarantine.
You should be able to do a lot better than that with just postscreen and
postfix. If you try to implement postscreen, post your main.cf over on
postfix-users for review. The built-in restrictions combined with a few
RBLs should get you well below 50/50.
Plus, if you still get too much spam, you'll already have postscreen in
place and that will make adding amavisd-new that much easier.
[1] http://www.sanesecurity.com/
next prev parent reply other threads:[~2011-12-04 1:37 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-03 19:52 [gentoo-user] clamav and spamassassin Grant
2011-12-03 22:54 ` Michael Orlitzky
2011-12-04 0:59 ` Grant
2011-12-04 1:35 ` Michael Orlitzky [this message]
2011-12-04 1:57 ` Grant
2011-12-04 2:10 ` Michael Orlitzky
2011-12-04 1:59 ` Pandu Poluan
2011-12-04 2:17 ` Michael Orlitzky
2011-12-04 2:48 ` Pandu Poluan
2011-12-04 3:06 ` Michael Orlitzky
2011-12-04 8:27 ` Pandu Poluan
2011-12-06 0:15 ` Grant
2011-12-06 0:45 ` Pandu Poluan
2011-12-06 0:52 ` Michael Orlitzky
2011-12-06 1:01 ` Pandu Poluan
2011-12-06 1:14 ` Michael Orlitzky
2011-12-06 3:24 ` Grant
2011-12-06 4:43 ` Michael Orlitzky
2011-12-06 16:32 ` Grant
2011-12-06 17:11 ` Michael Orlitzky
2011-12-06 19:17 ` Paul Hartman
2011-12-07 0:16 ` Pandu Poluan
2011-12-06 21:34 ` Grant
2011-12-06 22:20 ` Michael Orlitzky
2011-12-07 1:02 ` Grant
2011-12-07 16:38 ` Michael Orlitzky
2011-12-07 18:16 ` Grant
2011-12-07 18:56 ` Michael Orlitzky
2011-12-07 19:00 ` Michael Orlitzky
2011-12-08 0:49 ` Grant
2011-12-07 9:15 ` Pandu Poluan
2011-12-07 16:01 ` Grant
2011-12-07 16:47 ` Pandu Poluan
2011-12-07 0:57 ` Grant
2011-12-07 1:11 ` Pandu Poluan
2011-12-07 16:34 ` Michael Orlitzky
2011-12-07 18:08 ` Grant
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4EDACE76.9060400@orlitzky.com \
--to=michael@orlitzky.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox