From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RX1OV-0007ZT-85 for garchives@archives.gentoo.org; Sun, 04 Dec 2011 02:01:31 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A7F9D21C084; Sun, 4 Dec 2011 02:01:06 +0000 (UTC) Received: from svr-us4.tirtonadi.com (svr-us4.tirtonadi.com [69.65.43.212]) by pigeon.gentoo.org (Postfix) with ESMTP id 84DB821C042 for ; Sun, 4 Dec 2011 01:59:32 +0000 (UTC) Received: from mail-ww0-f41.google.com ([74.125.82.41]) by svr-us4.tirtonadi.com with esmtpsa (TLSv1:RC4-SHA:128) (Exim 4.69) (envelope-from ) id 1RX1Ma-000alL-O3 for gentoo-user@lists.gentoo.org; Sun, 04 Dec 2011 08:59:32 +0700 Received: by wgbdt12 with SMTP id dt12so3989392wgb.4 for ; Sat, 03 Dec 2011 17:59:28 -0800 (PST) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.180.85.162 with SMTP id i2mr5862800wiz.22.1322963968086; Sat, 03 Dec 2011 17:59:28 -0800 (PST) Received: by 10.223.103.70 with HTTP; Sat, 3 Dec 2011 17:59:28 -0800 (PST) Received: by 10.223.103.70 with HTTP; Sat, 3 Dec 2011 17:59:28 -0800 (PST) In-Reply-To: <4EDAA89F.3090308@orlitzky.com> References: <4EDAA89F.3090308@orlitzky.com> Date: Sun, 4 Dec 2011 08:59:28 +0700 Message-ID: Subject: Re: [gentoo-user] clamav and spamassassin From: Pandu Poluan To: gentoo-user@lists.gentoo.org Content-Type: multipart/alternative; boundary=f46d0444e9cb5e532204b33a8d2e X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - svr-us4.tirtonadi.com X-AntiAbuse: Original Domain - lists.gentoo.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - poluan.info X-Archives-Salt: f9ddcd3e-f58c-465f-a9d3-0329fb3203f1 X-Archives-Hash: 68477cd0d9c8a92f32167c877172cbf7 --f46d0444e9cb5e532204b33a8d2e Content-Type: text/plain; charset=UTF-8 On Dec 4, 2011 5:58 AM, "Michael Orlitzky" wrote: > > On 12/03/2011 02:52 PM, Grant wrote: >> >> I haven't set up any antivirus measures on my Gentoo systems so I >> think I should. Is clamav run as a scheduled filesystem scanner on >> each system and as an email scanner on the mail server all that's >> necessary? > > > Nobody (as far as I know?) scans linux filesystems unless there's a legal requirement or the files might wind up on a Windows box. > > > >> I'm currently greylisting email to prevent spam from getting through. >> It catches a lot, but more and more gets through. I'm not using any >> mailfilters now and If I set up a clamav mailfilter I think I may as >> well set up a spamassassin mailfilter to take the place of >> greylisting. Is this the best guide for clamav and spamassassin: > > > SpamAssassin shouldn't take the place of greylisting; they reject different stuff. Keep the greylisting unless the delays bother you, but use postscreen to do it (see below). > > > >> http://www.gentoo.org/doc/en/mailfilter-guide.xml >> >> Could I run into any problems with clamav or spamassassin that might >> make we wish I hadn't implemented them? > > > Yeah. The first is false positives. The second, related problem is that you'll have to manage a quarantine unless you stick amavisd-new in front of the postfix queue. > > It's in that respect that the tutorial is outdated; otherwise, it looks good (I just skimmed it). > > There is great benefit to the before-queue setup: mail will never disappear. Senders either get a rejection, or the mail is delivered. With the after-queue setup, you can no longer reject or else you'll be backscattering. So, you either deliver the spam, or you quarantine it (very bad if it's a false positive). > > The downside is that you use more resources: one amavisd-new per connection. However, the addition of postscreen to postfix has largely ameliorated this. Since postscreen rejects most of the junk, amavis only gets started for smtpd sessions that are likely to succeed. > > The easiest way to migrate is through incremental improvement. We used to use a system like the one in that guide. I enabled postscreen over the course of a week, and retired postgrey, which we had been using for greylisting. Once that was working properly, I simply dropped the content_filter in favor of smtpd_proxy_filter to move amavis in front of the queue. > This is new information to me. If you're subscribed to Gentoo-server, you'll know that I am in the process of setting up a mailfiltering gateway for my company. Any resources on this "postscreen" facility? sounds like a very nice thing to implement. Rgds, --f46d0444e9cb5e532204b33a8d2e Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


On Dec 4, 2011 5:58 AM, "Michael Orlitzky" <michael@orlitzky.com> wrote:
>
> On 12/03/2011 02:52 PM, Grant wrote:
>>
>> I haven't set up any antivirus measures on my Gentoo systems s= o I
>> think I should. =C2=A0Is clamav run as a scheduled filesystem scan= ner on
>> each system and as an email scanner on the mail server all that= 9;s
>> necessary?
>
>
> Nobody (as far as I know?) scans linux filesystems unless there's = a legal requirement or the files might wind up on a Windows box.
>
>
>
>> I'm currently greylisting email to prevent spam from getting t= hrough.
>> It catches a lot, but more and more gets through. =C2=A0I'm no= t using any
>> mailfilters now and If I set up a clamav mailfilter I think I may = as
>> well set up a spamassassin mailfilter to take the place of
>> greylisting. =C2=A0Is this the best guide for clamav and spamassas= sin:
>
>
> SpamAssassin shouldn't take the place of greylisting; they reject = different stuff. Keep the greylisting unless the delays bother you, but use= postscreen to do it (see below).
>
>
>
>> http= ://www.gentoo.org/doc/en/mailfilter-guide.xml
>>
>> Could I run into any problems with clamav or spamassassin that mig= ht
>> make we wish I hadn't implemented them?
>
>
> Yeah. The first is false positives. The second, related problem is tha= t you'll have to manage a quarantine unless you stick amavisd-new in fr= ont of the postfix queue.
>
> It's in that respect that the tutorial is outdated; otherwise, it = looks good (I just skimmed it).
>
> There is great benefit to the before-queue setup: mail will never disa= ppear. Senders either get a rejection, or the mail is delivered. With the a= fter-queue setup, you can no longer reject or else you'll be backscatte= ring. So, you either deliver the spam, or you quarantine it (very bad if it= 's a false positive).
>
> The downside is that you use more resources: one amavisd-new per conne= ction. However, the addition of postscreen to postfix has largely ameliorat= ed this. Since postscreen rejects most of the junk, amavis only gets starte= d for smtpd sessions that are likely to succeed.
>
> The easiest way to migrate is through incremental improvement. We used= to use a system like the one in that guide. I enabled postscreen over the = course of a week, and retired postgrey, which we had been using for greylis= ting. Once that was working properly, I simply dropped the content_filter i= n favor of smtpd_proxy_filter to move amavis in front of the queue.
>

This is new information to me. If you're subscribed to Gentoo-server= , you'll know that I am in the process of setting up a mailfiltering ga= teway for my company.

Any resources on this "postscreen" facility? sounds like a ver= y nice thing to implement.

Rgds,

--f46d0444e9cb5e532204b33a8d2e--