From: Grant <emailgrant@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] clamav and spamassassin
Date: Sat, 3 Dec 2011 16:59:32 -0800 [thread overview]
Message-ID: <CAN0CFw2AbWTfBk+FUY25NK05DqHevtQSDBzuGAK7V-OYkZxwpg@mail.gmail.com> (raw)
In-Reply-To: <4EDAA89F.3090308@orlitzky.com>
>> I haven't set up any antivirus measures on my Gentoo systems so I
>> think I should. Is clamav run as a scheduled filesystem scanner on
>> each system and as an email scanner on the mail server all that's
>> necessary?
>
>
> Nobody (as far as I know?) scans linux filesystems unless there's a legal
> requirement or the files might wind up on a Windows box.
Very cool. I found out clamscan and avgfree scan the filesystem so I
thought I should set it up, but if it's not necessary I won't bother.
All of my mail users are on Gentoo so do I need to bother having
clamav scan my incoming mail?
>> I'm currently greylisting email to prevent spam from getting through.
>> It catches a lot, but more and more gets through. I'm not using any
>> mailfilters now and If I set up a clamav mailfilter I think I may as
>> well set up a spamassassin mailfilter to take the place of
>> greylisting. Is this the best guide for clamav and spamassassin:
>
>
> SpamAssassin shouldn't take the place of greylisting; they reject different
> stuff. Keep the greylisting unless the delays bother you, but use postscreen
> to do it (see below).
I just did some reading on postscreen but it doesn't sound like a
greylister. Should I use postscreen in addition to postgrey, or are
they substitutes for each other?
>> http://www.gentoo.org/doc/en/mailfilter-guide.xml
>>
>> Could I run into any problems with clamav or spamassassin that might
>> make we wish I hadn't implemented them?
>
>
> Yeah. The first is false positives. The second, related problem is that
> you'll have to manage a quarantine unless you stick amavisd-new in front of
> the postfix queue.
Now that sounds like a hassle. Greylisting leaves me with about 50/50
spam/legit mail and maybe incorporating postscreen I'll do even
better. Deleting spam in my inbox might be easier than dealing with
false positives and managing a quarantine.
- Grant
> It's in that respect that the tutorial is outdated; otherwise, it looks good
> (I just skimmed it).
>
> There is great benefit to the before-queue setup: mail will never disappear.
> Senders either get a rejection, or the mail is delivered. With the
> after-queue setup, you can no longer reject or else you'll be
> backscattering. So, you either deliver the spam, or you quarantine it (very
> bad if it's a false positive).
>
> The downside is that you use more resources: one amavisd-new per connection.
> However, the addition of postscreen to postfix has largely ameliorated this.
> Since postscreen rejects most of the junk, amavis only gets started for
> smtpd sessions that are likely to succeed.
>
> The easiest way to migrate is through incremental improvement. We used to
> use a system like the one in that guide. I enabled postscreen over the
> course of a week, and retired postgrey, which we had been using for
> greylisting. Once that was working properly, I simply dropped the
> content_filter in favor of smtpd_proxy_filter to move amavis in front of the
> queue.
next prev parent reply other threads:[~2011-12-04 1:00 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-03 19:52 [gentoo-user] clamav and spamassassin Grant
2011-12-03 22:54 ` Michael Orlitzky
2011-12-04 0:59 ` Grant [this message]
2011-12-04 1:35 ` Michael Orlitzky
2011-12-04 1:57 ` Grant
2011-12-04 2:10 ` Michael Orlitzky
2011-12-04 1:59 ` Pandu Poluan
2011-12-04 2:17 ` Michael Orlitzky
2011-12-04 2:48 ` Pandu Poluan
2011-12-04 3:06 ` Michael Orlitzky
2011-12-04 8:27 ` Pandu Poluan
2011-12-06 0:15 ` Grant
2011-12-06 0:45 ` Pandu Poluan
2011-12-06 0:52 ` Michael Orlitzky
2011-12-06 1:01 ` Pandu Poluan
2011-12-06 1:14 ` Michael Orlitzky
2011-12-06 3:24 ` Grant
2011-12-06 4:43 ` Michael Orlitzky
2011-12-06 16:32 ` Grant
2011-12-06 17:11 ` Michael Orlitzky
2011-12-06 19:17 ` Paul Hartman
2011-12-07 0:16 ` Pandu Poluan
2011-12-06 21:34 ` Grant
2011-12-06 22:20 ` Michael Orlitzky
2011-12-07 1:02 ` Grant
2011-12-07 16:38 ` Michael Orlitzky
2011-12-07 18:16 ` Grant
2011-12-07 18:56 ` Michael Orlitzky
2011-12-07 19:00 ` Michael Orlitzky
2011-12-08 0:49 ` Grant
2011-12-07 9:15 ` Pandu Poluan
2011-12-07 16:01 ` Grant
2011-12-07 16:47 ` Pandu Poluan
2011-12-07 0:57 ` Grant
2011-12-07 1:11 ` Pandu Poluan
2011-12-07 16:34 ` Michael Orlitzky
2011-12-07 18:08 ` Grant
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAN0CFw2AbWTfBk+FUY25NK05DqHevtQSDBzuGAK7V-OYkZxwpg@mail.gmail.com \
--to=emailgrant@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox