From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-131968-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1RX0Rl-0007NK-CD
	for garchives@archives.gentoo.org; Sun, 04 Dec 2011 01:00:49 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id D45E221C069;
	Sun,  4 Dec 2011 01:00:33 +0000 (UTC)
Received: from mail-ey0-f181.google.com (mail-ey0-f181.google.com [209.85.215.181])
	by pigeon.gentoo.org (Postfix) with ESMTP id 6294821C022
	for <gentoo-user@lists.gentoo.org>; Sun,  4 Dec 2011 00:59:35 +0000 (UTC)
Received: by eaal13 with SMTP id l13so112473eaa.40
        for <gentoo-user@lists.gentoo.org>; Sat, 03 Dec 2011 16:59:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        bh=wSM8fBaBF8EaYsFGm/PFirehgm1mex8tIm9XScKxCtA=;
        b=ORiBwTN3IIQaWsfsusK61O6WHX+lidupiaOrxUVIOSg/lAUepjBcmbCSv1mDYe0dHO
         g5534uidk4uxjmtHFoXgnjucrGEI41rFdXyX7tm3D0kDlyxB2H77uhJ61KMqSoQR0MrM
         8xR9IWk1WUcKq/NjO0xEeFZ6d3W/LW2oEWfcM=
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.213.10.145 with SMTP id p17mr234901ebp.43.1322960372658; Sat,
 03 Dec 2011 16:59:32 -0800 (PST)
Received: by 10.213.33.133 with HTTP; Sat, 3 Dec 2011 16:59:32 -0800 (PST)
In-Reply-To: <4EDAA89F.3090308@orlitzky.com>
References: <CAN0CFw11Fh48TzBLst=TWz5ccDpEdOgmQKfr50ZRX8T8nTmrQg@mail.gmail.com>
	<4EDAA89F.3090308@orlitzky.com>
Date: Sat, 3 Dec 2011 16:59:32 -0800
Message-ID: <CAN0CFw2AbWTfBk+FUY25NK05DqHevtQSDBzuGAK7V-OYkZxwpg@mail.gmail.com>
Subject: Re: [gentoo-user] clamav and spamassassin
From: Grant <emailgrant@gmail.com>
To: gentoo-user@lists.gentoo.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 75598ce9-4077-4668-86a0-ab69a01e21e5
X-Archives-Hash: f4128309e65bbbcaa48e97d18a66f239

>> I haven't set up any antivirus measures on my Gentoo systems so I
>> think I should. =A0Is clamav run as a scheduled filesystem scanner on
>> each system and as an email scanner on the mail server all that's
>> necessary?
>
>
> Nobody (as far as I know?) scans linux filesystems unless there's a legal
> requirement or the files might wind up on a Windows box.

Very cool.  I found out clamscan and avgfree scan the filesystem so I
thought I should set it up, but if it's not necessary I won't bother.
All of my mail users are on Gentoo so do I need to bother having
clamav scan my incoming mail?

>> I'm currently greylisting email to prevent spam from getting through.
>> It catches a lot, but more and more gets through. =A0I'm not using any
>> mailfilters now and If I set up a clamav mailfilter I think I may as
>> well set up a spamassassin mailfilter to take the place of
>> greylisting. =A0Is this the best guide for clamav and spamassassin:
>
>
> SpamAssassin shouldn't take the place of greylisting; they reject differe=
nt
> stuff. Keep the greylisting unless the delays bother you, but use postscr=
een
> to do it (see below).

I just did some reading on postscreen but it doesn't sound like a
greylister.  Should I use postscreen in addition to postgrey, or are
they substitutes for each other?

>> http://www.gentoo.org/doc/en/mailfilter-guide.xml
>>
>> Could I run into any problems with clamav or spamassassin that might
>> make we wish I hadn't implemented them?
>
>
> Yeah. The first is false positives. The second, related problem is that
> you'll have to manage a quarantine unless you stick amavisd-new in front =
of
> the postfix queue.

Now that sounds like a hassle.  Greylisting leaves me with about 50/50
spam/legit mail and maybe incorporating postscreen I'll do even
better.  Deleting spam in my inbox might be easier than dealing with
false positives and managing a quarantine.

- Grant


> It's in that respect that the tutorial is outdated; otherwise, it looks g=
ood
> (I just skimmed it).
>
> There is great benefit to the before-queue setup: mail will never disappe=
ar.
> Senders either get a rejection, or the mail is delivered. With the
> after-queue setup, you can no longer reject or else you'll be
> backscattering. So, you either deliver the spam, or you quarantine it (ve=
ry
> bad if it's a false positive).
>
> The downside is that you use more resources: one amavisd-new per connecti=
on.
> However, the addition of postscreen to postfix has largely ameliorated th=
is.
> Since postscreen rejects most of the junk, amavis only gets started for
> smtpd sessions that are likely to succeed.
>
> The easiest way to migrate is through incremental improvement. We used to
> use a system like the one in that guide. I enabled postscreen over the
> course of a week, and retired postgrey, which we had been using for
> greylisting. Once that was working properly, I simply dropped the
> content_filter in favor of smtpd_proxy_filter to move amavis in front of =
the
> queue.