From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RX0Rl-0007NK-CD for garchives@archives.gentoo.org; Sun, 04 Dec 2011 01:00:49 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D45E221C069; Sun, 4 Dec 2011 01:00:33 +0000 (UTC) Received: from mail-ey0-f181.google.com (mail-ey0-f181.google.com [209.85.215.181]) by pigeon.gentoo.org (Postfix) with ESMTP id 6294821C022 for ; Sun, 4 Dec 2011 00:59:35 +0000 (UTC) Received: by eaal13 with SMTP id l13so112473eaa.40 for ; Sat, 03 Dec 2011 16:59:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=wSM8fBaBF8EaYsFGm/PFirehgm1mex8tIm9XScKxCtA=; b=ORiBwTN3IIQaWsfsusK61O6WHX+lidupiaOrxUVIOSg/lAUepjBcmbCSv1mDYe0dHO g5534uidk4uxjmtHFoXgnjucrGEI41rFdXyX7tm3D0kDlyxB2H77uhJ61KMqSoQR0MrM 8xR9IWk1WUcKq/NjO0xEeFZ6d3W/LW2oEWfcM= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.213.10.145 with SMTP id p17mr234901ebp.43.1322960372658; Sat, 03 Dec 2011 16:59:32 -0800 (PST) Received: by 10.213.33.133 with HTTP; Sat, 3 Dec 2011 16:59:32 -0800 (PST) In-Reply-To: <4EDAA89F.3090308@orlitzky.com> References: <4EDAA89F.3090308@orlitzky.com> Date: Sat, 3 Dec 2011 16:59:32 -0800 Message-ID: Subject: Re: [gentoo-user] clamav and spamassassin From: Grant To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 75598ce9-4077-4668-86a0-ab69a01e21e5 X-Archives-Hash: f4128309e65bbbcaa48e97d18a66f239 >> I haven't set up any antivirus measures on my Gentoo systems so I >> think I should. =A0Is clamav run as a scheduled filesystem scanner on >> each system and as an email scanner on the mail server all that's >> necessary? > > > Nobody (as far as I know?) scans linux filesystems unless there's a legal > requirement or the files might wind up on a Windows box. Very cool. I found out clamscan and avgfree scan the filesystem so I thought I should set it up, but if it's not necessary I won't bother. All of my mail users are on Gentoo so do I need to bother having clamav scan my incoming mail? >> I'm currently greylisting email to prevent spam from getting through. >> It catches a lot, but more and more gets through. =A0I'm not using any >> mailfilters now and If I set up a clamav mailfilter I think I may as >> well set up a spamassassin mailfilter to take the place of >> greylisting. =A0Is this the best guide for clamav and spamassassin: > > > SpamAssassin shouldn't take the place of greylisting; they reject differe= nt > stuff. Keep the greylisting unless the delays bother you, but use postscr= een > to do it (see below). I just did some reading on postscreen but it doesn't sound like a greylister. Should I use postscreen in addition to postgrey, or are they substitutes for each other? >> http://www.gentoo.org/doc/en/mailfilter-guide.xml >> >> Could I run into any problems with clamav or spamassassin that might >> make we wish I hadn't implemented them? > > > Yeah. The first is false positives. The second, related problem is that > you'll have to manage a quarantine unless you stick amavisd-new in front = of > the postfix queue. Now that sounds like a hassle. Greylisting leaves me with about 50/50 spam/legit mail and maybe incorporating postscreen I'll do even better. Deleting spam in my inbox might be easier than dealing with false positives and managing a quarantine. - Grant > It's in that respect that the tutorial is outdated; otherwise, it looks g= ood > (I just skimmed it). > > There is great benefit to the before-queue setup: mail will never disappe= ar. > Senders either get a rejection, or the mail is delivered. With the > after-queue setup, you can no longer reject or else you'll be > backscattering. So, you either deliver the spam, or you quarantine it (ve= ry > bad if it's a false positive). > > The downside is that you use more resources: one amavisd-new per connecti= on. > However, the addition of postscreen to postfix has largely ameliorated th= is. > Since postscreen rejects most of the junk, amavis only gets started for > smtpd sessions that are likely to succeed. > > The easiest way to migrate is through incremental improvement. We used to > use a system like the one in that guide. I enabled postscreen over the > course of a week, and retired postgrey, which we had been using for > greylisting. Once that was working properly, I simply dropped the > content_filter in favor of smtpd_proxy_filter to move amavis in front of = the > queue.