Spamattack!

Mike Cathey mpcathey at catt.com
Wed Jan 29 18:22:25 EST 2003 

Tarjei,

On Wed, 2003-01-29 at 15:16, Tarjei Huse wrote: 
> Now, I'm wondering what is the current "best practices" when it comes to 
> spamfighting w/many users.  Sure, I could make a solution for my own part, but 
> I want something that works for everyone on my server.
> 
> So, is there a neat way to set up spamassasind so it tags the mails so people 
> can choose what to do with them using sieve? Does anyone feel like giving some 
> hints on what is possible and what they have done and their experiences?

Here's another way to do it.  We're testing this right now.

I setup amavis-new as a filter for postfix.  Then configured amavis-new
to use clamav (http://clamav.elektrapro.com/) and spamassassin.  Then I
end up with headers like this (after some config tweaking):

____SNIP____
X-Virus-Scanned: by amavisd-new
X-Amavis-Alert: INFECTED, message contains virus: Eicar-Test-Signature
____SNIP____

or

____SNIP____
X-Spam-Status: Yes, hits=12.1 tagged_above=0.0 required=6.9
tests=CLICK_BELOW,
     CONGRATULATIONS, EXCUSE_12, EXCUSE_4, FOR_FREE, NORMAL_HTTP_TO_IP,
     NO_REAL_NAME, REMOVE_IN_QUOTES, REMOVE_SUBJ, SPAM_PHRASE_08_13,
     SUBJ_FREE_CAP, TO_BE_REMOVED_REPLY, UNDISC_RECIPS
X-Spam-Level: ************
X-Spam-Flag: YES
____SNIP____

Then we create a Spam and Virus folders for each user, and give them
these for default sieve filters:

____SNIP____
require
["fileinto","reject","vacation","imapflags","relational","comparator-i;ascii-numeric","regex"];
if
header :contains "X-Spam-Flag" "YES"
{
fileinto "Spam";
stop;
}
if
header :contains "X-Amavis-Alert" "INFECTED"
{
fileinto "Virus";
stop;
}
____SNIP____

The customer can then access the messages via squirrelmail.  We're
having our in house php geek write a cheesy 2-3 option sieve interface
that will probably use the php library that avelsieve uses.

We're planning on moving the content filtering to a couple of machines
in front of our MTA(s) to help distribute the CPU load.

Hope that helps. :)

Suggestions/Comments?

Cheers,

Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20030129/e08dc31b/attachment.bin

More information about the Info-cyrus mailing list