spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jones <djo...@ena.com>
Subject Re: Hive Mind: postfix prescreen and SA ruleqa
Date Sun, 14 Apr 2019 20:31:41 GMT
On 4/14/19 3:03 AM, Jari Fredriksson wrote:
> We have had some discussions of this in the past. But now I became 
> worried that all SA users do not have access to their border smtp and 
> are NOT configuring postfix with this: https://pastebin.com/LGkdi7NM
> 
> Now, I am part of RuleQA. Should I accept everything and pass it so 
> SpamAssassin and to my corpus or not? Reindl Harald may have his say as 
> a corporate maintainer or something but the SpamAssassin user base is more.
> 
> How can I best support SpamAssassin besides having a mass check 
> automation and mirrors for the sa-update?

I have a secondary iredmail server hosting a few decommissioned domains 
receiving both ham and spam, but mostly spam.  This iredmail server has 
been stripped down to a very basic/stock Postfix and amavis-new configs 
to allow SA to score everything.  I sync over my /etc/mail/spamassassin 
custom config files and point to the same Bayes DB in redis so it scores 
similarly.  Dovecot Sieve rules put mail into the ham and spam folders 
for my masscheck processing based on very low scores for ham and very 
high scores for spam.  Messages that score in the middle are checked and 
manually moved into the ham or spam folder.  I also have a Spamcop 
folder that a script runs every 5 minutes to submit to Spamcop.  If I am 
able to catch a compromised account quickly, then I release that email 
to spamcop+postmaster@sa.ena.net which automatically goes into the 
Spamcop folder.

Note the sa.ena.net is an internal-only domain that is used to route 
mail to my iredmail server for the SA masscheck corpus.

Once you get this type of platform setup, it can be used for other spam 
fighting techniques on the primary mail filters like:

- train your shared redis Bayes DB with the ham and spam folder
- fail2ban - run a custom script on the secondary server to block IPs on 
the primary filters
- swatch - run custom scripts when certain rules are hit:
	- add entries to your own private RBL to catch zero hour spam
	- auto release certain messages from quarantine as an attachment
	- etc...

-- 
David Jones

Mime
View raw message