[Dspam-user] Configuring DSPAM as front-end MX relay with postfix

classic Classic list List threaded Threaded
17 messages Options
Reply | Threaded
Open this post in threaded view
|

[Dspam-user] Configuring DSPAM as front-end MX relay with postfix

ML mail
Hello,

I am trying to configure a server as MX relay with dspam just for scanning spam and then forwarding the innocent mails to the end mail server. For this I have followed the doc/relay.txt file.

I see it works and dspam treats the incoming mail but the problem is that postfix is then trying to deliver the mail locally on the MX relay server. So my question is: how do I make my postfix deliver that mail to the right server? Or is it dspam who is supposed to deliver the innocent mail to the end mail server?


Thanks for your help.

Best
ML

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
Dspam-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/dspam-user
Reply | Threaded
Open this post in threaded view
|

Re: [Dspam-user] Configuring DSPAM as front-end MX relay with postfix

Reindl Harald


Am 06.06.2014 18:37, schrieb ML mail:
> I am trying to configure a server as MX relay with dspam just for scanning spam and then forwarding the innocent mails to the end mail server. For this I have followed the doc/relay.txt file.
> I see it works and dspam treats the incoming mail but the problem is that postfix is then trying to deliver the mail locally on the MX relay server. So my question is: how do I make my postfix deliver that mail to the right server? Or is it dspam who is supposed to deliver the innocent mail to the end mail server?

postfix -> transport tables

the postfix working as gateway needs to know valid rcpts as well
as domains he accepts and where he has to relay them, in the
best case the destination servers are configured with mysql
tables which could be re-used on the gateway


------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
Dspam-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/dspam-user

signature.asc (254 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Dspam-user] Configuring DSPAM as front-end MX relay with postfix

ML mail
That's what I did. As stated in dspam relay.txt documentation (http://sourceforge.net/p/dspam/code/ci/master/tree/doc/relay.txt) I added the following virtual transport table:

virtual_transport    = lmtp:unix:/tmp/dspam.sock
virtual_mailbox_domains    = mydomain.org
virtual_mailbox_maps    = pgsql:/etc/postfix/vmailbox.cf

Is there maybe any additional configuration parameters that I need to add into postfix? I re-read the whole relay.txt from dspam and I can't find anythig else.

Best regards
ML




On Friday, June 6, 2014 11:51 PM, Reindl Harald <[hidden email]> wrote:





Am 06.06.2014 18:37, schrieb ML mail:
> I am trying to configure a server as MX relay with dspam just for scanning spam and then forwarding the innocent mails to the end mail server. For this I have followed the doc/relay.txt file.
> I see it works and dspam treats the incoming mail but the problem is that postfix is then trying to deliver the mail locally on the MX relay server. So my question is: how do I make my postfix deliver that mail to the right server? Or is it dspam who is supposed to deliver the innocent mail to the end mail server?

postfix -> transport tables

the postfix working as gateway needs to know valid rcpts as well
as domains he accepts and where he has to relay them, in the
best case the destination servers are configured with mysql
tables which could be re-used on the gateway

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
Dspam-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/dspam-user


------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
Dspam-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/dspam-user
Reply | Threaded
Open this post in threaded view
|

Re: [Dspam-user] Configuring DSPAM as front-end MX relay with postfix

Tom Hendrikx
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Hi ML,

The 'relay' in that file relates to dspam operatoring as a relay between
the outside world and postfix. If postfix receives the messages after
they are scanned, you succeeded in following the doc.

The MX relay you want to setup (relaying from postfix to 'end mail
server') is unrelated to dspam, as the relaying functionality you want
is implemented completely in postfix, and has nothing to do with
dspam. Reindl pointed you to the docs for setting that up.

If you need more guidance for setting up a relay in postfix, search
for "postfix relay", or ask questions on the postfix-users mailing
list. Reindl already nudged you in the correct direction.

Tom

On 07-06-14 17:01, ML mail wrote:

> That's what I did. As stated in dspam relay.txt documentation
> (http://sourceforge.net/p/dspam/code/ci/master/tree/doc/relay.txt)
> I added the following virtual transport table:
>
> virtual_transport    = lmtp:unix:/tmp/dspam.sock
> virtual_mailbox_domains    = mydomain.org virtual_mailbox_maps
> = pgsql:/etc/postfix/vmailbox.cf
>
> Is there maybe any additional configuration parameters that I need
> to add into postfix? I re-read the whole relay.txt from dspam and
> I can't find anythig else.
>
> Best regards ML
>
>
>
>
> On Friday, June 6, 2014 11:51 PM, Reindl Harald
> <[hidden email]> wrote:
>
>
>
>
>
> Am 06.06.2014 18:37, schrieb ML mail:
>> I am trying to configure a server as MX relay with dspam just
>> for scanning spam and then forwarding the innocent mails to the
>> end mail server. For this I have followed the doc/relay.txt file.
>> I see it works and dspam treats the incoming mail but the problem
>> is that postfix is then trying to deliver the mail locally on the
>> MX relay server. So my question is: how do I make my postfix
>> deliver that mail to the right server? Or is it dspam who is
>> supposed to deliver the innocent mail to the end mail server?
>
> postfix -> transport tables
>
> the postfix working as gateway needs to know valid rcpts as well
> as domains he accepts and where he has to relay them, in the best
> case the destination servers are configured with mysql tables which
> could be re-used on the gateway
>
> ------------------------------------------------------------------------------
>
>
>
Learn Graph Databases - Download FREE O'Reilly Book

> "Graph Databases" is the definitive new guide to graph databases
> and their applications. Written by three acclaimed leaders in the
> field, this first edition is now available. Download your free book
> today! http://p.sf.net/sfu/NeoTech 
> _______________________________________________ Dspam-user mailing
> list [hidden email]
> https://lists.sourceforge.net/lists/listinfo/dspam-user
>
>
> ------------------------------------------------------------------------------
>
>
>
Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases
> and their applications. Written by three acclaimed leaders in the
> field, this first edition is now available. Download your free book
> today! http://p.sf.net/sfu/NeoTech 
> _______________________________________________ Dspam-user mailing
> list [hidden email]
> https://lists.sourceforge.net/lists/listinfo/dspam-user
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTky4lAAoJEJPfMZ19VO/1SwwP/RGNbbk2E7r96YVUhvFwzVCF
yLGWUJ+7zXaDcdcoG97Vo9SmcyS034v1+sZmDsROq2K/K0hH5k6Xn1PZe4pKVAxX
aZZBnYdBI9n/9TCMoTT8VT1td3Bd3VvzzAZeICl3kUBY0X0TK2MbsnZMD2XvAUA0
iDMSim4MrchKGUFSW5j94zr2BA10psYf2XE1wmrTetYN20sfHyR9vyHZPyVsGCKD
icepg5Piwd3Mptwi4jSjduXZ6fMtjQurfm539NXffnqvB1jiekW971oLXGUBKAia
Sb2Lym9NvqXgcWtq08bTpF8HjtehUVyXF0L2/BosN+c+raSYZBdKj2s6ZEqh8cf7
SO33aRZ8IJ3wLLtrkCYl89l+9p+3OJ1jtSNTMqEV1knrVp7uwi+wJdWUcYX+aQj4
bgA+GblC3f7lKpFHbNwOPK0GSZ67HDHk7+O18+lhirq1Y0ZstH7tnuEc12vM72Z/
a2xX+crOF2V+vfJjsb7U4sH32uaPMpqooAtaE9nq/r9W8yAwyrlTzGDNWl1SDrKp
Pc6HHiMorE+/fupeOEBkN762bBLnwW4X0bmZk0rcCy/RgFuzUQhp3IJgwbA0Q5Fc
yO43YAQkCLrOK4QP5U8+23mCsVbEQdcA5ImQfYm0uNIqFfeWwzFP0Xa3So6O9lF7
dBA5XjsNBsGY6rKsuSXR
=hggF
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
Dspam-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/dspam-user
Reply | Threaded
Open this post in threaded view
|

Re: [Dspam-user] Configuring DSPAM as front-end MX relay with postfix

ML mail
Hi Tom,

I was assuming that this relay guide was a full howto, my bad.

Now as pointed out by yourself and Reindl I have added a transport table to my postfix configuration in order to relay the mails to the backend server. For that purpose I have added the following configuration to postfix:

transport_maps = hash:/etc/postfix/transport

The content of my transport file looks like this:

mydomain.com        smtp:mybackendserver.domain.tld


The problem here with this new configuration is that my postfix does not pass the mail to dspam anymore for scanning, so the mail simply goes through directly unscanned to the backend server. Am I missing something else?

Regards
ML



On Saturday, June 7, 2014 5:29 PM, Tom Hendrikx <[hidden email]> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Hi ML,

The 'relay' in that file relates to dspam operatoring as a relay between
the outside world and postfix. If postfix receives the messages after
they are scanned, you succeeded in following the doc.

The MX relay you want to setup (relaying from postfix to 'end mail
server') is unrelated to dspam, as the relaying functionality you want
is implemented completely in postfix, and has nothing to do with
dspam. Reindl pointed you to the docs for setting that up.

If you need more guidance for setting up a relay in postfix, search
for "postfix relay", or ask questions on the postfix-users mailing
list. Reindl already nudged you in the correct direction.

Tom

On 07-06-14 17:01, ML mail wrote:

> That's what I did. As stated in dspam relay.txt documentation
> (http://sourceforge.net/p/dspam/code/ci/master/tree/doc/relay.txt)
> I added the following virtual transport table:
>
> virtual_transport    = lmtp:unix:/tmp/dspam.sock
> virtual_mailbox_domains    = mydomain.org virtual_mailbox_maps
> = pgsql:/etc/postfix/vmailbox.cf
>
> Is there maybe any additional configuration parameters that I need
> to add into postfix? I re-read the whole relay.txt from dspam and
> I can't find anythig else.
>
> Best regards ML
>
>
>
>
> On Friday, June 6, 2014 11:51 PM, Reindl Harald
> <[hidden email]> wrote:
>
>
>
>
>
> Am 06.06.2014 18:37, schrieb ML mail:
>> I am trying to configure a server as MX relay with dspam just
>> for scanning spam and then forwarding the innocent mails to the
>> end mail server. For this I have followed the doc/relay.txt file.
>> I see it works and dspam treats the incoming mail but the problem
>> is that postfix is then trying to deliver the mail locally on the
>> MX relay server. So my question is: how do I make my postfix
>> deliver that mail to the right server? Or is it dspam who is
>> supposed to deliver the innocent mail to the end mail server?
>
> postfix -> transport tables
>
> the postfix working as gateway needs to know valid rcpts as well
> as domains he accepts and where he has to relay them, in the best
> case the destination servers are configured with mysql tables which
> could be re-used on the gateway
>
> ------------------------------------------------------------------------------
>
>
>
Learn Graph Databases - Download FREE O'Reilly Book

> "Graph Databases" is the definitive new guide to graph databases
> and their applications. Written by three acclaimed leaders in the
> field, this first edition is now available. Download your free book
> today! http://p.sf.net/sfu/NeoTech 
> _______________________________________________ Dspam-user mailing
> list [hidden email]
> https://lists.sourceforge.net/lists/listinfo/dspam-user
>
>
> ------------------------------------------------------------------------------
>
>
>
Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases
> and their applications. Written by three acclaimed leaders in the
> field, this first edition is now available. Download your free book
> today! http://p.sf.net/sfu/NeoTech 
> _______________________________________________ Dspam-user mailing
> list [hidden email]
> https://lists.sourceforge.net/lists/listinfo/dspam-user
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTky4lAAoJEJPfMZ19VO/1SwwP/RGNbbk2E7r96YVUhvFwzVCF
yLGWUJ+7zXaDcdcoG97Vo9SmcyS034v1+sZmDsROq2K/K0hH5k6Xn1PZe4pKVAxX
aZZBnYdBI9n/9TCMoTT8VT1td3Bd3VvzzAZeICl3kUBY0X0TK2MbsnZMD2XvAUA0
iDMSim4MrchKGUFSW5j94zr2BA10psYf2XE1wmrTetYN20sfHyR9vyHZPyVsGCKD
icepg5Piwd3Mptwi4jSjduXZ6fMtjQurfm539NXffnqvB1jiekW971oLXGUBKAia
Sb2Lym9NvqXgcWtq08bTpF8HjtehUVyXF0L2/BosN+c+raSYZBdKj2s6ZEqh8cf7
SO33aRZ8IJ3wLLtrkCYl89l+9p+3OJ1jtSNTMqEV1knrVp7uwi+wJdWUcYX+aQj4
bgA+GblC3f7lKpFHbNwOPK0GSZ67HDHk7+O18+lhirq1Y0ZstH7tnuEc12vM72Z/
a2xX+crOF2V+vfJjsb7U4sH32uaPMpqooAtaE9nq/r9W8yAwyrlTzGDNWl1SDrKp
Pc6HHiMorE+/fupeOEBkN762bBLnwW4X0bmZk0rcCy/RgFuzUQhp3IJgwbA0Q5Fc
yO43YAQkCLrOK4QP5U8+23mCsVbEQdcA5ImQfYm0uNIqFfeWwzFP0Xa3So6O9lF7
dBA5XjsNBsGY6rKsuSXR
=hggF
-----END PGP SIGNATURE-----




------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
Dspam-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/dspam-user


------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://www.hpccsystems.com
_______________________________________________
Dspam-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/dspam-user
Reply | Threaded
Open this post in threaded view
|

Re: [Dspam-user] Configuring DSPAM as front-end MX relay with postfix

Reindl Harald


Am 09.06.2014 09:50, schrieb ML mail:

> I was assuming that this relay guide was a full howto, my bad.
>
> Now as pointed out by yourself and Reindl I have added a transport table to my postfix
> configuration in order to relay the mails to the backend server. For that purpose I
> have added the following configuration to postfix:
>
> transport_maps = hash:/etc/postfix/transport
>
> The content of my transport file looks like this:
>
> mydomain.com        smtp:mybackendserver.domain.tld
>
>
> The problem here with this new configuration is that my postfix does not pass the mail
> to dspam anymore for scanning, so the mail simply goes through directly unscanned to
> the backend server. Am I missing something else?
i am currently not a dspam user but considering it in exactly such a setup
and would expect it to work a *pre-queue* filter which is the only correct
way of reject spam which normally means the transports after the spamfiler
because the filter belongs in smtpd_*_restricitions somehow

maybe the output of "postconf -n" could help to fugure out your setup

the reason why i plan such a setup is:

* dedicated MX as filter repalcing a Barracuda Networks appliance
* different target servers per domain solved with a transport table
* the final destinations are dbmail and so all infos already in mysql
* a simple script should maintain the local users table and transports

my planned order:

* postscreen / rbl scoring
* maybe greylisting
* clamav
* DNS whitelists to bypass contentfilter
* contentfilter (dspam, spamassassin...)
* transport table to deliver ham to final destiantion


------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://www.hpccsystems.com
_______________________________________________
Dspam-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/dspam-user

signature.asc (254 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Dspam-user] Configuring DSPAM as front-end MX relay with postfix

ML mail
In my understanding content filtering such as dspam should also happen before the transport table/map is being checked for relaying the mail to the backend mail server but then I must be missing a parameter again for that which is not explained in the doc/relay.txt of the dspam package. The documentation only mentions using virtual transport which I also have configured.

Below is the output of y postconf -n:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = allowed
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = mx.domain.tld, debian, localhost.localdomain, localhost
myhostname = debian
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
virtual_mailbox_domains = mydomain.com
virtual_mailbox_maps = pgsql:/etc/postfix/vmailbox.cf
virtual_transport = lmtp:unix:/run/dspam.sock




On Monday, June 9, 2014 10:17 AM, Reindl Harald <[hidden email]> wrote:





Am 09.06.2014 09:50, schrieb ML mail:

> I was assuming that this relay guide was a full howto, my bad.
>
> Now as pointed out by yourself and Reindl I have added a transport table to my postfix
> configuration in order to relay the mails to the backend server. For that purpose I
> have added the following configuration to postfix:
>
> transport_maps = hash:/etc/postfix/transport
>
> The content of my transport file looks like this:
>
> mydomain.com        smtp:mybackendserver.domain.tld
>
>
> The problem here with this new configuration is that my postfix does not pass the mail
> to dspam anymore for scanning, so the mail simply goes through directly unscanned to
> the backend server. Am I missing something else?

i am currently not a dspam user but considering it in exactly such a setup
and would expect it to work a *pre-queue* filter which is the only correct
way of reject spam which normally means the transports after the spamfiler
because the filter belongs in smtpd_*_restricitions somehow

maybe the output of "postconf -n" could help to fugure out your setup

the reason why i plan such a setup is:

* dedicated MX as filter repalcing a Barracuda Networks appliance
* different target servers per domain solved with a transport table
* the final destinations are dbmail and so all infos already in mysql
* a simple script should maintain the local users table and transports

my planned order:

* postscreen / rbl scoring
* maybe greylisting
* clamav
* DNS whitelists to bypass contentfilter
* contentfilter (dspam, spamassassin...)
* transport table to deliver ham to final destiantion

------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://www.hpccsystems.com

_______________________________________________
Dspam-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/dspam-user


------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://www.hpccsystems.com
_______________________________________________
Dspam-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/dspam-user
Reply | Threaded
Open this post in threaded view
|

Re: [Dspam-user] Configuring DSPAM as front-end MX relay with postfix

Reindl Harald

Am 09.06.2014 11:13, schrieb ML mail:
> In my understanding content filtering such as dspam should
> also happen before the transport table/map is being checked
> for relaying the mail to the backend mail server but then I must
> be missing a parameter again for that which is not explained in
> the doc/relay.txt of the dspam package. The documentation only
> mentions using virtual transport which I also have configured.

uhm - as said - i consider using dspam and only a heavy postfix
user but until now not for mail-filter-gateways with multiple
destination servers

at least "transport_maps" and "virtual_transport" combined
may not work as expected because whatever the first transport
is wins - in my understanding dspam needs to work inside of
smtpd_*_restrictions and any transport happens if a message
passes all filters and restricitions

however - *how* can dspam work as *pre-queue* filter in context
of lmtpd? does it receive the whole message, let the connection
open due scanning and if it is spam rejects it? pre-queue is
important to not get a backscatter

please consider asking that in detail on the postfix-uers list
because there are a lot of expierienced users, i am not at the
point testing this since i wait for CentOS7 and in general your
goal is very similar to my plans

> Below is the output of y postconf -n:
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> config_directory = /etc/postfix
> inet_interfaces = allowed
> mailbox_command = procmail -a "$EXTENSION"
> mailbox_size_limit = 0
> mydestination = mx.domain.tld, debian, localhost.localdomain, localhost
> myhostname = debian
> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
> myorigin = /etc/mailname
> readme_directory = no
> recipient_delimiter = +
> relayhost =
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
> smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
> smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> smtpd_use_tls = yes
> transport_maps = hash:/etc/postfix/transport
> virtual_mailbox_domains = mydomain.com
> virtual_mailbox_maps = pgsql:/etc/postfix/vmailbox.cf
> virtual_transport = lmtp:unix:/run/dspam.sock
>
> On Monday, June 9, 2014 10:17 AM, Reindl Harald <[hidden email]> wrote:
> Am 09.06.2014 09:50, schrieb ML mail:
>> I was assuming that this relay guide was a full howto, my bad.
>>
>> Now as pointed out by yourself and Reindl I have added a transport table to my postfix
>> configuration in order to relay the mails to the backend server. For that purpose I
>> have added the following configuration to postfix:
>>
>> transport_maps = hash:/etc/postfix/transport
>>
>> The content of my transport file looks like this:
>>
>> mydomain.com        smtp:mybackendserver.domain.tld
>>
>>
>> The problem here with this new configuration is that my postfix does not pass the mail
>> to dspam anymore for scanning, so the mail simply goes through directly unscanned to
>> the backend server. Am I missing something else?
>
> i am currently not a dspam user but considering it in exactly such a setup
> and would expect it to work a *pre-queue* filter which is the only correct
> way of reject spam which normally means the transports after the spamfiler
> because the filter belongs in smtpd_*_restricitions somehow
>
> maybe the output of "postconf -n" could help to fugure out your setup
>
> the reason why i plan such a setup is:
>
> * dedicated MX as filter repalcing a Barracuda Networks appliance
> * different target servers per domain solved with a transport table
> * the final destinations are dbmail and so all infos already in mysql
> * a simple script should maintain the local users table and transports
>
> my planned order:
>
> * postscreen / rbl scoring
> * maybe greylisting
> * clamav
> * DNS whitelists to bypass contentfilter
> * contentfilter (dspam, spamassassin...)
> * transport table to deliver ham to final destiantion

------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://www.hpccsystems.com
_______________________________________________
Dspam-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/dspam-user

signature.asc (254 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Dspam-user] Configuring DSPAM as front-end MX relay with postfix

ML mail
Thanks to your help, I think I have found where DSPAM should get called for my setup: in the postfix before-queue content filter. I found the following documentation on postfix which explains quite well how to set this up:

http://www.postfix.org/SMTPD_PROXY_README.html

they also state that it should work with any content filter as long as it speaks SMTP. What do you think? I have the feeling that's exactly what we need for our similar setup.



On Monday, June 9, 2014 11:38 AM, Reindl Harald <[hidden email]> wrote:

Am 09.06.2014 11:13, schrieb ML mail:
> In my understanding content filtering such as dspam should
> also happen before the transport table/map is being checked
> for relaying the mail to the backend mail server but then I must
> be missing a parameter again for that which is not explained in
> the doc/relay.txt of the dspam package. The documentation only
> mentions using virtual transport which I also have configured.

uhm - as said - i consider using dspam and only a heavy postfix
user but until now not for mail-filter-gateways with multiple
destination servers

at least "transport_maps" and "virtual_transport" combined
may not work as expected because whatever the first transport
is wins - in my understanding dspam needs to work inside of
smtpd_*_restrictions and any transport happens if a message
passes all filters and restricitions

however - *how* can dspam work as *pre-queue* filter in context
of lmtpd? does it receive the whole message, let the connection
open due scanning and if it is spam rejects it? pre-queue is
important to not get a backscatter

please consider asking that in detail on the postfix-uers list
because there are a lot of expierienced users, i am not at the
point testing this since i wait for CentOS7 and in general your
goal is very similar to my plans




> Below is the output of y postconf -n:
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> config_directory = /etc/postfix
> inet_interfaces = allowed
> mailbox_command = procmail -a "$EXTENSION"
> mailbox_size_limit = 0
> mydestination = mx.domain.tld, debian, localhost.localdomain, localhost
> myhostname = debian
> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
> myorigin = /etc/mailname
> readme_directory = no
> recipient_delimiter = +
> relayhost =
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
> smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
> smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> smtpd_use_tls = yes
> transport_maps = hash:/etc/postfix/transport
> virtual_mailbox_domains = mydomain.com
> virtual_mailbox_maps = pgsql:/etc/postfix/vmailbox.cf
> virtual_transport = lmtp:unix:/run/dspam.sock
>
> On Monday, June 9, 2014 10:17 AM, Reindl Harald <[hidden email]> wrote:
> Am 09.06.2014 09:50, schrieb ML mail:
>> I was assuming that this relay guide was a full howto, my bad.
>>
>> Now as pointed out by yourself and Reindl I have added a transport table to my postfix
>> configuration in order to relay the mails to the backend server. For that purpose I
>> have added the following configuration to postfix:
>>
>> transport_maps = hash:/etc/postfix/transport
>>
>> The content of my transport file looks like this:
>>
>> mydomain.com        smtp:mybackendserver.domain.tld
>>
>>
>> The problem here with this new configuration is that my postfix does not pass the mail
>> to dspam anymore for scanning, so the mail simply goes through directly unscanned to
>> the backend server. Am I missing something else?
>
> i am currently not a dspam user but considering it in exactly such a setup
> and would expect it to work a *pre-queue* filter which is the only correct
> way of reject spam which normally means the transports after the spamfiler
> because the filter belongs in smtpd_*_restricitions somehow
>
> maybe the output of "postconf -n" could help to fugure out your setup
>
> the reason why i plan such a setup is:
>
> * dedicated MX as filter repalcing a Barracuda Networks appliance
> * different target servers per domain solved with a transport table
> * the final destinations are dbmail and so all infos already in mysql
> * a simple script should maintain the local users table and transports
>
> my planned order:
>
> * postscreen / rbl scoring
> * maybe greylisting
> * clamav
> * DNS whitelists to bypass contentfilter
> * contentfilter (dspam, spamassassin...)
> * transport table to deliver ham to final destiantion


------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://www.hpccsystems.com

_______________________________________________
Dspam-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/dspam-user


------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://www.hpccsystems.com
_______________________________________________
Dspam-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/dspam-user
Reply | Threaded
Open this post in threaded view
|

Re: [Dspam-user] Configuring DSPAM as front-end MX relay with postfix

Reindl Harald

Am 09.06.2014 12:02, schrieb ML mail:
> Thanks to your help, I think I have found where DSPAM should get called for
> my setup: in the postfix before-queue content filter. I found the following
> documentation on postfix which explains quite well how to set this up:
>
> http://www.postfix.org/SMTPD_PROXY_README.html
>
> they also state that it should work with any content filter as long as it
> speaks SMTP. What do you think? I have the feeling that's exactly what we
> need for our similar setup.

sounds damned good, especially the "with any content filter"
because it makes the components flexible and if i am not
completly wrong you could even use more than one content
filter that way for whatever reason

please report back how it works, as said: i start my project
with the RHEL7/CentOS7 release because i won't back to the
outdated versions in CentOS6 using everywhere else Fedora

possible is it for sure, other spam filter solutions are
typically not implemented by god nor 1005 self written :-)

> On Monday, June 9, 2014 11:38 AM, Reindl Harald <[hidden email]> wrote:
>
> Am 09.06.2014 11:13, schrieb ML mail:
>> In my understanding content filtering such as dspam should
>> also happen before the transport table/map is being checked
>> for relaying the mail to the backend mail server but then I must
>> be missing a parameter again for that which is not explained in
>> the doc/relay.txt of the dspam package. The documentation only
>> mentions using virtual transport which I also have configured.
>
> uhm - as said - i consider using dspam and only a heavy postfix
> user but until now not for mail-filter-gateways with multiple
> destination servers
>
> at least "transport_maps" and "virtual_transport" combined
> may not work as expected because whatever the first transport
> is wins - in my understanding dspam needs to work inside of
> smtpd_*_restrictions and any transport happens if a message
> passes all filters and restricitions
>
> however - *how* can dspam work as *pre-queue* filter in context
> of lmtpd? does it receive the whole message, let the connection
> open due scanning and if it is spam rejects it? pre-queue is
> important to not get a backscatter
>
> please consider asking that in detail on the postfix-uers list
> because there are a lot of expierienced users, i am not at the
> point testing this since i wait for CentOS7 and in general your
> goal is very similar to my plans
>
>> Below is the output of y postconf -n:
>>
>> alias_database = hash:/etc/aliases
>> alias_maps = hash:/etc/aliases
>> append_dot_mydomain = no
>> biff = no
>> config_directory = /etc/postfix
>> inet_interfaces = allowed
>> mailbox_command = procmail -a "$EXTENSION"
>> mailbox_size_limit = 0
>> mydestination = mx.domain.tld, debian, localhost.localdomain, localhost
>> myhostname = debian
>> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
>> myorigin = /etc/mailname
>> readme_directory = no
>> recipient_delimiter = +
>> relayhost =
>> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
>> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
>> smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
>> smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
>> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
>> smtpd_use_tls = yes
>> transport_maps = hash:/etc/postfix/transport
>> virtual_mailbox_domains = mydomain.com
>> virtual_mailbox_maps = pgsql:/etc/postfix/vmailbox.cf
>> virtual_transport = lmtp:unix:/run/dspam.sock
>>
>> On Monday, June 9, 2014 10:17 AM, Reindl Harald <[hidden email]> wrote:
>> Am 09.06.2014 09:50, schrieb ML mail:
>>> I was assuming that this relay guide was a full howto, my bad.
>>>
>>> Now as pointed out by yourself and Reindl I have added a transport table to my postfix
>>> configuration in order to relay the mails to the backend server. For that purpose I
>>> have added the following configuration to postfix:
>>>
>>> transport_maps = hash:/etc/postfix/transport
>>>
>>> The content of my transport file looks like this:
>>>
>>> mydomain.com        smtp:mybackendserver.domain.tld
>>>
>>>
>>> The problem here with this new configuration is that my postfix does not pass the mail
>>> to dspam anymore for scanning, so the mail simply goes through directly unscanned to
>>> the backend server. Am I missing something else?
>>
>> i am currently not a dspam user but considering it in exactly such a setup
>> and would expect it to work a *pre-queue* filter which is the only correct
>> way of reject spam which normally means the transports after the spamfiler
>> because the filter belongs in smtpd_*_restricitions somehow
>>
>> maybe the output of "postconf -n" could help to fugure out your setup
>>
>> the reason why i plan such a setup is:
>>
>> * dedicated MX as filter repalcing a Barracuda Networks appliance
>> * different target servers per domain solved with a transport table
>> * the final destinations are dbmail and so all infos already in mysql
>> * a simple script should maintain the local users table and transports
>>
>> my planned order:
>>
>> * postscreen / rbl scoring
>> * maybe greylisting
>> * clamav
>> * DNS whitelists to bypass contentfilter
>> * contentfilter (dspam, spamassassin...)
>> * transport table to deliver ham to final destiantion

------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://www.hpccsystems.com
_______________________________________________
Dspam-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/dspam-user

signature.asc (254 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Dspam-user] Configuring DSPAM as front-end MX relay with postfix

ML mail
Bad news here, I just tried integrating dspam in postfix's before queue filtering and it only accepts the SMTP protocol whereas dspam server/daemon uses only the LMTP protocol:

postfix/smtpd[4131]: warning: proxy unix:/run/dspam.sock rejected "EHLO debian": "503 5.0.0 Need LHLO here."

Maybe Tom or someone else of dspam can help here?




On Monday, June 9, 2014 12:26 PM, Reindl Harald <[hidden email]> wrote:

Am 09.06.2014 12:02, schrieb ML mail:
> Thanks to your help, I think I have found where DSPAM should get called for
> my setup: in the postfix before-queue content filter. I found the following
> documentation on postfix which explains quite well how to set this up:
>
> http://www.postfix.org/SMTPD_PROXY_README.html
>
> they also state that it should work with any content filter as long as it
> speaks SMTP. What do you think? I have the feeling that's exactly what we
> need for our similar setup.

sounds damned good, especially the "with any content filter"
because it makes the components flexible and if i am not
completly wrong you could even use more than one content
filter that way for whatever reason

please report back how it works, as said: i start my project
with the RHEL7/CentOS7 release because i won't back to the
outdated versions in CentOS6 using everywhere else Fedora

possible is it for sure, other spam filter solutions are
typically not implemented by god nor 1005 self written :-)




> On Monday, June 9, 2014 11:38 AM, Reindl Harald <[hidden email]> wrote:
>
> Am 09.06.2014 11:13, schrieb ML mail:
>> In my understanding content filtering such as dspam should
>> also happen before the transport table/map is being checked
>> for relaying the mail to the backend mail server but then I must
>> be missing a parameter again for that which is not explained in
>> the doc/relay.txt of the dspam package. The documentation only
>> mentions using virtual transport which I also have configured.
>
> uhm - as said - i consider using dspam and only a heavy postfix
> user but until now not for mail-filter-gateways with multiple
> destination servers
>
> at least "transport_maps" and "virtual_transport" combined
> may not work as expected because whatever the first transport
> is wins - in my understanding dspam needs to work inside of
> smtpd_*_restrictions and any transport happens if a message
> passes all filters and restricitions
>
> however - *how* can dspam work as *pre-queue* filter in context
> of lmtpd? does it receive the whole message, let the connection
> open due scanning and if it is spam rejects it? pre-queue is
> important to not get a backscatter
>
> please consider asking that in detail on the postfix-uers list
> because there are a lot of expierienced users, i am not at the
> point testing this since i wait for CentOS7 and in general your
> goal is very similar to my plans
>
>> Below is the output of y postconf -n:
>>
>> alias_database = hash:/etc/aliases
>> alias_maps = hash:/etc/aliases
>> append_dot_mydomain = no
>> biff = no
>> config_directory = /etc/postfix
>> inet_interfaces = allowed
>> mailbox_command = procmail -a "$EXTENSION"
>> mailbox_size_limit = 0
>> mydestination = mx.domain.tld, debian, localhost.localdomain, localhost
>> myhostname = debian
>> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
>> myorigin = /etc/mailname
>> readme_directory = no
>> recipient_delimiter = +
>> relayhost =
>> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
>> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
>> smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
>> smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
>> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
>> smtpd_use_tls = yes
>> transport_maps = hash:/etc/postfix/transport
>> virtual_mailbox_domains = mydomain.com
>> virtual_mailbox_maps = pgsql:/etc/postfix/vmailbox.cf
>> virtual_transport = lmtp:unix:/run/dspam.sock
>>
>> On Monday, June 9, 2014 10:17 AM, Reindl Harald <[hidden email]> wrote:
>> Am 09.06.2014 09:50, schrieb ML mail:
>>> I was assuming that this relay guide was a full howto, my bad.
>>>
>>> Now as pointed out by yourself and Reindl I have added a transport table to my postfix
>>> configuration in order to relay the mails to the backend server. For that purpose I
>>> have added the following configuration to postfix:
>>>
>>> transport_maps = hash:/etc/postfix/transport
>>>
>>> The content of my transport file looks like this:
>>>
>>> mydomain.com        smtp:mybackendserver.domain.tld
>>>
>>>
>>> The problem here with this new configuration is that my postfix does not pass the mail
>>> to dspam anymore for scanning, so the mail simply goes through directly unscanned to
>>> the backend server. Am I missing something else?
>>
>> i am currently not a dspam user but considering it in exactly such a setup
>> and would expect it to work a *pre-queue* filter which is the only correct
>> way of reject spam which normally means the transports after the spamfiler
>> because the filter belongs in smtpd_*_restricitions somehow
>>
>> maybe the output of "postconf -n" could help to fugure out your setup
>>
>> the reason why i plan such a setup is:
>>
>> * dedicated MX as filter repalcing a Barracuda Networks appliance
>> * different target servers per domain solved with a transport table
>> * the final destinations are dbmail and so all infos already in mysql
>> * a simple script should maintain the local users table and transports
>>
>> my planned order:
>>
>> * postscreen / rbl scoring
>> * maybe greylisting
>> * clamav
>> * DNS whitelists to bypass contentfilter
>> * contentfilter (dspam, spamassassin...)
>> * transport table to deliver ham to final destiantion


------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://www.hpccsystems.com

_______________________________________________
Dspam-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/dspam-user


------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://www.hpccsystems.com
_______________________________________________
Dspam-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/dspam-user
Reply | Threaded
Open this post in threaded view
|

Re: [Dspam-user] Configuring DSPAM as front-end MX relay with postfix

Tom Hendrikx

Hi,

I think the regular postfix integration docs should help you out:
http://sourceforge.net/p/dspam/code/ci/master/tree/doc/postfix.txt

This doesn't do before-queue like Reindl suggested though. While that's
better from an anti-spam perspective, dspam doesn't support that out of
the box. For true pre-queue filtering with dspam, you need additional
tooling, such as https://github.com/whyscream/dspam-milter (and
http://www.postfix.org/MILTER_README.html).

Regards,
        Tom

PS: I just noticed that the main README suggests that dspam can run as a
postfix smtpd proxy, but it points to the doc/relay.txt document that
clearly describes an alternative way to setup dspam as an after-queue
filter. Sorry about that :)


On 06/09/2014 01:13 PM, ML mail wrote:

> Bad news here, I just tried integrating dspam in postfix's before
> queue filtering and it only accepts the SMTP protocol whereas dspam
> server/daemon uses only the LMTP protocol:
>
> postfix/smtpd[4131]: warning: proxy unix:/run/dspam.sock rejected
> "EHLO debian": "503 5.0.0 Need LHLO here."
>
> Maybe Tom or someone else of dspam can help here?
>
>
>
>
> On Monday, June 9, 2014 12:26 PM, Reindl Harald
> <[hidden email]> wrote:
>
> Am 09.06.2014 12:02, schrieb ML mail:
>> Thanks to your help, I think I have found where DSPAM should get
>> called for my setup: in the postfix before-queue content filter. I
>> found the following documentation on postfix which explains quite
>> well how to set this up:
>>
>> http://www.postfix.org/SMTPD_PROXY_README.html
>>
>> they also state that it should work with any content filter as long
>> as it speaks SMTP. What do you think? I have the feeling that's
>> exactly what we need for our similar setup.
>
> sounds damned good, especially the "with any content filter" because
> it makes the components flexible and if i am not completly wrong you
> could even use more than one content filter that way for whatever
> reason
>
> please report back how it works, as said: i start my project with the
> RHEL7/CentOS7 release because i won't back to the outdated versions
> in CentOS6 using everywhere else Fedora
>
> possible is it for sure, other spam filter solutions are typically
> not implemented by god nor 1005 self written :-)
>
>
>
>
>> On Monday, June 9, 2014 11:38 AM, Reindl Harald
>> <[hidden email]> wrote:
>>
>> Am 09.06.2014 11:13, schrieb ML mail:
>>> In my understanding content filtering such as dspam should also
>>> happen before the transport table/map is being checked for
>>> relaying the mail to the backend mail server but then I must be
>>> missing a parameter again for that which is not explained in the
>>> doc/relay.txt of the dspam package. The documentation only
>>> mentions using virtual transport which I also have configured.
>>
>> uhm - as said - i consider using dspam and only a heavy postfix
>> user but until now not for mail-filter-gateways with multiple
>> destination servers
>>
>> at least "transport_maps" and "virtual_transport" combined may not
>> work as expected because whatever the first transport is wins - in
>> my understanding dspam needs to work inside of smtpd_*_restrictions
>> and any transport happens if a message passes all filters and
>> restricitions
>>
>> however - *how* can dspam work as *pre-queue* filter in context of
>> lmtpd? does it receive the whole message, let the connection open
>> due scanning and if it is spam rejects it? pre-queue is important
>> to not get a backscatter
>>
>> please consider asking that in detail on the postfix-uers list
>> because there are a lot of expierienced users, i am not at the
>> point testing this since i wait for CentOS7 and in general your
>> goal is very similar to my plans
>>
>>> Below is the output of y postconf -n:
>>>
>>> alias_database = hash:/etc/aliases alias_maps =
>>> hash:/etc/aliases append_dot_mydomain = no biff = no
>>> config_directory = /etc/postfix inet_interfaces = allowed
>>> mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit =
>>> 0 mydestination = mx.domain.tld, debian, localhost.localdomain,
>>> localhost myhostname = debian mynetworks = 127.0.0.0/8
>>> [::ffff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname
>>> readme_directory = no recipient_delimiter = + relayhost =
>>> smtp_tls_session_cache_database =
>>> btree:${data_directory}/smtp_scache smtpd_banner = $myhostname
>>> ESMTP $mail_name (Debian/GNU) smtpd_tls_cert_file =
>>> /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file =
>>> /etc/ssl/private/ssl-cert-snakeoil.key
>>> smtpd_tls_session_cache_database =
>>> btree:${data_directory}/smtpd_scache smtpd_use_tls = yes
>>> transport_maps = hash:/etc/postfix/transport
>>> virtual_mailbox_domains = mydomain.com virtual_mailbox_maps =
>>> pgsql:/etc/postfix/vmailbox.cf virtual_transport =
>>> lmtp:unix:/run/dspam.sock
>>>
>>> On Monday, June 9, 2014 10:17 AM, Reindl Harald
>>> <[hidden email]> wrote: Am 09.06.2014 09:50, schrieb ML
>>> mail:
>>>> I was assuming that this relay guide was a full howto, my bad.
>>>>
>>>> Now as pointed out by yourself and Reindl I have added a
>>>> transport table to my postfix configuration in order to relay
>>>> the mails to the backend server. For that purpose I have added
>>>> the following configuration to postfix:
>>>>
>>>> transport_maps = hash:/etc/postfix/transport
>>>>
>>>> The content of my transport file looks like this:
>>>>
>>>> mydomain.com        smtp:mybackendserver.domain.tld
>>>>
>>>>
>>>> The problem here with this new configuration is that my postfix
>>>> does not pass the mail to dspam anymore for scanning, so the
>>>> mail simply goes through directly unscanned to the backend
>>>> server. Am I missing something else?
>>>
>>> i am currently not a dspam user but considering it in exactly
>>> such a setup and would expect it to work a *pre-queue* filter
>>> which is the only correct way of reject spam which normally means
>>> the transports after the spamfiler because the filter belongs in
>>> smtpd_*_restricitions somehow
>>>
>>> maybe the output of "postconf -n" could help to fugure out your
>>> setup
>>>
>>> the reason why i plan such a setup is:
>>>
>>> * dedicated MX as filter repalcing a Barracuda Networks
>>> appliance * different target servers per domain solved with a
>>> transport table * the final destinations are dbmail and so all
>>> infos already in mysql * a simple script should maintain the
>>> local users table and transports
>>>
>>> my planned order:
>>>
>>> * postscreen / rbl scoring * maybe greylisting * clamav * DNS
>>> whitelists to bypass contentfilter * contentfilter (dspam,
>>> spamassassin...) * transport table to deliver ham to final
>>> destiantion
>
>
> ------------------------------------------------------------------------------
>
>
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions

> Find What Matters Most in Your Big Data with HPCC Systems Open
> Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph
> Analysis for Fast Processing & Easy Data Exploration
> http://www.hpccsystems.com
>
> _______________________________________________ Dspam-user mailing
> list [hidden email]
> https://lists.sourceforge.net/lists/listinfo/dspam-user
>
>
> ------------------------------------------------------------------------------
>
>
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
> Find What Matters Most in Your Big Data with HPCC Systems Open
> Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph
> Analysis for Fast Processing & Easy Data Exploration
> http://www.hpccsystems.com 
> _______________________________________________ Dspam-user mailing
> list [hidden email]
> https://lists.sourceforge.net/lists/listinfo/dspam-user
>



------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Dspam-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/dspam-user

signature.asc (902 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Dspam-user] Configuring DSPAM as front-end MX relay with postfix

Reindl Harald


Am 10.06.2014 23:55, schrieb Tom Hendrikx:
> I think the regular postfix integration docs should help you out:
> http://sourceforge.net/p/dspam/code/ci/master/tree/doc/postfix.txt
>
> This doesn't do before-queue like Reindl suggested though. While that's
> better from an anti-spam perspective, dspam doesn't support that out of
> the box. For true pre-queue filtering with dspam, you need additional
> tooling, such as https://github.com/whyscream/dspam-milter (and
> http://www.postfix.org/MILTER_README.html)

uhm never ever let any filter running after queue

that's not a matter of better - that's just a matter of doing
things completly wrong because you end as a backscatter and
get blocked by yourself because you reflect and amplify spam

tag messages only by subject is more or less  worthless


------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Dspam-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/dspam-user

signature.asc (254 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Dspam-user] Configuring DSPAM as front-end MX relay with postfix

Tom Hendrikx
On 06/11/2014 12:08 AM, Reindl Harald wrote:

>
>
> Am 10.06.2014 23:55, schrieb Tom Hendrikx:
>> I think the regular postfix integration docs should help you out:
>> http://sourceforge.net/p/dspam/code/ci/master/tree/doc/postfix.txt
>>
>> This doesn't do before-queue like Reindl suggested though. While that's
>> better from an anti-spam perspective, dspam doesn't support that out of
>> the box. For true pre-queue filtering with dspam, you need additional
>> tooling, such as https://github.com/whyscream/dspam-milter (and
>> http://www.postfix.org/MILTER_README.html)
>
> uhm never ever let any filter running after queue
>
> that's not a matter of better - that's just a matter of doing
> things completly wrong because you end as a backscatter and
> get blocked by yourself because you reflect and amplify spam
>
> tag messages only by subject is more or less  worthless
There are lots of things you can do with after-queue filtering that are
useful, and none of them require you to backscatter. Backscatter is a
completely different topic, and not related to dspam at all. Please
don't go off-topic.


------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Dspam-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/dspam-user

signature.asc (902 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Dspam-user] Configuring DSPAM as front-end MX relay with postfix

Reindl Harald


Am 11.06.2014 00:31, schrieb Tom Hendrikx:

> On 06/11/2014 12:08 AM, Reindl Harald wrote:
>>
>> Am 10.06.2014 23:55, schrieb Tom Hendrikx:
>>> I think the regular postfix integration docs should help you out:
>>> http://sourceforge.net/p/dspam/code/ci/master/tree/doc/postfix.txt
>>>
>>> This doesn't do before-queue like Reindl suggested though. While that's
>>> better from an anti-spam perspective, dspam doesn't support that out of
>>> the box. For true pre-queue filtering with dspam, you need additional
>>> tooling, such as https://github.com/whyscream/dspam-milter (and
>>> http://www.postfix.org/MILTER_README.html)
>>
>> uhm never ever let any filter running after queue
>>
>> that's not a matter of better - that's just a matter of doing
>> things completly wrong because you end as a backscatter and
>> get blocked by yourself because you reflect and amplify spam
>>
>> tag messages only by subject is more or less  worthless
>
> There are lots of things you can do with after-queue filtering that are
> useful, and none of them require you to backscatter. Backscatter is a
> completely different topic, and not related to dspam at all. Please
> don't go off-topic.
i just try to figure out if dspam can be part of my replacement for
a Barracuda Networks applicance and if it works after queue it
can't

* you must not drop messages after accept them by law
* move them around in folders don't help for POP3
* add some prefix to the subject is worthless

no - a spam message is detected at a moment you can REJECT it
our your are way too late with any spamfilter


------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Dspam-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/dspam-user

signature.asc (254 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Dspam-user] Configuring DSPAM as front-end MX relay with postfix

Tom Hendrikx
On 06/11/2014 12:48 AM, Reindl Harald wrote:

>
>
> Am 11.06.2014 00:31, schrieb Tom Hendrikx:
>> On 06/11/2014 12:08 AM, Reindl Harald wrote:
>>>
>>> Am 10.06.2014 23:55, schrieb Tom Hendrikx:
>>>> I think the regular postfix integration docs should help you out:
>>>> http://sourceforge.net/p/dspam/code/ci/master/tree/doc/postfix.txt
>>>>
>>>> This doesn't do before-queue like Reindl suggested though. While that's
>>>> better from an anti-spam perspective, dspam doesn't support that out of
>>>> the box. For true pre-queue filtering with dspam, you need additional
>>>> tooling, such as https://github.com/whyscream/dspam-milter (and
>>>> http://www.postfix.org/MILTER_README.html)
>>>
>>> uhm never ever let any filter running after queue
>>>
>>> that's not a matter of better - that's just a matter of doing
>>> things completly wrong because you end as a backscatter and
>>> get blocked by yourself because you reflect and amplify spam
>>>
>>> tag messages only by subject is more or less  worthless
>>
>> There are lots of things you can do with after-queue filtering that are
>> useful, and none of them require you to backscatter. Backscatter is a
>> completely different topic, and not related to dspam at all. Please
>> don't go off-topic.
>
> i just try to figure out if dspam can be part of my replacement for
> a Barracuda Networks applicance and if it works after queue it
> can't
>
Then start a thread with questions on how to do that, in stead of
semi-hijacking a thread by trying to push ideas upon other dspam users.
Thank you!

Tom



------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Dspam-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/dspam-user

signature.asc (902 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Dspam-user] Configuring DSPAM as front-end MX relay with postfix

Reindl Harald


Am 11.06.2014 08:38, schrieb Tom Hendrikx:

> On 06/11/2014 12:48 AM, Reindl Harald wrote:
>> Am 11.06.2014 00:31, schrieb Tom Hendrikx:
>>> On 06/11/2014 12:08 AM, Reindl Harald wrote:
>>>>
>>>> Am 10.06.2014 23:55, schrieb Tom Hendrikx:
>>>>> I think the regular postfix integration docs should help you out:
>>>>> http://sourceforge.net/p/dspam/code/ci/master/tree/doc/postfix.txt
>>>>>
>>>>> This doesn't do before-queue like Reindl suggested though. While that's
>>>>> better from an anti-spam perspective, dspam doesn't support that out of
>>>>> the box. For true pre-queue filtering with dspam, you need additional
>>>>> tooling, such as https://github.com/whyscream/dspam-milter (and
>>>>> http://www.postfix.org/MILTER_README.html)
>>>>
>>>> uhm never ever let any filter running after queue
>>>>
>>>> that's not a matter of better - that's just a matter of doing
>>>> things completly wrong because you end as a backscatter and
>>>> get blocked by yourself because you reflect and amplify spam
>>>>
>>>> tag messages only by subject is more or less  worthless
>>>
>>> There are lots of things you can do with after-queue filtering that are
>>> useful, and none of them require you to backscatter. Backscatter is a
>>> completely different topic, and not related to dspam at all. Please
>>> don't go off-topic.
>>
>> i just try to figure out if dspam can be part of my replacement for
>> a Barracuda Networks applicance and if it works after queue it
>> can't
>>
>
> Then start a thread with questions on how to do that, in stead of
> semi-hijacking a thread by trying to push ideas upon other dspam users.
> Thank you!
"DSPAM as front-end MX" is *exactly* the topic

* one MX doing spamfiltering and vriurs can for 10,, 200, 500 domains
* 1, 2, 3,.... final destination servers for the ham

that's what a Barracuda spamfirewall does and what is the subject
of this thread - the *how* is also part of that thread


------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Dspam-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/dspam-user

signature.asc (254 bytes) Download Attachment