Mailing List Archive

Mike Bostock via users skrev den 2024-01-14 23:22:
> I currently have users set up with spamc called in .procmailrc

virtual users is hard to support then

> However, I have quite a few aliases/redirects in sendmail virtusertable
> who are not being protected by Spamassassin.

good, move all system users over to be virtual then, not a mix of system
and virtual

> Would I be better using the milter?

yes, so all users is same route

> What are the pros and cons?

this depens on lda, sieve, procmail, or mix of that, i prefer dovecot
sieve, so its for me lmtp, same route for system users, and virtual

> How do I redirect spam to a mailbox if I use the milter?

create a sieve rule in roundcube

but keep it local, not remote mailbox

Hi

> What are the pros and cons?

In my opinion, an email should either be received by a MTA and
delivered to the recipient, or rejected during the SMTP phase.

This eliminates:

* Emails 'disappearing' (false positives as example)
* Sending late bounces to fake sender when rejected by the LDA

So this leaves only one option: Filter on the MTA Milter, never on the
LDA.

Mit freundlichen Grüssen

-Benoît Panizzon-
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________

Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________

On 14.01.24 22:22, Mike Bostock via users wrote:
>I currently have users set up with spamc called in .procmailrc
>
>However, I have quite a few aliases/redirects in sendmail virtusertable
>who are not being protected by Spamassassin.

spamass-milter has setting for default user (-U username) that is used when
the destination mailbox does not exist.

(to be precise, local user with same name as LHS of e-mail address, e.g. if
any of your virtusers has address daemon@[example.com], local user "daemon"
may be used).

>Would I be better using the milter?

Yes, you can reject mail this way so you don't have deal with it not with
the bounce.

>What are the pros and cons?

The only con is that milter can't apply multiple SA settings when single
mail has multiple destination users - it only has to use single setting for
them. spamass-milter has option "

>How do I redirect spam to a mailbox if I use the milter?

spamass-miter supports "-b spamaddress" option to redirect spam.
I prefer "-r nn" option that rejects mail if it scores over "nn" SA points.
I use reject score 8 on tuned systems, 10 on non-tuned.

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's nothing. If you play it forward it will install Windows."

Hi

> The only con is that milter can't apply multiple SA settings when single
> mail has multiple destination users - it only has to use single setting for
> them.

We found a way around this, we use MIMEDefang as Milter and have
built database lookups in the config.

Usually, per user SA settings are:

* Score Level on which an email is considered spam
* Action to perform on email considered spam

In the RCPT TO Milter Phase (check_recipient routine of MIMEDefang)

We load those two values, for the first recipient.

Then on each subsequent recipient we compare:

=> Values identical to first recipient: Accept recipient.
=> Values different: REJECT Recipient with error 452

What happens is a bit depending on the sending MTA. Some try every
recipient, some stop after the first rejected recipient.

452 is used to tell the sender 'too many recipients' which causes the
sending MTA to send the email to the recipients that were accepted and
re-open a new connection to send the same email to the remaining
recipients.

This may cause some delays in email delivery if an email is sent to may
recipients but else works flawlessly.

Mit freundlichen Grüssen

-Benoît Panizzon-
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________

Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________

In your message regarding Re: milter vs spamc dated 15/01/2024, Benoit
Panizzon said ...

> Hi

> > What are the pros and cons?

> In my opinion, an email should either be received by a MTA and
> delivered to the recipient, or rejected during the SMTP phase.

Thanks everyone for the good advice. spamass-milter it is then!


--
Mike

In your message regarding Re: milter vs spamc dated 15/01/2024, Mike
Bostock said ...

> In your message regarding Re: milter vs spamc dated 15/01/2024, Benoit
> Panizzon said ...

> > Hi

> > > What are the pros and cons?

> > In my opinion, an email should either be received by a MTA and
> > delivered to the recipient, or rejected during the SMTP phase.

> Thanks everyone for the good advice. spamass-milter it is then!

Except it appears to be broken with Sendmail ........

Keeps complaining that "spamass-milter[1905195]: Could not retrieve
sendmail macro "auth_type"!. Please add it to confMILTER_MACROS_ENVRCPT
for better spamassassin results"

and {auth_type} doesn't belong in MACROS_ENVRCP and even when it is in
define(`confMILTER_MACROS_ENVFROM',`{auth_authen}, {auth_type}')dnl as
well as MACROS_ENVRCP it *still* complains

--
Mike