mailscanner behind a smtpd frontend
Alex Neuman van der Hans
alex at nkpanama.com
Mon Feb 13 18:56:59 GMT 2006
In any case you can check:
... from /etc/mail/spamassassin/mailscanner.cf for a clue. You could
write a few lines that include your particular headers and have SA
ignore them. I don't know if bayes_ignore_header takes regexps, but you
could look at the docs for SA and see for yourself.
Philipp Snizek wrote:
>> True... More and more I find such dumbed down red boxes, doing for $10k
>> what can be done for a couple of dozen dollars of commodity (or even
>> used) hardware. Even so, the red boxes will occasionally hiccup - or
>> completely die on you, requiring tedious reloading of software and
>> rules. The sysadmins can't work up the nerve to come up to the PHB and
>> tell him that red box his golf buddies told him about is just an
>> overpriced and overmarketed piece of ... equipment that provides a
>> function that could have been demonstrably better performed at a lower cost.
>> That's one of my pet peeves. The other one that comes up a lot is the
>> fact that most of those same sysadmins will buy these "transparent
>> proxy" boxes that come with one or more forms of "antivirus", for
>> e-mail/web/etc. - instead of a properly configured box with MailScanner
>> + squid + clamav + squidclamav + etc.. These are the same sysadmins that
>> call you for help 6 months later when their entire network became a
>> botnet after becoming infected with spyware (AV vendor says "it's not a
>> virus, so why do I care"), or when they find they can't send email out
>> because they've wound up on an RBL because their network is an unwitting
>> spam source, or to find where and how the keylogger got installed on the
>> PHB's machine, or to see if there's anything we can do to get his
>> ebay/bank/email password back after someone stole it because they
>> trusted an overpriced "commercial" offering they'd heard of instead of a
>> system of tools that are known to work better, faster and more efficiently.
>> I think I'd better go back to work; I haven't even had my first cup of
>> coffee and I'm already ranting... can't imagine what I'll be like around
>> noon after my 4th... ;)
> I of course agree with both of you. A firewall is a firewall .... a.s.o.
> => no services on it.
> But thats not the question.
> The question is that I have got an smtpd before a smtpd+sa+ms+av. Of
> course the smtpd is protected by a transparent L3/4 paketfilter.
> Generally, I can't break this setup. Still I'm looking for a solution
> whether mails a) could be sent transparently through the smtpd to the
> antispam gw (transparently = leaves no trace in the email's header), b)
> SA can be told that it should ignore the smtpd's received:from header,
> c) MailScanner can cut the particular received:from header before mails
> get injected into SA or d) ...your idea...
> Many people use a smtp proxy to protect their SA box. I want to make
> sure that the SA box doesn't learn that the smtp proxy sometimes sends
> crap. That's why the received:from header must be ignored, cut,
> Thanks so far for your answers
Alex Neuman van der Hans
N&K Technology Consultants
Tel. +507 214-9002 - http://nkpanama.com/
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the MailScanner