<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=us-ascii" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 11.00.10570.1001"></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=396550315-14082018><FONT color=#0000ff
size=2 face=Arial>Good luck Shawn, </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=396550315-14082018><FONT color=#0000ff
size=2 face=Arial></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=396550315-14082018></SPAN><SPAN
class=396550315-14082018><FONT color=#0000ff size=2 face=Arial>Best of luck and
keep us posted :-) </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=396550315-14082018><FONT color=#0000ff
size=2 face=Arial></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=396550315-14082018><FONT color=#0000ff
size=2 face=Arial>Greetz, </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=396550315-14082018><FONT color=#0000ff
size=2 face=Arial></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=396550315-14082018><FONT color=#0000ff
size=2 face=Arial>Louis</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=396550315-14082018><FONT color=#0000ff
size=2 face=Arial></FONT></SPAN> </DIV><BR>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px"
dir=ltr>
<DIV lang=nl class=OutlookMessageHeader dir=ltr align=left>
<HR tabIndex=-1>
<FONT size=2 face=Tahoma><B>Van:</B> MailScanner
[mailto:mailscanner-bounces+belle=bazuin.nl@lists.mailscanner.info] <B>Namens
</B>Shawn Iverson<BR><B>Verzonden:</B> dinsdag 14 augustus 2018
16:57<BR><B>Aan:</B> mailscanner@lists.mailscanner.info<BR><B>Onderwerp:</B>
Re: Mailscanner milter to reject high score spam at MTA
level<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV dir=ltr>Dear MailScanner users:
<DIV><BR></DIV>
<DIV>I am officially working on creating a lightweight milter for
MailScanner. </DIV>
<DIV><BR></DIV>
<DIV>This milter will not provide MTA protocol rejection for postfix, due to
the severe performance penalty it would cause. All mail will be
intercepted, accepted, and silently dropped from the postfix queue and placed
in a MailScanner queue.<BR></DIV>
<DIV><BR></DIV>
<DIV>I have a working prototype, and it is processing mail! It is in
need of heavy refactoring and some bug squashing.</DIV>
<DIV><BR></DIV>
<DIV>Currently it attempts to create a postfix formatted queue file (very
ugly, who thought up this file format???!!!). I may instead create a new
Milter Processor for MailScanner that reduces the overhead of doing this and
can read the incoming email in a simple line-by-line format. This may
also increase performance overall and reduce all the conversions
happening.</DIV>
<DIV><BR></DIV>
<DIV>The other side of the coin is what to do when MailScanner is done
processing mail. Currently, it generates a postfix queue file and drops
it into postfix incoming directory. It should not do this but instead
drop the message into postfix using native postfix tools. That will be
the next part I tackle as part of the Milter Processor.</DIV>
<DIV><BR></DIV>
<DIV>Why am I doing this? I want to place MailScanner back in a good
standing with Postfix folks (at least when the milter + postfix method is in
use). </DIV>
<DIV><BR></DIV>
<DIV>I have no plans of removing the old method but rather provide a more
supported path for postfix users.</DIV>
<DIV><BR></DIV>
<DIV>Wish me luck. I could be heard across the neighborhood when
MailScanner processed an email from the Milter for the first time! :D</DIV>
<DIV><BR></DIV>
<DIV><BR></DIV>
<DIV><BR></DIV></DIV><BR>
<DIV class=gmail_quote>
<DIV dir=ltr>On Sat, Aug 11, 2018 at 9:58 AM David Jones <<A
href="mailto:djones@ena.com">djones@ena.com</A>> wrote:<BR></DIV>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex">On
08/11/2018 08:52 AM, Shawn Iverson wrote:<BR>> David,<BR>> <BR>> I
agree that this is true, and part of my lack of motivation to do it.
<BR>> One reason I wanted it as an option was to reconcile the ongoing
<BR>> conflict with the postfix community and return MailScanner to good
<BR>> standing to this community. Weitze has been very stern about
<BR>> MailScanner directly tapping the postfix queues.<BR>> <BR>>
Perhaps an alternative option would be to create a fast MailScanner <BR>>
milter that behaves more like the HOLD queue. Basically just a milter
<BR>> that immediately fires back accept to postfix and places all the
<BR>> messages in a MailScanner HOLD queue as opposed to a postfix HOLD
<BR>> queue. Doing so would maintain speed, simplicity, and be more
compliant <BR>> with postfix. The code would also be very simple.<BR>>
<BR>> Then, as you say, if you need MTA level functionality for SA, use
other <BR>> software and methods.<BR>> <BR>> <BR><BR>This light MS
milter would make a lot of sense based on your goal to get <BR>compliant
with Postfix and back "in" with the Postfix community. +1<BR><BR>>
<BR>> On Sat, Aug 11, 2018 at 9:39 AM David Jones <<A
href="mailto:djones@ena.com" target=_blank>djones@ena.com</A> <BR>>
<mailto:<A href="mailto:djones@ena.com"
target=_blank>djones@ena.com</A>>> wrote:<BR>> <BR>>
On 08/11/2018 08:15 AM, Shawn Iverson wrote:<BR>>
> I have been planning for a MailScanner milter for quite
some<BR>> time. I<BR>>
> have been specifically studying rpamd's milter source for
this<BR>> purpose.<BR>> >
Alas, lack of time and lack of money are always an issue, and
I<BR>> put a<BR>> > lot of
hours in my day job. As Jerry would say, I like to eat<BR>>
and have<BR>> > a roof over my head
:D<BR>> ><BR>> > If I do
find the time to build a milter, performance will<BR>>
definitely be<BR>> > impacted. The
reason is that postfix will have to keep each session<BR>>
> open for the duration of scanning, and each MailScanner
child<BR>> would have<BR>> >
to issue a callback to postfix after scanning the spam so that<BR>>
postfix<BR>> > can responds to the
connection appropriately (i.e. reject or<BR>>
accept).<BR>> > This will slow down mail
processing considerably. If I do this,<BR>> I
am<BR>> > going to keep the HOLD queue around, so
you would have to choose<BR>> between<BR>>
> speed or MTA level rejection functionality.<BR>>
><BR>> ><BR>>
><BR>> <BR>> My gut tells me that this is
going to be so slow, that it's not<BR>> going
to<BR>> be worth the time to put into it. If you
want to reject at MTA time,<BR>> throw in amavis-new
or spamd (not rspamd) using the same SpamAsssassin<BR>>
rules and Bayes DB to get most of the same features as
MailScanner<BR>> during the SMTP conversation.
Then the mail that gets through can be<BR>> filtered
by MailScanner for it's extra features that make it unique.<BR>>
<BR>> I understand there are different local legal
requirements around the<BR>> world that if email is
accepted at MTA time then it has to be passed on<BR>>
to the end user's mailbox. If you are located in one of
these<BR>> countries, then this would be more of an
issue. But since I am in a<BR>> country that
doesn't have this legal requirement, I do block email<BR>>
post-MTA by MailScanner.<BR>> <BR>> The
majority of my spam is blocked at the MTA level already by
highly<BR>> tuned RBLs and postscreen's RBL weighting
which is very, very good.<BR>> Only a small percentage
of spam that is zero-hour or from compromised<BR>>
accounts makes it to MailScanner.<BR>> <BR>>
I highly recommend the Invaluement RBL. It's very accurate --
only<BR>> 1 or<BR>> 2 false
positives over 5+ the years. This RBL is very cost
effective<BR>> and has allowed me to disable all
Spamhaus RBL checks in SpamAssassin<BR>> saving
thousands of dollars a year. (We have too high a volume to
stay<BR>> under the free usage limits of Spamhaus so
we were having to pay for<BR>> the<BR>>
RBL feed.)<BR>> <BR>>
><BR>> ><BR>>
><BR>> > On Tue, Aug 7, 2018 at 10:52 AM David
Jones via MailScanner<BR>> > <<A
href="mailto:mailscanner@lists.mailscanner.info"
target=_blank>mailscanner@lists.mailscanner.info</A><BR>>
<mailto:<A href="mailto:mailscanner@lists.mailscanner.info"
target=_blank>mailscanner@lists.mailscanner.info</A>><BR>>
> <mailto:<A
href="mailto:mailscanner@lists.mailscanner.info"
target=_blank>mailscanner@lists.mailscanner.info</A><BR>>
<mailto:<A href="mailto:mailscanner@lists.mailscanner.info"
target=_blank>mailscanner@lists.mailscanner.info</A>>>>
wrote:<BR>> ><BR>>
> On 08/07/2018 05:03 AM, <A
href="mailto:info@schroeffu.ch"
target=_blank>info@schroeffu.ch</A><BR>> <mailto:<A
href="mailto:info@schroeffu.ch" target=_blank>info@schroeffu.ch</A>>
<mailto:<A href="mailto:info@schroeffu.ch"
target=_blank>info@schroeffu.ch</A><BR>> <mailto:<A
href="mailto:info@schroeffu.ch"
target=_blank>info@schroeffu.ch</A>>><BR>>
> wrote:<BR>> >
><BR>> > > Hi
Mailscanner friends,<BR>> >
><BR>> > > is there any
progress to make MailScanner usable as a<BR>> postfix
milter?<BR>> > > The most
biggest problem I have is, SPAM is not possible to<BR>>
> reject when<BR>>
> > reaching a high score at MTA level. For my
understanding,<BR>> connect<BR>>
> via<BR>> >
> milter instead of queue ^HOLD would be the
solution.<BR>> >
><BR>> > > For the next
decade we are still using MailScanner instead<BR>> of
others<BR>> > > like
Rspamd, because MailScanner is like a mail suite for mail<BR>>
> security,<BR>>
> > but if there will never be the possibility to
reject at<BR>> MTA level<BR>>
> the<BR>> >
> high score spam, we will also change in 1-3 years
while<BR>> replacing<BR>>
> the OS<BR>> >
> beyond.<BR>> >
><BR>> ><BR>> >
One of MailScanner's strongest features is it's batch
mode<BR>> processing<BR>>
> that will allow it to handle a very high volume of
mail<BR>> flow. I doubt<BR>>
> that MailScanner will ever be changed to run
as a milter for this<BR>> >
reason.<BR>> ><BR>>
> I tried rspamd and found it wasn't as good as the
author<BR>> claims so no<BR>>
> reason to try to use that as a milter. It also
wasn't as<BR>> fast as it<BR>>
> claims. I could not send high volumes of mail
through it<BR>> like I could<BR>>
> with MailScanner.<BR>>
><BR>> > If you want to
block high scoring spam at the MTA level, I<BR>>
suggest<BR>> >
using<BR>> > amavis or
spamd with the same SA rulesets as MailScanner. <BR>>
This will<BR>> >
get<BR>> > you most of
the power of MailScanner's blocking at the MTA.<BR>>
><BR>> > <A
href="https://wiki.apache.org/spamassassin/IntegratedInMta" rel=noreferrer
target=_blank>https://wiki.apache.org/spamassassin/IntegratedInMta</A><BR>>
><BR>> > If
you you use postscreen and postwhite at the Postfix MTA<BR>>
level, you<BR>> > can
block most of the obvious spam with a tuned list of<BR>>
RBLs. See the<BR>> >
SA users mailing list over the past year for details on
this<BR>> from me<BR>>
> and<BR>> >
a few others.<BR>> ><BR>>
> I suggest setting up a quick test VM with
iRedmail to get a good<BR>> >
example<BR>> > of how to
do TLS and amavis integration well with Postfix.<BR>>
><BR>> > --<BR>>
> David Jones<BR>>
><BR>> ><BR>>
> --<BR>> >
MailScanner mailing list<BR>> > <A
href="mailto:mailscanner@lists.mailscanner.info"
target=_blank>mailscanner@lists.mailscanner.info</A><BR>>
<mailto:<A href="mailto:mailscanner@lists.mailscanner.info"
target=_blank>mailscanner@lists.mailscanner.info</A>><BR>>
> <mailto:<A
href="mailto:mailscanner@lists.mailscanner.info"
target=_blank>mailscanner@lists.mailscanner.info</A><BR>>
<mailto:<A href="mailto:mailscanner@lists.mailscanner.info"
target=_blank>mailscanner@lists.mailscanner.info</A>>><BR>>
> <A
href="http://lists.mailscanner.info/mailman/listinfo/mailscanner"
rel=noreferrer
target=_blank>http://lists.mailscanner.info/mailman/listinfo/mailscanner</A><BR>>
><BR>> ><BR>>
><BR>> > --<BR>>
> Shawn Iverson, CETL<BR>> > Director of
Technology<BR>> > Rush County
Schools<BR>> > 765-932-3901 x1171<BR>>
> <A href="mailto:iversons@rushville.k12.in.us"
target=_blank>iversons@rushville.k12.in.us</A><BR>>
<mailto:<A href="mailto:iversons@rushville.k12.in.us"
target=_blank>iversons@rushville.k12.in.us</A>><BR>>
<mailto:<A href="mailto:iversons@rushville.k12.in.us"
target=_blank>iversons@rushville.k12.in.us</A><BR>>
<mailto:<A href="mailto:iversons@rushville.k12.in.us"
target=_blank>iversons@rushville.k12.in.us</A>>><BR>>
><BR>> ><BR>> <BR>>
-- <BR>> David Jones<BR>> <BR>> <BR>>
<BR>> -- <BR>> Shawn Iverson, CETL<BR>> Director of
Technology<BR>> Rush County Schools<BR>> 765-932-3901 x1171<BR>> <A
href="mailto:iversons@rushville.k12.in.us"
target=_blank>iversons@rushville.k12.in.us</A> <mailto:<A
href="mailto:iversons@rushville.k12.in.us"
target=_blank>iversons@rushville.k12.in.us</A>><BR>> <BR>>
<BR><BR><BR>-- <BR>David Jones<BR></BLOCKQUOTE></DIV><BR clear=all>
<DIV><BR></DIV>-- <BR>
<DIV class=gmail_signature dir=ltr data-smartmail="gmail_signature">
<DIV dir=ltr>
<DIV>
<DIV dir=ltr>
<DIV>
<DIV dir=ltr>
<DIV>
<DIV dir=ltr>
<DIV>
<DIV dir=ltr>
<DIV>
<DIV dir=ltr>
<DIV>
<DIV dir=ltr>
<DIV dir=ltr>
<DIV dir=ltr>Shawn Iverson, CETL
<DIV>Director of Technology</DIV>
<DIV>Rush County Schools</DIV>
<DIV>765-932-3901 x1171</DIV>
<DIV><A href="mailto:iversons@rushville.k12.in.us"
target=_blank>iversons@rushville.k12.in.us</A></DIV>
<DIV><BR></DIV>
<DIV><IMG style="FONT-SIZE: 12px"
src="https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_cy1OZFNIZ0drYVU&revid=0Bw5iD0ToYvs_UitIcHVIWkJVVTl2VGpxVUE0d0FQcHBIRXk4PQ"
width=96 height=96 NOSEND="1"><IMG
src="https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_Zkh4eEs3R01yWXc&revid=0Bw5iD0ToYvs_QWpBK2Y2ajJtYjhOMDRFekZwK2xOamk5Q3Y0PQ"
width=89 height=96 NOSEND="1"></DIV>
<DIV><IMG style="FONT-SIZE: 12px"
src="https://docs.google.com/uc?export=download&id=1aBrlQou4gjB04FY-twHN_0Dn3GHVNxqa&revid=0Bw5iD0ToYvs_RnQ0eDhHcm95WHBFdkNRbXhQRXpoYkR6SEEwPQ"
NOSEND="1"><BR></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></BLOCKQUOTE></BODY></HTML>