store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Thu Aug 22, 2019 1:38 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: FuGlu Mail Content Scanner - looks impressive
Unread postPosted: Tue May 03, 2016 1:20 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2321
I just came across FuGlu - a Python-based mail content scanner for Postfix, with ClamAV and Spamassassin support.

https://github.com/gryphius/fuglu

From reading the documentation, the highlights for me are:

1) It *appears* to be capable of *rejecting* spam/viruses while the remote server is connected, something that amavisd et al don't seem to be able to do. This is very important to reduce/eliminate backscatter.
2) It appears to have per user/per domain configuration capabilities, from file or database.
3) It uses clamd and spamd (does not call SA per message like amavisd)
4) It is in current development
5) It does not appear to be overly complicated
6) Easy MRTG support
7) Comprehensive logging

So, at first glance, this thing appears to be extremely impressive.

However, the mailing list seems surprisingly quiet, and I had not even seen a hint of this thing until today, so I don't think it is particularly popular up until now.

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
Reply with quote  
 Post subject: Re: FuGlu Mail Content Scanner - looks impressive
Unread postPosted: Sun Jul 24, 2016 11:58 pm 
Offline
New Forum User
New Forum User

Joined: Sun Jul 24, 2016 11:14 pm
Posts: 2
Location: Switzerland
Hi
fuglu's main developer here - Thanks for looking into fuglu!

Quote:
1) It *appears* to be capable of *rejecting* spam/viruses while the remote server is connected, something that amavisd et al don't seem to be able to do. This is very important to reduce/eliminate backscatter.

Yes, this is possible by running fuglu in pre-queue mode.

Quote:
2) It appears to have per user/per domain configuration capabilities, from file or database.

fuglu's attachment analyzer and the SA plugin have built-in per domain/per user options. More complex setups sometimes require a few extra lines of custom python code to change the behaviour of other plugins as well, but I try to make this as simple as possible with fuglu's plugin architecture.

Quote:
3) It uses clamd and spamd (does not call SA per message like amavisd)

correct

Quote:
4) It is in current development

sometimes more, sometimes less. I always try to fix bugs immediately. But currently there's not much going on in terms of new features

Quote:
5) It does not appear to be overly complicated

This is one of fuglu's main goals. Have a very simple core ("get message from postfix, send it back to postfix") but with a flexible plugin architecture.

Quote:
6) Easy MRTG support

Nowadays I focus more on carbon, but the mrtg writer is still there, yes.

Quote:
However, the mailing list seems surprisingly quiet

people tend to contact me directly by mail or via github issues. Mailing lists don't seem to be en vogue anymore. Recently there has been some traffic on the ML tho.

Quote:
I don't think it is particularly popular up until now.

Fuglu is nowhere as popular as Amavis, but I know of a few larger installations running it. The mention on postfix.org's addon software site and the inclusion in the mailcow appliance gave it some publicity.

If you have any questions about fuglu, don't hesitate to contact me!

Cheers
Oli


Top
 Profile  
Reply with quote  
 Post subject: Re: FuGlu Mail Content Scanner - looks impressive
Unread postPosted: Thu Jul 28, 2016 6:53 am 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2321
Thanks Oli!

That all sounds great. But can I ask you about pre-queue mode please?

If I remember correctly from what I read in the FuGlu docs, pre-queue is not a common configuration.

I think I can understand why - if it takes 60 seconds for SA to process an email (which can happen), a connection to the MTA is tied up for that amount of time too.

What do YOU do? How do you handle the balance between the potential for backscatter and the potential for legitimate email vanishing due to SA false positives?

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
Reply with quote  
 Post subject: Re: FuGlu Mail Content Scanner - looks impressive
Unread postPosted: Sun Aug 28, 2016 5:49 am 
Offline
New Forum User
New Forum User

Joined: Sun Jul 24, 2016 11:14 pm
Posts: 2
Location: Switzerland
(sorry for the late reply, I didn't have thread notifications set up)

Personally I use pre-queue mode whenever I can, but this is mostly friends&family mail servers with a couple of domains. Rejecting everything that I don't like prevents backscattering and ind case of a FP from SA the sender gets notified right away instead of the message vanishing in a quarantine no one ever checks. There is some amount of tuning you can do to reduce the chance of SA hogging your connection for too long, for example limiting the scanning to small messages only and reject potentially dangerous attachment types before doing AV scans.

However, this only scales to a certain amount of mail traffic. Large ISPs have to make sure the SMTP sessions are kept short, after-queue makes more sense there. The ISP I worked for focused on minimising backscatter and SA/AV FPs to a negligible amount with fine tuned custom rules. But you're right, in after-queue setups it is almost impossible to achieve a 0% FP rate.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group