Auto-deletion of SPAMs

[wdingus]

Well, I'm back Continuing a discussion from the old forum sort of... I've went from the PSA-supplied anti-spam stuff to qmail-scanner and now back. I'm just curious if anyone has any words of wisdom or pointers. Qmail-scanner bogged my server down too much because it scanned all emails for SPAMminess whether it was addressed to a valid account or not. I've disabled it and went back to the more-or-less stock PSA way of doing things. I have though replaced their .qmail files in all my users mail dirs with ones of my own:

.qmail:
| true
| /usr/local/psa/bin/psa-spamc -f -u user@domain.com -U /tmp/spamd_full.sock | procmail -p -m delete-high.rc

delete-high.rc:
:0
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*
/dev/null

:0
| /usr/bin/maildir ./Maildir/

My SPAM threshhold is set to 5 so anything from 5 to 8 gets to me tagged as SPAM and anything 9 or higher is silently dropped into the bit bucket and is gone...

My problem now though is kind of like it was with qmail-scanner, overloaded server. I have a bunch of spamassassin rules which are very intense but very good at catching difficult SPAMs. I could trim those down and it could keep up with the onslaught but lots more would get through. I want my cake and eat it too! I want the rules to be intense and very tight and to not bog the server down too much.

So, I was wondering. Previously I devised a way to watch the logs from qmail-scanner and iptables reject connections from heavy spammers. Does anyone have any suggestions of a means of doing the same thing with this setup? Perhaps from procmail if the SPAM score is >15 or something like that? I know how to do simple stuff with procmail and that's about it... It's very powerful though so I'm sure it could do it. Pull out the IP of the connecting SMTP server and pass it as a parameter to iptables. Any ideas? Thoughts on other ways to accomplish this? Post on a procmail forum?

Thanks!

PS. Scott... I helped a friend setup PSA 7.04 on a RedHat Enterprise 3 AS server the other day. I had to hardcode yum.conf to claim it was ES to get packages from you. WS=Workstation, AS=Application Server, ES=Enterprise Server. All the same thing but marketed differently with different support and with different extra packages included. You might want to symlink WS and AS to the ES directory.

[scott]

Technically my 3ES archive is really 3WB (White box linux) I think I even made a 3WB dir and symlinked 3ES to it in base/updates.

On the spam front, Im working on a new generation of stuff (this would be the 4th) that should make PG one project that runs on everything (including PSA). Heres the secret sauce, Im finally putting a bullet in qmail's head and using postfix. So Project Gamera will largely replace qmail as the primary MTA.

[Minotaur]

Qmail-scanner bogged my server down too much because it scanned all emails for SPAMminess whether it was addressed to a valid account or not.

I don't know if this will help at all, but according to the PSA website, one of the new things in PSA7.5 is this:

Plesk has pre-set Qmail to deny accepting the message altogether if the user does not exist on the server.

Looking at a qmail install on a server I recently upgraded to 7.5, it looks like they're doing this using smtp plugins. A bit more googling leads us to the Qmail-SPP page, which seems to be a rather tidy plugin architecture for qmail. Since this modifies qmail-smtpd (which runs before qmail-queue, and hence before qmail-scanner), this may well solve the problem of qmail-scanner scanning stuff without determining if the recipient is valid.

On a semi-related note, it looks like this might be a good way of implementing any other mail functionality missing from PSA's default qmail install without having to recompile bits of the MTA itself, sometimes causing issues when updating PSA. For example, might it be worth trying to run qmail-scanner as a plugin rather than from a modified qmail-queue?

Looking at the documentation, it seems one can use it to set/unset environment variables, so it might be a solution to one of the questions posed on the old forum about preventing SpamAssassin running on mail from local users: simply define the $RELAYCLIENT environment variable on smtp connections that have been AUTH'd.

[scott]

My plan for the next generation of Project Gamera is to run it via postfix, with the ultimate goal of running postfix as the mail pre-processor and in the case of a PSA environment handing it off to qmail. In essence, qmail would purely be an internal mail delivery system, never speaking to the outside world. Lots of reasons for doing this, least of which is Im maintaing two separate anti-spam systems, as well as an MTA, largely due to the difficulty of modifying qmail in a PSA environment. This next generation will be one single project, with a minor compatibility rpm for PSA support. Testing so far has also shown a performance increase of about 50% over project gamera, or probably 3x a standard PSA setup.

Plus some other goodies like quarantining mail straight into mysql, and storing all the configuration information directly into a database.

[Minotaur]

I confess to having never actually used Postfix, but most of the research I've read around the net seems to indicate it's significantly faster than any of the other "big 4" (sendmail, qmail, exim).

Best go buy myself a book about Postfix then