FuGlu Mail Content Scanner - looks impressive

Forum for getting help with Project Gamera, Spamassassin, Clamav, qmail-scanner and other anti-spam tools.
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

FuGlu Mail Content Scanner - looks impressive

Unread post by faris »

I just came across FuGlu - a Python-based mail content scanner for Postfix, with ClamAV and Spamassassin support.

https://github.com/gryphius/fuglu

From reading the documentation, the highlights for me are:

1) It *appears* to be capable of *rejecting* spam/viruses while the remote server is connected, something that amavisd et al don't seem to be able to do. This is very important to reduce/eliminate backscatter.
2) It appears to have per user/per domain configuration capabilities, from file or database.
3) It uses clamd and spamd (does not call SA per message like amavisd)
4) It is in current development
5) It does not appear to be overly complicated
6) Easy MRTG support
7) Comprehensive logging

So, at first glance, this thing appears to be extremely impressive.

However, the mailing list seems surprisingly quiet, and I had not even seen a hint of this thing until today, so I don't think it is particularly popular up until now.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
gryphius
New Forum User
New Forum User
Posts: 2
Joined: Sun Jul 24, 2016 11:14 pm
Location: Switzerland

Re: FuGlu Mail Content Scanner - looks impressive

Unread post by gryphius »

Hi
fuglu's main developer here - Thanks for looking into fuglu!
1) It *appears* to be capable of *rejecting* spam/viruses while the remote server is connected, something that amavisd et al don't seem to be able to do. This is very important to reduce/eliminate backscatter.
Yes, this is possible by running fuglu in pre-queue mode.
2) It appears to have per user/per domain configuration capabilities, from file or database.
fuglu's attachment analyzer and the SA plugin have built-in per domain/per user options. More complex setups sometimes require a few extra lines of custom python code to change the behaviour of other plugins as well, but I try to make this as simple as possible with fuglu's plugin architecture.
3) It uses clamd and spamd (does not call SA per message like amavisd)
correct
4) It is in current development
sometimes more, sometimes less. I always try to fix bugs immediately. But currently there's not much going on in terms of new features
5) It does not appear to be overly complicated
This is one of fuglu's main goals. Have a very simple core ("get message from postfix, send it back to postfix") but with a flexible plugin architecture.
6) Easy MRTG support
Nowadays I focus more on carbon, but the mrtg writer is still there, yes.
However, the mailing list seems surprisingly quiet
people tend to contact me directly by mail or via github issues. Mailing lists don't seem to be en vogue anymore. Recently there has been some traffic on the ML tho.
I don't think it is particularly popular up until now.
Fuglu is nowhere as popular as Amavis, but I know of a few larger installations running it. The mention on postfix.org's addon software site and the inclusion in the mailcow appliance gave it some publicity.

If you have any questions about fuglu, don't hesitate to contact me!

Cheers
Oli
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: FuGlu Mail Content Scanner - looks impressive

Unread post by faris »

Thanks Oli!

That all sounds great. But can I ask you about pre-queue mode please?

If I remember correctly from what I read in the FuGlu docs, pre-queue is not a common configuration.

I think I can understand why - if it takes 60 seconds for SA to process an email (which can happen), a connection to the MTA is tied up for that amount of time too.

What do YOU do? How do you handle the balance between the potential for backscatter and the potential for legitimate email vanishing due to SA false positives?
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
gryphius
New Forum User
New Forum User
Posts: 2
Joined: Sun Jul 24, 2016 11:14 pm
Location: Switzerland

Re: FuGlu Mail Content Scanner - looks impressive

Unread post by gryphius »

(sorry for the late reply, I didn't have thread notifications set up)

Personally I use pre-queue mode whenever I can, but this is mostly friends&family mail servers with a couple of domains. Rejecting everything that I don't like prevents backscattering and ind case of a FP from SA the sender gets notified right away instead of the message vanishing in a quarantine no one ever checks. There is some amount of tuning you can do to reduce the chance of SA hogging your connection for too long, for example limiting the scanning to small messages only and reject potentially dangerous attachment types before doing AV scans.

However, this only scales to a certain amount of mail traffic. Large ISPs have to make sure the SMTP sessions are kept short, after-queue makes more sense there. The ISP I worked for focused on minimising backscatter and SA/AV FPs to a negligible amount with fine tuned custom rules. But you're right, in after-queue setups it is almost impossible to achieve a 0% FP rate.
Post Reply