spamd tutorial? - BSD

This is a discussion on spamd tutorial? - BSD ; This might be a very lame/n00b question, but I'll risk it . I run a webhosting company, currently on a pair of (3.7) OBSD boxen. MTA is sendmail; we forward mail (no mailboxes) only, and we're using the access.db feature ...

+ Reply to Thread
Results 1 to 17 of 17

Thread: spamd tutorial?

  1. spamd tutorial?

    This might be a very lame/n00b question, but I'll risk it .

    I run a webhosting company, currently on a pair of (3.7) OBSD boxen. MTA is
    sendmail; we forward mail (no mailboxes) only, and we're using the access.db
    feature to block a (lengthy) list of domains from sending mail to our users.
    PF is enabled (of course).

    Up until now I've resisted putting Bayesian spam-filtering systems on the
    web hosts - I'm wary of false positives and yet another admin overhead.
    However, the sheer volume of spam we see is forcing me to reconsider. So
    spamd seems appropriate.

    I've checked the FAQs and the newsgroup archives; I'm still a little
    confused. Could some kind soul point me at a how-to for installing and
    maintaining a spam filter?

    TIA,

    Steve
    http://www.fivetrees.com



  2. Re: spamd tutorial?

    Steve at fivetrees wrote:
    > This might be a very lame/n00b question, but I'll risk it .
    >
    > I run a webhosting company, currently on a pair of (3.7) OBSD boxen. MTA is
    > sendmail; we forward mail (no mailboxes) only, and we're using the access.db
    > feature to block a (lengthy) list of domains from sending mail to our users.
    > PF is enabled (of course).
    >
    > Up until now I've resisted putting Bayesian spam-filtering systems on the
    > web hosts - I'm wary of false positives and yet another admin overhead.
    > However, the sheer volume of spam we see is forcing me to reconsider. So
    > spamd seems appropriate.
    >
    > I've checked the FAQs and the newsgroup archives; I'm still a little
    > confused. Could some kind soul point me at a how-to for installing and
    > maintaining a spam filter?


    I don't have a howto, but you might want to consider the difference
    between spamd(8) and mail/p5-Mail-SpamAssassin, which also contains a
    binary named spamd.

    spamd(8) is not Bayesian, but I've heard good things about it. Notably,
    no sane RFC-compliant setup should be blocked, which cuts down on false
    positives.

    Joachim

  3. Re: spamd tutorial?

    wrote in message
    news:441fdc83$0$79705$dbd41001@news.wanadoo.nl...
    > Steve at fivetrees wrote:
    >>
    >> I've checked the FAQs and the newsgroup archives; I'm still a little
    >> confused. Could some kind soul point me at a how-to for installing and
    >> maintaining a spam filter?

    >
    > I don't have a howto, but you might want to consider the difference
    > between spamd(8) and mail/p5-Mail-SpamAssassin, which also contains a
    > binary named spamd.
    >
    > spamd(8) is not Bayesian, but I've heard good things about it. Notably,
    > no sane RFC-compliant setup should be blocked, which cuts down on false
    > positives.


    Aha! That's already helped - one of my various sources of confusion was
    whether spamd == spamassassin. Thanks.

    I think I maybe should look at both. Meanwhile, spamd(8) is probably my
    priority. However, "no sane RFC-compliant setup should be blocked" worries
    me a bit - not sure I'd like to bet on all the major ISPs being fully
    RFC-compliant (AOL etc). If even one of my users gets legitimate mail
    blocked, it's not going to work for me. Perhaps I'm too cynical?

    Thanks,

    Steve
    http://www.fivetrees.com



  4. Re: spamd tutorial?

    Steve at fivetrees wrote:
    > wrote in message
    > news:441fdc83$0$79705$dbd41001@news.wanadoo.nl...
    >> Steve at fivetrees wrote:
    >>>
    >>> I've checked the FAQs and the newsgroup archives; I'm still a little
    >>> confused. Could some kind soul point me at a how-to for installing and
    >>> maintaining a spam filter?

    >>
    >> I don't have a howto, but you might want to consider the difference
    >> between spamd(8) and mail/p5-Mail-SpamAssassin, which also contains a
    >> binary named spamd.
    >>
    >> spamd(8) is not Bayesian, but I've heard good things about it. Notably,
    >> no sane RFC-compliant setup should be blocked, which cuts down on false
    >> positives.

    >
    > Aha! That's already helped - one of my various sources of confusion was
    > whether spamd == spamassassin. Thanks.
    >
    > I think I maybe should look at both. Meanwhile, spamd(8) is probably my
    > priority. However, "no sane RFC-compliant setup should be blocked" worries
    > me a bit - not sure I'd like to bet on all the major ISPs being fully
    > RFC-compliant (AOL etc). If even one of my users gets legitimate mail
    > blocked, it's not going to work for me. Perhaps I'm too cynical?


    Well, they only need to be 'sane' and 'RFC-compliant' to the point that
    they'll try to redeliver mail at least three times, while receiving 4xx
    errors the first two times.

    I don't think any sane mailer doesn't do that. There is always *some*
    idiot, but...

    Joachim

  5. Re: spamd tutorial?


    >> I don't have a howto, but you might want to consider the difference
    >> between spamd(8) and mail/p5-Mail-SpamAssassin, which also contains a
    >> binary named spamd.
    >>
    >> spamd(8) is not Bayesian, but I've heard good things about it. Notably,
    >> no sane RFC-compliant setup should be blocked, which cuts down on false
    >> positives.

    >
    > Aha! That's already helped - one of my various sources of confusion was
    > whether spamd == spamassassin. Thanks.
    >
    > I think I maybe should look at both. Meanwhile, spamd(8) is probably my
    > priority. However, "no sane RFC-compliant setup should be blocked" worries
    > me a bit - not sure I'd like to bet on all the major ISPs being fully
    > RFC-compliant (AOL etc). If even one of my users gets legitimate mail
    > blocked, it's not going to work for me. Perhaps I'm too cynical?


    I don't know about spamd not being Spamassassin but:
    I've been working with Spamassassin for years now.
    I had only a few false-positives ,one being a host which sent logwatch
    reports with a blacklisted URL. But that was easy to fix. Most of them
    are easy to fix :]
    Spamassassin has bayes rules but they only help to a limited extent.

    $ perldoc Mail::SpamAssassin::Conf


    ML

  6. Re: spamd tutorial?

    "Martin Latos" wrote in message
    news:dvop1c$s0r$1@nemesis.news.tpi.pl...
    >
    >> Aha! That's already helped - one of my various sources of confusion was
    >> whether spamd == spamassassin. Thanks.
    >>
    >> I think I maybe should look at both. Meanwhile, spamd(8) is probably my
    >> priority. However, "no sane RFC-compliant setup should be blocked"
    >> worries
    >> me a bit - not sure I'd like to bet on all the major ISPs being fully
    >> RFC-compliant (AOL etc). If even one of my users gets legitimate mail
    >> blocked, it's not going to work for me. Perhaps I'm too cynical?

    >
    > I don't know about spamd not being Spamassassin but:
    > I've been working with Spamassassin for years now.
    > I had only a few false-positives ,one being a host which sent logwatch
    > reports with a blacklisted URL. But that was easy to fix. Most of them
    > are easy to fix :]
    > Spamassassin has bayes rules but they only help to a limited extent.
    >
    > $ perldoc Mail::SpamAssassin::Conf


    Thanks for that.

    I note 2 possible packages in the 3.7 repository:
    - milter-spamd-0.3p0.tgz
    - p5-Mail-SpamAssassin-3.0.2.tgz

    I presume it's the latter I need? And will contain the Perl docs?

    Steve
    http://www.fivetrees.com



  7. Re: spamd tutorial?


    > I note 2 possible packages in the 3.7 repository:
    > - milter-spamd-0.3p0.tgz

    I guess this one is to intergrate spamassassin with sendmail thru milter
    interface. They have somehting like spamass-milter for linuxes. If
    you're using postfix why not use amavis? (some ppl have had some
    successes with integrating sendmail,amavis, clamav and spamassassin)

    > - p5-Mail-SpamAssassin-3.0.2.tgz

    This is what you need. As far as spamassasin goes.

    > I presume it's the latter I need? And will contain the Perl docs?

    I have really no idea. Not being a bsd expert in any way (or a good user
    for this matter) I always installed spamassassin thru CPAN.
    But I guess it will contain the necessary documentation :]


    Hope that helps in any way

    ML

  8. Re: spamd tutorial?

    "Martin Latos" wrote in message
    news:dvotdu$sv2$1@atlantis.news.tpi.pl...
    >
    >> I note 2 possible packages in the 3.7 repository:
    >> - milter-spamd-0.3p0.tgz

    > I guess this one is to intergrate spamassassin with sendmail thru milter
    > interface. They have somehting like spamass-milter for linuxes. If
    > you're using postfix why not use amavis? (some ppl have had some
    > successes with integrating sendmail,amavis, clamav and spamassassin)
    >
    >> - p5-Mail-SpamAssassin-3.0.2.tgz

    > This is what you need. As far as spamassasin goes.
    >
    >> I presume it's the latter I need? And will contain the Perl docs?

    > I have really no idea. Not being a bsd expert in any way (or a good user
    > for this matter) I always installed spamassassin thru CPAN.
    > But I guess it will contain the necessary documentation :]
    >
    > Hope that helps in any way


    It does. Thanks.

    Steve
    http://www.fivetrees.com



  9. Re: spamd tutorial?

    On 21 Mar 2006 10:59:16 GMT in <441fdc83$0$79705$dbd41001@news.wanadoo.nl> jKILLSPAM.schipper@math.uu.nl wrote:
    > spamd(8) is not Bayesian, but I've heard good things about it. Notably,
    > no sane RFC-compliant setup should be blocked, which cuts down on false
    > positives.


    Fortunately, it tends to choke on normal exchange configs
    and companies that have their mail handled by message-labs
    when in grey-listing mode.

    I think the change from 450 to 451 also decreased the amount of
    time for valid mail from places like yahoo to get through.

    --
    Chris Dukes
    Suspicion breeds confidence -- Brazil

  10. Re: spamd tutorial?

    On Tue, 21 Mar 2006 11:31:53 -0000 in Steve at fivetrees wrote:
    > wrote in message
    > news:441fdc83$0$79705$dbd41001@news.wanadoo.nl...
    >> Steve at fivetrees wrote:
    >>>
    >>> I've checked the FAQs and the newsgroup archives; I'm still a little
    >>> confused. Could some kind soul point me at a how-to for installing and
    >>> maintaining a spam filter?

    >>
    >> I don't have a howto, but you might want to consider the difference
    >> between spamd(8) and mail/p5-Mail-SpamAssassin, which also contains a
    >> binary named spamd.
    >>
    >> spamd(8) is not Bayesian, but I've heard good things about it. Notably,
    >> no sane RFC-compliant setup should be blocked, which cuts down on false
    >> positives.

    >
    > Aha! That's already helped - one of my various sources of confusion was
    > whether spamd == spamassassin. Thanks.
    >
    > I think I maybe should look at both. Meanwhile, spamd(8) is probably my
    > priority. However, "no sane RFC-compliant setup should be blocked" worries
    > me a bit - not sure I'd like to bet on all the major ISPs being fully
    > RFC-compliant (AOL etc). If even one of my users gets legitimate mail
    > blocked, it's not going to work for me. Perhaps I'm too cynical?


    AOL seems to get through fine. As does yahoo. Hotmail gets through,
    although all I get from hotmail is spam.
    message-labs has issues (The folks at cdicorp.com use that).
    Bell South's corporate email relays used to have issues.


    --
    Chris Dukes
    Suspicion breeds confidence -- Brazil

  11. Re: spamd tutorial?

    "?" wrote in message
    news:slrne20isc.j18.pakrat@mouse.private.neotoma.o rg...
    >>
    >> I think I maybe should look at both. Meanwhile, spamd(8) is probably my
    >> priority. However, "no sane RFC-compliant setup should be blocked"
    >> worries
    >> me a bit - not sure I'd like to bet on all the major ISPs being fully
    >> RFC-compliant (AOL etc). If even one of my users gets legitimate mail
    >> blocked, it's not going to work for me. Perhaps I'm too cynical?

    >
    > AOL seems to get through fine. As does yahoo. Hotmail gets through,
    > although all I get from hotmail is spam.
    > message-labs has issues (The folks at cdicorp.com use that).
    > Bell South's corporate email relays used to have issues.


    Noted; thanks. I'm in the UK, but of course we should handle *everything*.

    Trouble is, for this kind of thing I can't really do off-line experiments -
    it's all or nothing. Is it clear from the logs which messages/ISPs are
    rejected?

    I shall ponder.

    Steve
    http://www.fivetrees.com



  12. Re: spamd tutorial?

    On Tue, 21 Mar 2006 19:47:01 -0000 in <2_CdnfD1_seuxb3ZRVnysA@pipex.net> Steve at fivetrees wrote:
    > "?" wrote in message
    > news:slrne20isc.j18.pakrat@mouse.private.neotoma.o rg...
    >>>
    >>> I think I maybe should look at both. Meanwhile, spamd(8) is probably my
    >>> priority. However, "no sane RFC-compliant setup should be blocked"
    >>> worries
    >>> me a bit - not sure I'd like to bet on all the major ISPs being fully
    >>> RFC-compliant (AOL etc). If even one of my users gets legitimate mail
    >>> blocked, it's not going to work for me. Perhaps I'm too cynical?

    >>
    >> AOL seems to get through fine. As does yahoo. Hotmail gets through,
    >> although all I get from hotmail is spam.
    >> message-labs has issues (The folks at cdicorp.com use that).
    >> Bell South's corporate email relays used to have issues.

    >
    > Noted; thanks. I'm in the UK, but of course we should handle *everything*.
    >
    > Trouble is, for this kind of thing I can't really do off-line experiments -
    > it's all or nothing. Is it clear from the logs which messages/ISPs are
    > rejected?
    >
    > I shall ponder.


    You'll need to remember to add lines for spamd and spamlogd
    in your syslog.conf.

    Here's a portion of a flat out blacklist
    Mar 21 12:43:37 lagoon spamd[15798]: 124.42.3.44: connected (1/1), lists: china
    Mar 21 12:47:32 lagoon spamd[15798]: (BLACK) 124.42.3.44:
    ->

    Here's a grey
    Mar 21 13:34:55 lagoon spamd[15798]: 201.22.206.182: connected (1/0)
    Mar 21 13:35:11 lagoon spamd[15798]: (GREY) 201.22.206.182: comics.com> ->
    Mar 21 13:35:11 lagoon spamd[15798]: 201.22.206.182: disconnected after 16 seco
    nds.

    'spamdb' provides information on whites, greys, spamtrap addresses, and
    hosts zapped by spamtrap addresses in a format that's a bit easier to parse.

    And you could always setup the logging for spamlogd without having the
    filtering for spamd setup. Let it run for a week and muck through the
    "whitelist" and expunge anything questionable. That way when you turn
    on grey-listing the bulk of the email isn't even delayed.

    --
    Chris Dukes
    Suspicion breeds confidence -- Brazil

  13. Re: spamd tutorial?

    "?" wrote in message
    news:slrne20org.j18.pakrat@mouse.private.neotoma.o rg...
    >
    > 'spamdb' provides information on whites, greys, spamtrap addresses, and
    > hosts zapped by spamtrap addresses in a format that's a bit easier to
    > parse.
    >
    > And you could always setup the logging for spamlogd without having the
    > filtering for spamd setup. Let it run for a week and muck through the
    > "whitelist" and expunge anything questionable. That way when you turn
    > on grey-listing the bulk of the email isn't even delayed.


    Ooh. Sounds like good advice - all noted. Thanks.

    Steve
    http://www.fivetrees.com



  14. Re: spamd tutorial?

    wrote in message
    news:441fdc83$0$79705$dbd41001@news.wanadoo.nl...
    > Steve at fivetrees wrote:
    >> I've checked the FAQs and the newsgroup archives; I'm still a little
    >> confused. Could some kind soul point me at a how-to for installing and
    >> maintaining a spam filter?

    >
    > I don't have a howto, but you might want to consider the difference
    > between spamd(8) and mail/p5-Mail-SpamAssassin, which also contains a
    > binary named spamd.


    I'm sorta getting there. I understand the differences between the 2 spamds
    now, and I'm working through both. (The first works on connection behaviour,
    while the second works on message content. Hopefully that's right.)

    Ok. I'd like both, of course. One thing, though - am I right in
    understanding that SpamAssassin requires procmail? This worried me a bit:
    http://davespicks.com/writing/progra...inopenbsd.html

    procmail scares me. It's just a preprocessor, right? Not a replacement for
    sendmail? I've looked at so many "you really should be running this MTA"s
    that my head is spinning a bit, and I've stuck with sendmail. Not because
    it's good, or tractable, but mainly because I've been able to adapt and keep
    things running with it since OBSD 2.6.

    Also: I've used CPAN in the past (e.g. for radio fivetrees), but I've often
    been unlucky with it. These two failed tonight:
    > install File::Path
    > install IPC::Open2


    Reason:
    >> The most recent version "1.08" of the module "File::Path" comes with the
    >> current version of perl (5.8.8). <<


    There's probably some voodoo I'm missing there; CPAN seems very fragile.
    Never did get Ogg-Vorbis to work.

    Have pity on me. I'm an embedded electronics/firmware guy venturing gingerly
    into scary places. I have a clue, but not necessarily *this* clue.

    Steve
    http://www.sfdesign.co.uk <- with my other hat on



  15. Re: spamd tutorial?

    Steve at fivetrees wrote:
    > wrote in message
    > news:441fdc83$0$79705$dbd41001@news.wanadoo.nl...
    >> Steve at fivetrees wrote:
    >>> I've checked the FAQs and the newsgroup archives; I'm still a little
    >>> confused. Could some kind soul point me at a how-to for installing and
    >>> maintaining a spam filter?

    >>
    >> I don't have a howto, but you might want to consider the difference
    >> between spamd(8) and mail/p5-Mail-SpamAssassin, which also contains a
    >> binary named spamd.

    >
    > I'm sorta getting there. I understand the differences between the 2 spamds
    > now, and I'm working through both. (The first works on connection behaviour,
    > while the second works on message content. Hopefully that's right.)
    >
    > Ok. I'd like both, of course. One thing, though - am I right in
    > understanding that SpamAssassin requires procmail? This worried me a bit:
    > http://davespicks.com/writing/progra...inopenbsd.html


    SpamAssassin requires *some* way to pass the message to it. Procmail is
    one such way, but it is rather inefficient. Amavisd is another, and I
    gather there are some milters for Sendmail that will offer a more
    efficient interface.

    > procmail scares me. It's just a preprocessor, right? Not a replacement for
    > sendmail? I've looked at so many "you really should be running this MTA"s
    > that my head is spinning a bit, and I've stuck with sendmail. Not because
    > it's good, or tractable, but mainly because I've been able to adapt and keep
    > things running with it since OBSD 2.6.
    >
    > Also: I've used CPAN in the past (e.g. for radio fivetrees), but I've often
    > been unlucky with it. These two failed tonight:
    >> install File::Path
    >> install IPC::Open2

    >
    > Reason:
    >>> The most recent version "1.08" of the module "File::Path" comes with the
    >>> current version of perl (5.8.8). <<

    >
    > There's probably some voodoo I'm missing there; CPAN seems very fragile.
    > Never did get Ogg-Vorbis to work.
    >
    > Have pity on me. I'm an embedded electronics/firmware guy venturing gingerly
    > into scary places. I have a clue, but not necessarily *this* clue.


    As always, the easiest way to get SpamAssassin running is via packages
    (p5-Mail-SpamAssassin).

    Ogg-Vorbis and CPAN are both a whole other kettle of tea, and I don't
    know anything about the former. The latter is very cool, but pkg_add is
    adapted for OpenBSD, and thus, preferred.

    Joachim

  16. Re: spamd tutorial?

    wrote in message
    news:44214777$0$10131$dbd41001@news.wanadoo.nl...
    >>
    >> Ok. I'd like both, of course. One thing, though - am I right in
    >> understanding that SpamAssassin requires procmail? This worried me a bit:
    >> http://davespicks.com/writing/progra...inopenbsd.html

    >
    > SpamAssassin requires *some* way to pass the message to it. Procmail is
    > one such way, but it is rather inefficient. Amavisd is another, and I
    > gather there are some milters for Sendmail that will offer a more
    > efficient interface.


    Ok, understood and reassured. I think .

    >> There's probably some voodoo I'm missing there; CPAN seems very fragile.
    >> Never did get Ogg-Vorbis to work.

    >
    > As always, the easiest way to get SpamAssassin running is via packages
    > (p5-Mail-SpamAssassin).
    >
    > Ogg-Vorbis and CPAN are both a whole other kettle of tea, and I don't
    > know anything about the former. The latter is very cool, but pkg_add is
    > adapted for OpenBSD, and thus, preferred.


    Also understood - and echoed. Given a choice, it's pkg_add for me [1]. (I
    made some humble contributions to Lincoln Stein's Apache::MP3 project, which
    I use as the basis for Radio fivetrees. [Ogg-Vorbis is a somewhat more
    license-friendly alternative to MP3.] I have traditionally used CPAN in this
    case simply because that was what Lincoln was familiar with - also I suspect
    I've been using it longer than it's been in the ports tree. I'm revising
    this, and will probably give up on CPAN.)

    [1] One minor criticism of the pkg_add system - it's not always clear (to
    me) what adaptations have been made, or what the ./configure equivalent was.
    Some packages provide a few lines of clue at the end of the install process;
    most don't. I usually go back to the application homepage and deduce the
    configuration from there. Perhaps that's what everyone else does. Not sure.

    Summary: I have a lot to learn. Eep.

    Thanks!

    Steve
    http://www.fivetrees.com



  17. Re: spamd tutorial?

    On Wed, 22 Mar 2006 16:00:15 -0000 in Steve at fivetrees wrote:
    > wrote in message
    > news:44214777$0$10131$dbd41001@news.wanadoo.nl...
    >>>
    >>> Ok. I'd like both, of course. One thing, though - am I right in
    >>> understanding that SpamAssassin requires procmail? This worried me a bit:
    >>> http://davespicks.com/writing/progra...inopenbsd.html

    >>
    >> SpamAssassin requires *some* way to pass the message to it. Procmail is
    >> one such way, but it is rather inefficient. Amavisd is another, and I
    >> gather there are some milters for Sendmail that will offer a more
    >> efficient interface.

    >
    > Ok, understood and reassured. I think .


    You may wish to look at MailScanner as well (I know it works for
    exim4 and postfix. I don't remember if it works with sendmail).

    As for your CPAn/pkg_add question.
    Spin off a new thread, but the short answer is "Look
    through the ports tree."
    --
    Chris Dukes
    Suspicion breeds confidence -- Brazil

+ Reply to Thread