Anti-Spam Package (dspam or SpamAssasin)
-
There is a big difference in configuring a greylisting daemon and configuring a full spam filter package. An actual spam filter package would involve running a full mail server on the firewall, plus all of the spam scanning software, plus coming up with some kind of GUI for it, and a way to manage not only the global spam filter settings but probably per-address options, and updating the spamassassin rules, etc, etc.
You'd realistically be looking at a several thousand dollars to have someone do that properly.
(And I still wouldn't want to run that on my firewall… :-)
That doesn't sound right. I know there was a SpamAssassin package for IPCop and I don't think it runs a mail server.
It seems like there should be a way to scan and mark the emails. Like what Untangle or IPCop with the above mentioned package do.
-
Sorry, but you are not correct.
I have setup spamassassin on mail servers before, and run it in a couple locations. SpamAssassin on its own is not a mail server, cannot accept messages, it cannot send them out, it requires another program to feed it the messages and then deal with the result. A common way is via something like amavisd, which is essentially a mail server (rather, an MTA, to be more precise). Other places run it through scripts hooked in from postfix/exim/sendmail/etc.
Something has to accept the entire message, then let spamassin scan it, and then based on that result, send it to your mail server.
It can't just grab the traffic stream, scan it live, and then forward/reject it after the whole message has been received, not without a program receiving the message and forwarding it to your internal mail server. If it scanned the stream as it flowed through the message would already be delivered to your mail server by the time SpamAssassin scanned it. That just isn't how it works.
-
Sorry, but you are not correct.
Won't be the first nor last time. :)
I have setup spamassassin on mail servers before, and run it in a couple locations. SpamAssassin on its own is not a mail server, cannot accept messages, it cannot send them out, it requires another program to feed it the messages and then deal with the result. A common way is via something like amavisd, which is essentially a mail server (rather, an MTA, to be more precise). Other places run it through scripts hooked in from postfix/exim/sendmail/etc.
Something has to accept the entire message, then let spamassin scan it, and then based on that result, send it to your mail server.
It can't just grab the traffic stream, scan it live, and then forward/reject it after the whole message has been received, not without a program receiving the message and forwarding it to your internal mail server. If it scanned the stream as it flowed through the message would already be delivered to your mail server by the time SpamAssassin scanned it. That just isn't how it works.
I've only done Spamassassin in between my POP server and my local client. In those cases, it simply marked messages with a SPAM tag. So it wasn't rejecting anything, but making it easier for the client to do filtering.
-
@Bai:
I've only done Spamassassin in between my POP server and my local client. In those cases, it simply marked messages with a SPAM tag. So it wasn't rejecting anything, but making it easier for the client to do filtering.
In that kind of case, it's the client downloading the message, feeding it through SA, and then injecting the result into your mailbox (more or less). Or it's a proxy where something pulls the messages, lets SA scan them, and then your client gets the results from the proxy. There are some other variations but that's the basic method.
Much different than doing it in between two mail servers that have to obey proper standards/protocols for delivering mail to each other.
-
@Bai:
I've only done Spamassassin in between my POP server and my local client. In those cases, it simply marked messages with a SPAM tag. So it wasn't rejecting anything, but making it easier for the client to do filtering.
In that kind of case, it's the client downloading the message, feeding it through SA, and then injecting the result into your mailbox (more or less). Or it's a proxy where something pulls the messages, lets SA scan them, and then your client gets the results from the proxy. There are some other variations but that's the basic method.
Much different than doing it in between two mail servers that have to obey proper standards/protocols for delivering mail to each other.
I believe IPCop and Untangle use the proxy method. And honestly, that's all I really need from pfSense. Not sure about the OP.
-
If they proxy POP3/IMAP then that's one thing, and wouldn't work with SSL/TLS. Proxying SMTP is entirely different. Not sure if that's even feasible in this kind of scenario with a proxy of sorts.
-
I have been running SpamAssassin since several years with various MTAs (in recent years mostly with Postfix) together with ClamAV anti-virus and various other tools that enhance SA's effectiveness.
In my experience such a system really needs to be a full-blown mail-server to do the job. It is not something I would want to run on a router/firewall.
-
For clarification, the IPCop SPAM filter uses ProxSMTP to proxy SMTP traffic and pass it off to spamassassin. It also uses p3Scan to prox pop3 connections. In fact, in looking at the Copfilter plugin, it looks like they use half a dozen little proxy programs to proxy different protocols, pass them off to ClamAV and/or Spamassassin. I would expect this kind of system to be exceptionally messy, resource intensive and not at all appropriate for a firewall. Its one thing to use a small amount of CPU to stem the tide of spam waves using a greylisting daemon, and quite another to be proxying, queing, scanning and rejecting|forwarding|dropping all of these kinds of connections.
Not surprisingly, I agree with jimp on this, such a package would require several thousand dollars at least and probably closer to ten thousand to do anything close to correctly. Even then, it would require herculean effort to keep up to date and would never be appropriate for anything more than a small network.
-
And when this is done by firewall you have usually no possibility to have those attachments or what ever is going to get proxied off.
Like in these little redboxes(what are greatly used also in pfsense environment) those can proxy a smtp trafic, but when it kicks in, no one can get those mails nor attachments. -
What about those of us who aren't running a mail server and want SpamAssassin for marking our pop3 mail as it comes in? What would you recommend?
-
There is a big difference in configuring a greylisting daemon and configuring a full spam filter package. An actual spam filter package would involve running a full mail server on the firewall, plus all of the spam scanning software, plus coming up with some kind of GUI for it, and a way to manage not only the global spam filter settings but probably per-address options, and updating the spamassassin rules, etc, etc.
You'd realistically be looking at a several thousand dollars to have someone do that properly.
(And I still wouldn't want to run that on my firewall… :-)
I like the idea of 'several thousand dollars' ;)
I'm working on it and I agree that firewall is not the best place for a antispam system, but you can put it on another pfSense box/vm and use the same great pfSense GUI/rules to configure it.
What is done:
First stage antispam checks:-
Detect zombies
-
check RBL
-
check SPF
Second stage antispam check:
-
Subject
-
Valid Recipients
-
Valid Domains
-
Body Content
-
Attachment types
What is almost done:
Third stage antispam checks(high cpu usage):-
Mailscanner
-
SpamAssassin
-
Clamav
-
pyzor
If any one are willing to contribute with the project, the time has come.
@submicron:
Not surprisingly, I agree with jimp on this, such a package would require several thousand dollars at least and probably closer to ten thousand to do anything close to correctly. Even then, it would require herculean effort to keep up to date and would never be appropriate for anything more than a small network.
Yes it is difficult but not impossible. Many checks nowadays are based on sourceip or live lists(white, gray,black,etc).
Spamd just like the two biggest commercial antispam tools use a mundial database for ip reputation and other mail stuff.
pyzor can check a global server too.
I`m planning that sa-update will be updated via cron. -
-
Mailscanner + clamav + spamassassin with postfix integration is done.
I'm using freebsd 8.2 packages. Testing for 5 days with no issues.
-
marcello,
Congratulations for you work with this package.
you prove that we can develop technology in Brazil, not just consume. We have many good developers and people involved with free software!
[] 's
Jack -
Mailscanner + clamav + spamassassin with postfix integration is done.
I'm using freebsd 8.2 packages. Testing for 5 days with no issues.
How are things working? Still no problems?
Have you looked at making a pfsense package to do this automatically?
Thanks.
-
@Bai:
How are things working? Still no problems?
Have you looked at making a pfsense package to do this automatically?Yes, I've it working for months.
Just install the package.
If you prefer, test it on a virtual machine first.
-
@Bai:
How are things working? Still no problems?
Have you looked at making a pfsense package to do this automatically?Yes, I've it working for months.
Just install the package.
If you prefer, test it on a virtual machine first.
What's the name of the package? I looked in the list and didn't see it.
-
postifx for the smtp daemon has antispam features(spf+rbl+spf+zombie blocker+header checks)
maiscanner-dev for the content message scanning(maiscanner + spamassassin + clamav) -
Check out Baruwa.
This should be able to run as an add-on-package perhaps.
We run it on separate hardware - and love it. (truth to be told we loaded it on the Barracuda hardware we have):-)
-
postifx for the smtp daemon has antispam features(spf+rbl+spf+zombie blocker+header checks)
maiscanner-dev for the content message scanning(maiscanner + spamassassin + clamav)Will do.
Thanks!
-
A huge thanks to all the devs that made this possible, i soo wish i was a Millionaire so that i could donate! anyway it will come! Not a question if but when ;D
Man i love THIS. Just hope i can manage to get this running.
;)
Just have to Solve this one:
FROM SERVER:
550 5.1.1 : Recipient address rejected: User unknown in relay recipient table
SMTP -> ERROR: DATA command not accepted from server: 550 5.1.1 : Recipient address rejected: User unknown in relay recipient tableAnd also have to find out how to stop it from becoming a backscatter source!
Jupp, i love searching for info, will let u all know how it goes…
