Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Anti-Spam Package (dspam or SpamAssasin)

    Scheduled Pinned Locked Moved Expired/Withdrawn Bounties
    27 Posts 11 Posters 44.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Bai Shen
      last edited by

      @jimp:

      There is a big difference in configuring a greylisting daemon and configuring a full spam filter package. An actual spam filter package would involve running a full mail server on the firewall, plus all of the spam scanning software, plus coming up with some kind of GUI for it, and a way to manage not only the global spam filter settings but probably per-address options, and updating the spamassassin rules, etc, etc.

      You'd realistically be looking at a several thousand dollars to have someone do that properly.

      (And I still wouldn't want to run that on my firewall… :-)

      That doesn't sound right.  I know there was a SpamAssassin package for IPCop and I don't think it runs a mail server.

      It seems like there should be a way to scan and mark the emails.  Like what Untangle or IPCop with the above mentioned package do.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Sorry, but you are not correct.

        I have setup spamassassin on mail servers before, and run it in a couple locations. SpamAssassin on its own is not a mail server, cannot accept messages, it cannot send them out, it requires another program to feed it the messages and then deal with the result. A common way is via something like amavisd, which is essentially a mail server (rather, an MTA, to be more precise). Other places run it through scripts hooked in from postfix/exim/sendmail/etc.

        Something has to accept the entire message, then let spamassin scan it, and then based on that result, send it to your mail server.

        It can't just grab the traffic stream, scan it live, and then forward/reject it after the whole message has been received, not without a program receiving the message and forwarding it to your internal mail server. If it scanned the stream as it flowed through the message would already be delivered to your mail server by the time SpamAssassin scanned it. That just isn't how it works.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • B
          Bai Shen
          last edited by

          @jimp:

          Sorry, but you are not correct.

          Won't be the first nor last time. :)

          I have setup spamassassin on mail servers before, and run it in a couple locations. SpamAssassin on its own is not a mail server, cannot accept messages, it cannot send them out, it requires another program to feed it the messages and then deal with the result. A common way is via something like amavisd, which is essentially a mail server (rather, an MTA, to be more precise). Other places run it through scripts hooked in from postfix/exim/sendmail/etc.

          Something has to accept the entire message, then let spamassin scan it, and then based on that result, send it to your mail server.

          It can't just grab the traffic stream, scan it live, and then forward/reject it after the whole message has been received, not without a program receiving the message and forwarding it to your internal mail server. If it scanned the stream as it flowed through the message would already be delivered to your mail server by the time SpamAssassin scanned it. That just isn't how it works.

          I've only done Spamassassin in between my POP server and my local client.  In those cases, it simply marked messages with a SPAM tag.  So it wasn't rejecting anything, but making it easier for the client to do filtering.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            @Bai:

            I've only done Spamassassin in between my POP server and my local client.  In those cases, it simply marked messages with a SPAM tag.  So it wasn't rejecting anything, but making it easier for the client to do filtering.

            In that kind of case, it's the client downloading the message, feeding it through SA, and then injecting the result into your mailbox (more or less). Or it's a proxy where something pulls the messages, lets SA scan them, and then your client gets the results from the proxy. There are some other variations but that's the basic method.

            Much different than doing it in between two mail servers that have to obey proper standards/protocols for delivering mail to each other.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • B
              Bai Shen
              last edited by

              @jimp:

              @Bai:

              I've only done Spamassassin in between my POP server and my local client.  In those cases, it simply marked messages with a SPAM tag.  So it wasn't rejecting anything, but making it easier for the client to do filtering.

              In that kind of case, it's the client downloading the message, feeding it through SA, and then injecting the result into your mailbox (more or less). Or it's a proxy where something pulls the messages, lets SA scan them, and then your client gets the results from the proxy. There are some other variations but that's the basic method.

              Much different than doing it in between two mail servers that have to obey proper standards/protocols for delivering mail to each other.

              I believe IPCop and Untangle use the proxy method.  And honestly, that's all I really need from pfSense.  Not sure about the OP.

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                If they proxy POP3/IMAP then that's one thing, and wouldn't work with SSL/TLS. Proxying SMTP is entirely different. Not sure if that's even feasible in this kind of scenario with a proxy of sorts.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • D
                  dhatz
                  last edited by

                  I have been running SpamAssassin since several years with various MTAs (in recent years mostly with Postfix) together with ClamAV anti-virus and various other tools that enhance SA's effectiveness.

                  In my experience such a system really needs to be a full-blown mail-server to do the job. It is not something I would want to run on a router/firewall.

                  1 Reply Last reply Reply Quote 0
                  • ?
                    Guest
                    last edited by

                    For clarification, the IPCop SPAM filter uses ProxSMTP to proxy SMTP traffic and pass it off to spamassassin.  It also uses p3Scan to prox pop3 connections.  In fact, in looking at the Copfilter plugin, it looks like they use half a dozen little proxy programs to proxy different protocols, pass them off to ClamAV and/or Spamassassin.  I would expect this kind of system to be exceptionally messy, resource intensive and not at all appropriate for a firewall.  Its one thing to use a small amount of CPU to stem the tide of spam waves using a greylisting daemon, and quite another to be proxying, queing, scanning and rejecting|forwarding|dropping all of these kinds of connections.

                    Not surprisingly, I agree with jimp on this, such a package would require several thousand dollars at least and probably closer to ten thousand to do anything close to correctly.  Even then, it would require herculean effort to keep up to date and would never be appropriate for anything more than a small network.

                    1 Reply Last reply Reply Quote 0
                    • M
                      Metu69salemi
                      last edited by

                      And when this is done by firewall you have usually no possibility to have those attachments or what ever is going to get proxied off.
                      Like in these little redboxes(what are greatly used also in pfsense environment) those can proxy a smtp trafic, but when it kicks in, no one can get those mails nor attachments.

                      1 Reply Last reply Reply Quote 0
                      • B
                        Bai Shen
                        last edited by

                        What about those of us who aren't running a mail server and want SpamAssassin for marking our pop3 mail as it comes in?  What would you recommend?

                        1 Reply Last reply Reply Quote 0
                        • marcellocM
                          marcelloc
                          last edited by

                          @jimp:

                          There is a big difference in configuring a greylisting daemon and configuring a full spam filter package. An actual spam filter package would involve running a full mail server on the firewall, plus all of the spam scanning software, plus coming up with some kind of GUI for it, and a way to manage not only the global spam filter settings but probably per-address options, and updating the spamassassin rules, etc, etc.

                          You'd realistically be looking at a several thousand dollars to have someone do that properly.

                          (And I still wouldn't want to run that on my firewall… :-)

                          I like the idea of 'several thousand dollars'  ;)

                          I'm working on it and I agree that firewall is not the best place for a antispam system, but you can put it on another pfSense box/vm and use the same great pfSense GUI/rules to configure it.

                          What is done:
                          First stage antispam checks:

                          • Detect zombies

                          • check RBL

                          • check SPF

                          Second stage antispam check:

                          • Subject

                          • Valid Recipients

                          • Valid Domains

                          • Body Content

                          • Attachment types

                          What is almost done:
                          Third stage antispam checks(high cpu usage):

                          • Mailscanner

                          • SpamAssassin

                          • Clamav

                          • pyzor

                          If any one are willing to contribute with the project, the time has come.

                          @submicron:

                          Not surprisingly, I agree with jimp on this, such a package would require several thousand dollars at least and probably closer to ten thousand to do anything close to correctly.  Even then, it would require herculean effort to keep up to date and would never be appropriate for anything more than a small network.

                          Yes it is difficult but not impossible. Many checks nowadays are based on sourceip or live lists(white, gray,black,etc).
                          Spamd just like the two biggest commercial antispam tools use a mundial database for ip reputation and other mail stuff.
                          pyzor can check a global server too.
                          I`m planning that sa-update will be updated via cron.

                          Treinamentos de Elite: http://sys-squad.com

                          Help a community developer! ;D

                          1 Reply Last reply Reply Quote 0
                          • marcellocM
                            marcelloc
                            last edited by

                            Mailscanner + clamav + spamassassin with postfix integration is done.

                            I'm using freebsd 8.2 packages. Testing for 5 days with no issues.

                            Treinamentos de Elite: http://sys-squad.com

                            Help a community developer! ;D

                            1 Reply Last reply Reply Quote 0
                            • JackLJ
                              JackL
                              last edited by

                              marcello,

                              Congratulations for you work with this package.

                              you prove that we can develop technology in Brazil, not just consume. We have many good developers and people involved with free software!

                              [] 's
                              Jack

                              Treinamentos de Elite: http://sys-squad.com
                              Soluções: https://conexti.com.br

                              1 Reply Last reply Reply Quote 0
                              • B
                                Bai Shen
                                last edited by

                                @marcelloc:

                                Mailscanner + clamav + spamassassin with postfix integration is done.

                                I'm using freebsd 8.2 packages. Testing for 5 days with no issues.

                                How are things working?  Still no problems?

                                Have you looked at making a pfsense package to do this automatically?

                                Thanks.

                                1 Reply Last reply Reply Quote 0
                                • marcellocM
                                  marcelloc
                                  last edited by

                                  @Bai:

                                  How are things working?  Still no problems?
                                  Have you looked at making a pfsense package to do this automatically?

                                  Yes, I've it working for months.

                                  Just install the package.

                                  If you prefer, test it on a virtual machine first.

                                  Treinamentos de Elite: http://sys-squad.com

                                  Help a community developer! ;D

                                  1 Reply Last reply Reply Quote 0
                                  • B
                                    Bai Shen
                                    last edited by

                                    @marcelloc:

                                    @Bai:

                                    How are things working?  Still no problems?
                                    Have you looked at making a pfsense package to do this automatically?

                                    Yes, I've it working for months.

                                    Just install the package.

                                    If you prefer, test it on a virtual machine first.

                                    What's the name of the package?  I looked in the list and didn't see it.

                                    1 Reply Last reply Reply Quote 0
                                    • marcellocM
                                      marcelloc
                                      last edited by

                                      postifx for the smtp daemon has antispam features(spf+rbl+spf+zombie blocker+header checks)
                                      maiscanner-dev for the content message scanning(maiscanner + spamassassin + clamav)

                                      Treinamentos de Elite: http://sys-squad.com

                                      Help a community developer! ;D

                                      1 Reply Last reply Reply Quote 0
                                      • H
                                        hopoffacloud
                                        last edited by

                                        Check out Baruwa.

                                        This should be able to run as an add-on-package perhaps.
                                        We run it on separate hardware - and love it.  (truth to be told we loaded it on the Barracuda hardware we have)

                                        :-)

                                        1 Reply Last reply Reply Quote 0
                                        • B
                                          Bai Shen
                                          last edited by

                                          @marcelloc:

                                          postifx for the smtp daemon has antispam features(spf+rbl+spf+zombie blocker+header checks)
                                          maiscanner-dev for the content message scanning(maiscanner + spamassassin + clamav)

                                          Will do.

                                          Thanks!

                                          1 Reply Last reply Reply Quote 0
                                          • U
                                            Unubtanium
                                            last edited by

                                            A huge thanks to all the devs that made this possible, i soo wish i was a Millionaire  so that i could donate! anyway it will come! Not a question if but when  ;D

                                            Man i love THIS. Just hope i can manage to get this running.

                                            ;)

                                            Just have to Solve this one:
                                            FROM SERVER:
                                            550 5.1.1 : Recipient address rejected: User unknown in relay recipient table
                                            SMTP -> ERROR: DATA command not accepted from server: 550 5.1.1 : Recipient address rejected: User unknown in relay recipient table

                                            And also have to find out how to stop it from becoming a backscatter source!

                                            Jupp, i love searching for info, will let u all know how it goes…

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.