what anti-spam for you used ? dspam?spammassian? amavisd-new ? what is best ?
It's not what software you use, but what circumstances you run it in. On Tue, 2012-07-24 at 11:58 +0800, fy wrote:> what anti-spam for you used ? dspam?spammassian? amavisd-new ? what is > best ?
On Tue, 2012-07-24 at 11:58 +0800, fy wrote:> what anti-spam for you used ? dspam?spammassian? amavisd-new ? what is > best ?amavisd-new with spamassassin and anti virus scanner, clamav with sanesecurity rules use enforcing rules in mail server, like block hosts with no DNS/rDNS Enforce SPF, publish SPF with hardfail use DNSBL's in your mail server, spamhaus, spamcop, spam.sorbs, and more etc. milter regex to stop dynamic/suspect hosts There is no one solution, the solution, is a box of many tricks You might get the odd false blocking, but if system opers can not be bothered running a compliant network with standardised naming conventions for servers, then it is not my problem, and we have had very very very few complaints about this type of policy in over a decade. If someoine sooks to you, educate them, dont whitelist them. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20120724/5344aea6/attachment-0004.bin>
fy <fy at 5dshu.com> wrote:> what anti-spam for you used ? dspam?spammassian? amavisd-new ? what is > best ?milter-greylist of course :-) http://hcpnet.free.fr/milter-greylist/ Note that the name is a tribute to what it has been in the beginning, but we now have much more features than greylisting. IMO the really nice thing in milter-greylist is its ACL, which enable different filtering for different recipients. If you add a user-accessible report about what was filtered, then the users can enable/disable filters on the fly depending on their use, which brings to MTA filtering the interraction we used to have in MUA-based filtering. -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz manu at netbsd.org
* fy <fy at 5dshu.com>:> what anti-spam for you used ? dspam?spammassian? amavisd-new ? what is > best ?The best goes like this: 1. Decide if the SMTP client should be allowed to connect to the server 2. Decide if the client should be allowed to send the message 3. Decide if the message should be allowed to reach the recipient For 1 use e.g. 'postscreen' in Postfix. For 2 use SMTP session filters e.g. smtpd_..._restrictions in Postfix For 3 use a combination of content filters like SpamAssassin, ClamAV etc. In case you need to build some content policies e.g. "recipient A may receive message, messages should never be spam filtered for B and C ..." around the filters use amavisd-new, the content filter framework. It also brings features to manage filtered content e.g. quarantine, copy etc. p at rick -- state of mind () http://www.state-of-mind.de Franziskanerstra?e 15 Telefon +49 89 3090 4664 81669 M?nchen Telefax +49 89 3090 4666 Amtsgericht M?nchen Partnerschaftsregister PR 563
> what anti-spam for you used ? dspam?spammassian? amavisd-new ? what is > best ?i got best results with dspam + graylist. but dspam is not scalable solution, it works only if you do not have many users.
On Tue, 24 Jul 2012, fy wrote:> what anti-spam for you used ? dspam?spammassian? amavisd-new ? what is > best ?If you can afford using a separate "boundary" SMTP (and, thanks to virtual machines, this is much more common than just a few years ago), MailAvenger is likely to be a very good solution: for Bayesian filtering it relies on plain SpamAssassin, but it really shines in doing deep SMTP transaction analysis, ruling out most spam at that level and making it far less CPU and memory intensive than its counterparts. You can find it at http://mailavenger.org/ Best regards Federico Bianchi Dipartimento di Storia delle Arti Universita` di Pisa via Trieste, 38 - I-56126 Pisa (Italy) tel.(+39) 050 221 6 024; fax (+39) 050 221 6 001 e-mail: <f.bianchi at arte.unipi.it> ================================================== !DISCLAIMER!: my e-mail reflects _my_own_ opinions! ===================================================
On 07/24/2012 06:49 AM, Noel Butler wrote:> On Tue, 2012-07-24 at 11:58 +0800, fy wrote: > >> what anti-spam for you used ? dspam?spammassian? amavisd-new ? what is >> best ? > > > amavisd-new with spamassassin and anti virus scanner, clamav with > sanesecurity rules > use enforcing rules in mail server, like block hosts with no DNS/rDNS > Enforce SPF, publish SPF with hardfail > use DNSBL's in your mail server, spamhaus, spamcop, spam.sorbs, and > more etc. > milter regex to stop dynamic/suspect hostsAnd first of all, even if this is not dovecot related, use a greylisting solution.> > There is no one solution, the solution, is a box of many tricks > You might get the odd false blocking, but if system opers can not be > bothered running a compliant network with standardised naming > conventions for servers, then it is not my problem, and we have had very > very very few complaints about this type of policy in over a decade. If > someoine sooks to you, educate them, dont whitelist them.Indeed! Fighting spam is a continuous task. While greylisting will cut down the amount of spam by more than 50%, the remaining 50% will give you the hardest time and will keep changing to bypass your rules. You'll need to keep an eye on the flow of false negatives or false positive you are getting... We (72,000 mailboxes) are currently using amavisd-new with spamassassin and CRM114 via a custom plugin instead of the default bayesian filter. Also like Noel, we're using DNSBLs, SPF (although we had to publish a permissive record since some of our users are using their ISP smtp instead of our own). Arnaud> >-- Arnaud Ab?lard (jabber: arnaud.abelard at univ-nantes.fr) Administrateur Syst?me - Responsable Services Web Direction des Syst?mes d'Informations Universit? de Nantes - ne pas utiliser: trapemail at univ-nantes.fr
-------- Original-Nachricht --------> Datum: Tue, 24 Jul 2012 10:49:48 +0200 > Von: Morten Stevens <mstevens at imt-systems.com> > An: Dovecot Mailing List <dovecot at dovecot.org> > Betreff: Re: [Dovecot] what best for anti-spam filter?> On 24.07.2012 09:16, Arnaud Ab?lard wrote: > > > And first of all, even if this is not dovecot related, use a > > greylisting solution. > > No, greylisting is really a bad solution. It is not RFC compliant and > delays the mail traffic. >In what sense is greylisting not RFC compliant?> I would prefer a pre-queue content-filtering solution like MIMEDefang > or amavisd-new. > > Best regards, > > Morten
-------- Original-Nachricht --------> Datum: Tue, 24 Jul 2012 08:20:08 +0200 > Von: Radim Kolar <hsn at filez.com> > An: fy <fy at 5dshu.com> > CC: dovecot at dovecot.org > Betreff: Re: [Dovecot] what best for anti-spam filter?> > > what anti-spam for you used ? dspam?spammassian? amavisd-new ? what is > > best ? > i got best results with dspam + graylist. but dspam is not scalable > solution, it works only if you do not have many users. >The RICE university is using dspam on about 65K mailboxes without issues: http://it.rice.edu/spam.aspx Maybe your setup is the problem and not dspam?
On Tue, Jul 24, 2012 at 10:49 AM, Morten Stevens <mstevens at imt-systems.com> wrote:> No, greylisting is really a bad solution. It is not RFC compliant and delays > the mail traffic.Since when? RFC5321 was updated to handle delays and then there is RFC6647. -- .warren
On Tue, Jul 24, 2012 at 10:49:48AM +0200, Morten Stevens wrote:> No, greylisting is really a bad solution. It is not RFC compliantOf course it is. Have you readen RFC 6647?> and delays the mail traffic.Greylisting with whitelist and reputation-based greylisting delay makes it painless. -- Emmanuel Dreyfus manu at netbsd.org
> The RICE university is using dspam on about 65K mailboxes without issues: http://it.rice.edu/spam.aspxit works with such large number of user only if you use group shared spam/ham dictionaries.
Morten Stevens <mstevens at imt-systems.com> writes:> So it is now RFC compliant. Anyway I think delaying mail traffic is not > a good solution.Well, OK, if you not keen on greylisting, you can try greet pausing, which introduces a shorter delay. It tests a bot's patience by inserting a pre-HELO pause. RFC allows 5 minutes before timeout. This is last week's stat for one of my mail server and the count of early-talker or early-disconnecter, almost all of which are bots. A greet pause of over 20s dumps a lot of bots. Expect to whitelist the odd server here and there because they've tuned their servers to some aggressively small RFC non-compliant timeouts. Delay Disconnect/early-talkers 00 = 9 01 = 1 02 = 1 03 = 11 04 = 34 05 = 5 06 = 1 07 = 1 08 = 3 09 = 3 10 = 9 11 = 1 12 = 2 16 = 7 17 = 10 18 = 4 19 = 17 20 = 1161 21 = 431 22 = 61 23 = 43 24 = 13 Joseph Tam <jtam.home at gmail.com>
On Tue, Jul 24, 2012 at 12:51 PM, Joseph Tam <jtam.home at gmail.com> wrote:> > Well, OK, if you not keen on greylisting, you can try greet pausing, > which introduces a shorter delay. >This, works well. Interesting your sweet spot is around 20seconds, I found 13s to be the right mark. -- .warren
Try this: http://www.junkemailfilter.com/spam/ On 7/23/2012 8:58 PM, fy wrote:> what anti-spam for you used ? dspam?spammassian? amavisd-new ? what is > best ? > > >
On 24.7.2012, at 16.46, Patrick Ben Koetter wrote:> this is a mailing list dedicated to Dovecot and the protocols POP, IMAP and > MANAGESIEVE with the one or the other detour to storage. > > Greylisting and other Anti-Spam techniques, as discussed in this thread, > truely are off-topic. Please take discussion offlist or to another list that > deals with such stuff.I think threads like this and storage and maybe others could be moved to some wiki pages. It could be helpful to have a list of possibilities discussing their upsides and downsides, which would work much better in a wiki page than spread into 100 different messages in this list. So, anyone feel free to create http://wiki2.dovecot.org/AntiSpam and start filling it out.
Am 25.07.2012 13:31, schrieb Timo Sirainen:> On 24.7.2012, at 16.46, Patrick Ben Koetter wrote: > >> this is a mailing list dedicated to Dovecot and the protocols POP, IMAP and >> MANAGESIEVE with the one or the other detour to storage. >> >> Greylisting and other Anti-Spam techniques, as discussed in this thread, >> truely are off-topic. Please take discussion offlist or to another list that >> deals with such stuff. > > I think threads like this and storage and maybe others could be moved to some wiki pages. It could be helpful to have a list of possibilities discussing their upsides and downsides, which would work much better in a wiki page than spread into 100 different messages in this list. > > So, anyone feel free to create http://wiki2.dovecot.org/AntiSpam and start filling it out. >hi Timo, good idea, thx for this by the way , the best anti spam filter , would be the one ,you dont need *g -- Best Regards MfG Robert Schetterer
Den 2012-07-24 05:58, fy skrev:> what anti-spam for you used ? dspam?spammassian? amavisd-new ? what > is > best ?depends of your gool, if you like to have user controls, then dovecot, dovecot-antispam, with dspam is best, save the spamassassin resources here amavisd-new is NOT an spam filter btw and if you want to have no user control then go for spamassassin currently here i plan to drop spamassassin and only use dspam via dovecot antispam plugin, it save me resources on dns, with lately here is unstable like hell, and talking to dns hosters helps nothing :/
Den 2012-07-24 08:20, Radim Kolar skrev:>> what anti-spam for you used ? dspam?spammassian? amavisd-new ? what >> is >> best ? > i got best results with dspam + graylist. but dspam is not scalable > solution, it works only if you do not have many users.depends on backend imho i know a hoster that only have dspam filtering pr user level, no complains seen in the forum