Solved

Confused about Mailscanner

Posted on 2004-04-09
7
693 Views
Last Modified: 2008-02-01
I know what some of you are thinking "no not this dork again". Sorry its my obsessive personality I cant help it :)

I have a few questions to ask and maybe a few more depending on the answers I get. If it gets too involved or you feel its worth more than 500 points then don't hesitate to let me know, I will gladly open up a new post of needed :)

I have been running a postfix+spamassassin+procmail (sitewide setup with /etc/procmailrc) setup with Maildir. I would like to use Mailscanner but I am having a hard time understanding how my setup needs to adapt for Mailscanner to fit in. I have a few questions

I do not need procmail anymore for the MDA right? If I do not need procmail anymore how does spam that is tagged by spamassassin and Mailscanner get put in ~/Maildir/.spam/cur
Or do I still need procmail?

I really like how spammassassin tags spam and scores and reports on its results. How does mailscanner work? When mail arrives it gets scanned by mailscanner but then what. Lets say that it is spam and it get tags as such. Does it then get passed on to spamassassin for scanning also. See this is the part that is confusing to me. Would someone mind explaining to me how this works.

I am more interested in Mailscanner for filtering out mail with specific attachements than anything else at this point. The file filetype.rules.conf from what I understand controlls all of this. For example can I just do "deny exe" instead of "deny executable".

Thanks,
AD
0
Comment
Question by:illtbagu
  • 3
  • 2
  • 2
7 Comments
 
LVL 7

Accepted Solution

by:
troopern earned 250 total points
ID: 10796115
MailScanner is a neat tool for spam filtering, indeed.

1.
Setting up MailScanner with postfix requires you do setup 2 daemons of postfix to be running. On for recieving mails, sending them to MailScanner for filtering. And when that's done MailScanner sends it to the next daemon that will take care of the maildir delivery.

2.
MailScanner works like following:
It uses SpamAssassing for scanning spam mails, it is capable of spamscanning itself, but that function I don't really know the effectivity of since I've always used SpamAssassin with my MailScanner setups. In short: MailScanner uses SpamAssassin, and doesn't send to SA afterwards.

3.
Denying executable probably means denying .exe, .com and other executable fileformats.
You should be able to do a "deny exe" without a doubt. But as far as I'm concerned it's bundled into "executable" since .exe is an executable filetype =).

I hope this helps you understanding MailScanner, I'm willing to answer more questions that might come up.
0
 
LVL 1

Author Comment

by:illtbagu
ID: 10797828
I have 2 postfix daemons setup and running, mailscanner is setup and tagging the headers.

When I think of excutable I think of
bat|cmd|com|js|jse|msi|msp|ocx|pif|reg|scr|vb|vbe|vbs|wsc|wsf|exe
I have procmailrc setup on my home email server to delete any mail with these types of attachements and it works great. I will just use Mailscanner to do this for me now.

What antivirus works best with Mailscanner? What antivirus is the easyest to setup?

Here is how I picture things working as of right now without mailscanner
postfix ---> procmail ---> Maildir
                           |
                           |---------- > spamassassin

Here is how I picture things working with mailscanner
postfix.in ---> Mailscanner ---> postfix ---> procmail ---> Maildir
                                  |
                                  |---------- > spamassassin

I would still need to use procmail if I would like all detected spam to get delivered to the users spam box. I didn't hear any arguments otherwise so I will just assume this is the standard way of doing things with mailscanner.

I can just call out procmail to be used in this file /etc/postfix/main.cf like so
mailbox_command = /usr/bin/procmail
Am I right?

Thanks for your help
0
 
LVL 7

Expert Comment

by:troopern
ID: 10818483
Yeah, you can call procmail like that.

You can add custom filetypes that is not allowed in MailScanner, right now I don't exactly remember how do to that. Haven't got it on a machine in within my reach, but the documentation that comes with MailScanner describes this good.

Procmail will probably be the best way of sorting messages to the users spambox. I haven't setup a similiar function in MailScanner myself yet.

Sorry for the late reply, I've been quite buzy lately with studies and Easter celebration...
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 
LVL 20

Expert Comment

by:Gns
ID: 10824750
Um, did you really look through the excellently commented /etc/MailScanner/MailScanner.conf file? Look at the section starting with
# What to do with spam
... Note that it is MailScanner that actually performs these actions (default is more or less "none"...in the disguise "deliver":-). Since it would be less than fruitful to let both samassassin and MailScanner do spam RBL lookups, you should probably lookat making sure only one does... ISTR MailScanner by default is configured to "do it itself":).
Note that both filename and filetype checking come into play, so look through/adjust both.

And you shouldn't _need_ any particular procmail filters for what you want to do, but you can (of course:-) have 'em;)

-- Glenn
0
 
LVL 1

Author Comment

by:illtbagu
ID: 10825730
So then If I don't need procmail how can I get all spam that has been tagged to be put in a folder called spam in the users mailbox? Before procmail did this. Are you saying that Mailscanner can do this for me?
0
 
LVL 20

Assisted Solution

by:Gns
Gns earned 250 total points
ID: 10831087
Nono, either I read you wrong, or the other way around:-).
Procmail is still superior for "per user" delivery, but... why deliver confirmed spam, when there is such a remote possibility of "false positives"? All the alternative settings for handling spam in MailScanner can make sense ... depending on situation.
For example, dropping confirmed spam with a
High Scoring Spam Actions = delete
and perhaps notifying the recipient that suspected spam has been quarantined and is available upon request with a
Spam Actions = store notify
or perhaps just convert the message to an attachment to the warning message and deliver it with a
Spam Actions = attachment deliver
would be a workable solution. Still using procmail for the users convenience... Or the admins:-)... to do further things with the message at local delivery.
It wouldn't make sense to remove procmail from the equation... It's to damn versatile a tool to give up:-). You/your users might still want to make arbitrary _other_ sortings of the incoming messages...
What I'm implying is that there are other ways of dealing with spam than a straight delivery... is all.

One good thing (in my book at least) is that MailScanner will enforce the same rules pretty much regardless of direction of the mail (incoming or outgoing), so even if you haven't done any "NDR-spamming measures" you'd still be pretty insulated (postfix'll be able to take care of that too... Of course... Especially if you've been smart enough to have configured recipient_maps (local and/or relay).

BTW, I'm using clam for antiviral scanning, and (since I'm "fronting M-Sexchange") at local deliver also have virusscan in its "groupshield for exchange" guise. I'd rather drop M-Sexchange in the dustbin, but... well, corporate politics..:-). Clam is very easy, as well as the MailScanner config...:-). But from a MailScanner perspective _any_ AV program will do (well, noting the virusscan strangeness about links:-).

-- Glenn
0
 
LVL 1

Author Comment

by:illtbagu
ID: 10843556
Thanks
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question