Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1417
  • Last Modified:

Postfix+Spamassassin Disable outgoing check


Hello,

is it possible to disable checking for outgoing messages in postfix/spamassassin because of it's blocking many mails which my clients are writing/sending via outlook?
It's achieving nearly 6 of 5.0 required points and after I'm using smtp-auth on this server it is better for me to disable this checking.

j79
0
j79
Asked:
j79
  • 6
  • 6
1 Solution
 
Karl Heinz KremerCommented:
How are you starting spamassassin from postfix? I'm also have psotvix/spamassassin on my machine, but here spamassassin is started from Procmail, so it only gets run for incomming mails.
0
 
j79Author Commented:

I'm starting it via postfix in master.cf:

smtp      inet  n       -       n       -       -       smtpd  
   -o content_filter=postfixfilter:


postfixfilter unix -    n       n       -       -       pipe
 flags=Rq user=filter argv=/usr/local/filter/postfixfilter -f ${sender} -- ${recipient}

0
 
Karl Heinz KremerCommented:
Are you running Procmail as well on your server?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
j79Author Commented:

Procmail is available but it's not running with any command now.
Instead my postfixfilter-script is looking like:

#!/bin/sh

SENDMAIL=/usr/sbin/sendmail
SPAMASSASSIN=/usr/bin/spamc

EX_TEMPFAIL=75
EX_UNAVAILABLE=69

cat | $SPAMASSASSIN -f > out.$$ #|| # { echo Message content rejected; exit $EX_UNAVAILABLE; }

grep "^X-Spam-Status: Yes" out.$$ > /dev/null 2>&1

if [ $? -ne 0 ]
then
  $SENDMAIL "$@" < out.$$
fi


0
 
Karl Heinz KremerCommented:
This is what I have in my /etc/procmailrc:

# SpamAssassin sample procmailrc
#
# Pipe the mail through spamassassin (replace 'spamassassin' with 'spamc'
# if you use the spamc/spamd combination)
#
# The condition line ensures that only messages smaller than 250 kB
# (250 * 1024 = 256000 bytes) are processed by SpamAssassin. Most spam
# isn't bigger than a few k and working with big messages can bring
# SpamAssassin to its knees.
#
# The lock file ensures that only 1 spamassassin invocation happens
# at 1 time, to keep the load down.
#
:0fw: spamassassin.lock
* < 256000
| spamassassin

# Work around procmail bug: any output on stderr will cause the "F" in "From"
# to be dropped.  This will re-add it.
:0
* ^^rom[ ]
{
  LOG="*** Dropped F off From_ header! Fixing up. "

  :0 fhw
  | sed -e '1s/^/F/'
}



This only marks spam and does not remove it. In my home directory's .procmailrc I have these rules:

# Mails with a score of 15 or higher are almost certainly spam (with 0.05%
# false positives according to rules/STATISTICS.txt). Let's put them in a
# different mbox. (This one is optional.)
:0:
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
Mail/SPAM.almost-certainly-spam

# All mail tagged as spam (eg. with a score higher than the set threshold)
# is moved to "probably-spam".
:0:
* ^X-Spam-Status: Yes
Mail/SPAM.probably-spam
# Mails with a score of 15 or higher are almost certainly spam (with 0.05%
# false positives according to rules/STATISTICS.txt). Let's put them in a
# different mbox. (This one is optional.)
:0:
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
Mail/SPAM.almost-certainly-spam

# All mail tagged as spam (eg. with a score higher than the set threshold)
# is moved to "probably-spam".
:0:
* ^X-Spam-Status: Yes
Mail/SPAM.probably-spam


You can remove the spam right in the /etc/procmailrc by redirecting it to /dev/null

:0:
* ^X-Spam-Status: Yes
/dev/null



0
 
j79Author Commented:

OK, another question.
Can I add my postfixfilter-script into the procmailrc? Is procmailrc accepting "/bin/sh" scripts?
I would like to let everything as it is.. only disable checking the outgoing mails.

j79
0
 
Karl Heinz KremerCommented:
No, you have to use valid procmail syntax for anything in the procmailrc file.
If I understand your script correctly, you are sending the received email via sendmail if it does not contain spam. If you do receive spam, the mail is not fowarded. YOu may have a small problem: It does not look like you are ever deleting the temporary files out.$$

My if you use the redirection to /dev/null that I mentioned in my last comment, you should have exactly the same behavior: No need to create user level .procmailrc files.

Give it a try.
0
 
j79Author Commented:

Let me think... is it correct if I give this to my procmailrc

:0 fw
| /usr/local/filter/postfixfilter

and let my postfixfilter (see copy above) not being started by postfix in master.cf ?
Procmail could start spamassassin by the script and my outgoing messages wouldn't be checked, or?


j79

0
 
Karl Heinz KremerCommented:
This could work, but you probably should not start the filter as "filter" (the "f" flag). A filter is something that creates output and Procmail would then use the output and further process it. Because your filter is already sending the mail, you don't want to continue to process anything that the postfixfilter would create (potentially error messages). BUT: You need to make sure that anything that's already filtered will not processed by the filter again! If you don't do anything, the mail will be queued to sendmail in your postfixfilter, and will be received by Postfix again, and will be handed of to Procmail again.

I would not do this however. This will create more overhead, and potentially a mail loop. Just use the redirection to /dev/null for Spam. This much more efficient, and does not create any potential problems.
0
 
j79Author Commented:

I remember now why I didn't use procmail for this issue.
Procmail is checking only spam delivered to a mailbox and not to forwarding addresses.
So I would need to check the user mailbox for spam, to check forwarded addresses for spam but not outgoing messages.

j79

0
 
Karl Heinz KremerCommented:
You could whitelist the addresses of your clients, so that regardless of their content, these email messages will not get flagged as spam. (and not change your current setup at all).
0
 
j79Author Commented:

Good idea... I have now to make a script to autmatically add my domains into whitelist but it's not so bad.

Thank you
j79
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now