Solved

Postifx Spam Solution/Problem

Posted on 2006-11-25
4
202 Views
Last Modified: 2010-03-18
A former employee of my company developed a spam filtering solution with Postifx/spamassassin for our clients who chose to host their email on their own server. The solution, as best as I can understand it, works like this:

Postifx pipes incoming messages to a script called "spamfilter" which lies in /usr/local/bin/. This script sends the message to spamc for spam checks. Once this is done, it checks the number of *'s are in the header section marked "X-Spam-Level:" and uses that to determine if the message is then delievered or if it is routed to another email address.

As of now, the mail is being checked, spam is being correctly flagged, but instead of routing to an alternate email address, it is still being delivered to the users mailbox (with a clearly mared "*******SPAM*******" in the subject line). I need to know as soon as possible how to remedy this as my clients are now getting a lot of spam.

Here is the script:

# Variables
SENDMAIL="/usr/sbin/sendmail.postfix -i"
EGREP=/bin/egrep

# Directory to put high score spam into:
# (NOTE: Create this directory and give it same permissions as /var/tempfs)
SIDELINE_DIR=/var/spool/spam

# Exit codes from <sysexits.h>

EX_UNAVAILABLE=69

# Number of *'s in X-Spam-level header needed to sideline message:
# (Eg. Score of 5.5 = "*****" )

SPAMLIMIT=6

# Clean up when done or when aborting.

trap "rm -f /var/tempfs/out.$$" 0 1 2 3 15

# Pipe message to spamc

cat | /usr/bin/spamc -u spamfilter > /var/tempfs/out.$$

if $EGREP -q "^X-Spam-Level: \*{$SPAMLIMIT,}" < /var/tempfs/out.$$

   then

      # Option 1: Move high scoring messages to sideline dir so a human can look at them later:
      #cp /var/tempfs/out.$$ $SIDELINE_DIR/`date +%Y-%m-%d_%R`-$$

      # Option 2: Change the Email address where you want your spam to get fwd to
         $SENDMAIL spambox@example.com < /var/tempfs/out.$$

else
     $SENDMAIL "$@" < /var/tempfs/out.$$
fi

# Postfix returns the exit status of the Postfix sendmail command.

exit $?



Here is my master.cf file from Postfix. I put comments on the lines which are important:




# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd
 -o content_filter=spamfilter:dummy                    #<----------IMPORTANT
 -o smtpd_sasl_auth_enable=yes
#smtps    inet  n       -       n       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission   inet    n       -       n       -       -       smtpd
#  -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_etrn_restrictions=reject
#628      inet  n       -       n       -       -       qmqpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
#tlsmgr   fifo  -       -       n       300     1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
spamfilter unix - n n - - pipe                                                                                             #<----------IMPORTANT
        flags=Rq user=spamfilter argv=/usr/local/bin/spamfilter -f ${sender} -- ${recipient}   #<----------IMPORTANT
0
Comment
Question by:medium_grade
4 Comments
 
LVL 14

Accepted Solution

by:
pablouruguay earned 250 total points
ID: 18018333
is think you have the wrong solution in here, because the spammers change all every day.. and this script will be out of date nearly.

dont reinvent the weel, install spamassassin and milter-grey-list  and solve your problems...
0
 
LVL 39

Assisted Solution

by:noci
noci earned 250 total points
ID: 18020015
Or insert amavisd-new into the mail reception train.
It will also handle virus checking.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now