Solved

Postifx Spam Solution/Problem

Posted on 2006-11-25
4
212 Views
Last Modified: 2010-03-18
A former employee of my company developed a spam filtering solution with Postifx/spamassassin for our clients who chose to host their email on their own server. The solution, as best as I can understand it, works like this:

Postifx pipes incoming messages to a script called "spamfilter" which lies in /usr/local/bin/. This script sends the message to spamc for spam checks. Once this is done, it checks the number of *'s are in the header section marked "X-Spam-Level:" and uses that to determine if the message is then delievered or if it is routed to another email address.

As of now, the mail is being checked, spam is being correctly flagged, but instead of routing to an alternate email address, it is still being delivered to the users mailbox (with a clearly mared "*******SPAM*******" in the subject line). I need to know as soon as possible how to remedy this as my clients are now getting a lot of spam.

Here is the script:

# Variables
SENDMAIL="/usr/sbin/sendmail.postfix -i"
EGREP=/bin/egrep

# Directory to put high score spam into:
# (NOTE: Create this directory and give it same permissions as /var/tempfs)
SIDELINE_DIR=/var/spool/spam

# Exit codes from <sysexits.h>

EX_UNAVAILABLE=69

# Number of *'s in X-Spam-level header needed to sideline message:
# (Eg. Score of 5.5 = "*****" )

SPAMLIMIT=6

# Clean up when done or when aborting.

trap "rm -f /var/tempfs/out.$$" 0 1 2 3 15

# Pipe message to spamc

cat | /usr/bin/spamc -u spamfilter > /var/tempfs/out.$$

if $EGREP -q "^X-Spam-Level: \*{$SPAMLIMIT,}" < /var/tempfs/out.$$

   then

      # Option 1: Move high scoring messages to sideline dir so a human can look at them later:
      #cp /var/tempfs/out.$$ $SIDELINE_DIR/`date +%Y-%m-%d_%R`-$$

      # Option 2: Change the Email address where you want your spam to get fwd to
         $SENDMAIL spambox@example.com < /var/tempfs/out.$$

else
     $SENDMAIL "$@" < /var/tempfs/out.$$
fi

# Postfix returns the exit status of the Postfix sendmail command.

exit $?



Here is my master.cf file from Postfix. I put comments on the lines which are important:




# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd
 -o content_filter=spamfilter:dummy                    #<----------IMPORTANT
 -o smtpd_sasl_auth_enable=yes
#smtps    inet  n       -       n       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission   inet    n       -       n       -       -       smtpd
#  -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_etrn_restrictions=reject
#628      inet  n       -       n       -       -       qmqpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
#tlsmgr   fifo  -       -       n       300     1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
spamfilter unix - n n - - pipe                                                                                             #<----------IMPORTANT
        flags=Rq user=spamfilter argv=/usr/local/bin/spamfilter -f ${sender} -- ${recipient}   #<----------IMPORTANT
0
Comment
Question by:medium_grade
4 Comments
 
LVL 14

Accepted Solution

by:
pablouruguay earned 250 total points
ID: 18018333
is think you have the wrong solution in here, because the spammers change all every day.. and this script will be out of date nearly.

dont reinvent the weel, install spamassassin and milter-grey-list  and solve your problems...
0
 
LVL 40

Assisted Solution

by:noci
noci earned 250 total points
ID: 18020015
Or insert amavisd-new into the mail reception train.
It will also handle virus checking.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Linux neworking 4 132
Linux : can't create transaction lock error 1 84
Linux Networking : What is of bond interface & when it will be useful 18 122
FTP output from Wireshak 6 102
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question