From owner-freebsd-isp@FreeBSD.ORG Wed Apr 6 03:58:03 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F66B16A4CE for ; Wed, 6 Apr 2005 03:58:03 +0000 (GMT) Received: from sta.galis.org (sta.galis.org [66.250.170.210]) by mx1.FreeBSD.org (Postfix) with SMTP id CCC8643D4C for ; Wed, 6 Apr 2005 03:58:02 +0000 (GMT) (envelope-from george@galis.org) Received: (qmail 11395 invoked from network); 6 Apr 2005 03:58:01 -0000 Received: from ixeon.local (192.168.80.100) by sta.galis.org with SMTP; 6 Apr 2005 03:58:01 -0000 Received: (qmail 5821 invoked by uid 2000); 6 Apr 2005 03:58:01 -0000 From: "George Georgalis" Date: Tue, 5 Apr 2005 23:58:01 -0400 To: freebsd-isp@freebsd.org Message-ID: <20050406035801.GD5693@ixeon.local> References: <000801c539f8$95268750$6745a8c0@MESE> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <000801c539f8$95268750$6745a8c0@MESE> Subject: Re: Antispam solutions X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2005 03:58:03 -0000 On Tue, Apr 05, 2005 at 11:00:16AM -0500, Phillip Salzman wrote: > >So - my question is what some of you were using for ISP-based antispam, and >do you know of a user-manageable quarantine for SA? We have roughly 90k >users and 11k domains. > The following system works well for me. Use QMAILQUEUE patch and the following program to queue mail from tcpserver (which has lots of whitelisted subnets from trusted/prefiltered domains). Since you want per user quarantine, I would suggest rather than 'maildir "${scq}" ...' you extract RCPT from env and qmail-inject it with an envelope from quarantine@you.com, and whitelist that delivery IP. * anything that your SA processes as ham will be handed to qmail-queue during smtp, with status returned to sending smtp * anything that your SA processes as spam will be rejected in smtp but still delivered to rcpt in a way that they can filter it with their client and that will prevent spam with wrong addressed from being returned to forged from I've been thinking about extending my system the way you describe for a while, just not done it yet. the script below has worked very well for nearly a year, multiple concurrent mx work fine, and with that many clients you will probably want a spamd cluster network. (The sleep commands are very effective for emergency throttling of spamd) #!/bin/bash # exit 31 = permanently refuse # exit 71 = temporarily refusee # pwd is /var/qmail echo $0 # for the logs scq="spamc-queue" # a maildir with qmaild write perms tmp="${scq}/`safecat "${scq}/tmp" "${scq}" /dev/null <"$tmp" # save it to verify no falseys rm "$tmp" exit 31 ;; *) # spamc error, echo "$0 error, spamc exit $sce" exit 71 esac exit 81 # Internal bug my /service/spamd/run #!/bin/sh exec spamd -i -A 127.0.0.0/8,10.0.0.0/8,192.168.0.0/16 -m ${MAX} --username=qmaild --syslog=stderr 2>&1 // George -- George Georgalis, systems architect, administrator Linux BSD IXOYE http://galis.org/george/ cell:646-331-2027 mailto:george@galis.org