Was taking a look at this howto and wanted to see if there was anything from the Postfix HotTo that would need to be changed.

http://www.howtoforge.com/antispam_smtp_proxy

Postfix Howto used:

http://www.howtoforge.com/virtual_postfix_mysql_quota_courier

I am also using Greylisting to smack the spmmers around a bit.

Can anyone tell me if there are any issues that I could possibly run into? From the article it looks like you install and config and off you go. Would like to add this if possible. Would love to add this if it would help beat back the "canned meat by-product" people. :D

I haven't tested this, but according to the ASSP tutorial the only change to Postfix is this one:

Edit /etc/postfix/master.cf

Change :

smtp inet n - n - - smtpd

to:

localhost:smtp inet n - n - - smtpd

So if it doesn't work, undo this change, and your old setup should be working again.

Do you think this would add anything over what your Howto already does?

If it works that is one thing, but I don't want to be duplicating efforts already in place if it is not going to buy me anything. I worked hard on getting my setup right based on your Howto and being a bit of a mewbie, don't want to mess things up.

Thanks again for your response.

Slicer

Your right, there is some double effort in fighting spam here. And initialy it doesnt work so nice. But when the filter gets seeded with spam/ham it gets better and better. Maby it makes spammassasin obsolete etc. But it still works.

So if it dont work for you, you can still go back to the old situation. I figure thats handy if you have a big ISPConfig system. If your statifiyed with the proxy you might uninstall spamassassin etc. But it wont hurd to have it as a backup.

The essence of a proxy is an inbetween strategie where dirt gets kicked at the port of entance. In this way it can be an entirely different machine too.

If you do not want to have all kind of problems in the begin you just have to run in test mode. Its in the interface. after a week you go to "real" mode.

There is a email Interface so your users can interactively modifiy the whitelists seed the spam filter and notify false positives.

And as Falco said just remove localhost: in /etc/postfix/master.cf and your back where you begon.

Gr Ovis

If you want to go absolutely sure, you can make an image of your system before you make any changes: http://www.howtoforge.com/howto_linux_systemimager

Thanks for the feedback guys!

One last question (hopefully). I also have greylisting turned on. This has been a huge help in my current config. Should I disable this after I install ASSP as it appears to be built in?

Thanks again,

Slicer

I dont see why you can run both systems at the same time. After some monitoring you can decide if your current solution become obsolete and remove it. You might concider it a backup solution. Spam/Virus fighting consist of combining complementary systems.

As far as i know ASSP makes a greylist and uploads it when you run updatespamdb.pl and have all sort of lists too (white / black / red)

Let me know about your experiences.

Gr Ovis

Can this be installed on a separate server? I already have an ISPConfig server running quite nicely, and would like to have the added protection of ASSP.

What kind of changes in the install and configuration would have to be done?

Thanks!

I am running Fedora with Postfix and SpamAssassin. I've added the greylisting module as well. If I install this software, do I need to remove or disable SpamAssassin or can I just continue to let it run for now?

thanks,

nbc

A related question to the one above... I'm looking at the how-to and it says to tell the program to listen at 123.123.123.123:25 and forward to localhost:25. But does that mean I can't run this on my mail server? If my mail server IS 123.123.123.123 - then that seems to imply an infinite loop. So I'm a bit confused. My setup is that I have a Linux box running as a mail and web server and a firewall, and it is connected directly to my cable modem. It runs postfix to receive mail. How do I set ASSP up to intercept mail coming in to postfix? I was assuming I would run ASSP directly on my mail server machine - am I missing something simple here??

thanks

nbc

Can this be installed on a separate server? I already have an ISPConfig server running quite nicely, and would like to have the added protection of ASSP.

What kind of changes in the install and configuration would have to be done?

Thanks!
I don't think it's necessary to install it on a seperate server as there's really only one line that you change in your Postfix configuration. If it doesn't work, just change it back.

do I need to remove or disable SpamAssassin
No, that's not necessary.

I was assuming I would run ASSP directly on my mail server machineYes, that's right.

Hi - Thanks for the information. I have installed ASSP on my system and it seems to be running. However, I'm seeing the following entries in the ASSP log:

============
Nov-21-06 12:04:50 66.94.237.56 <sentto-13943032-29509-1164128937-nbc=aikisoft.com@returns.groups.yahoo.com> to: nbc@aikisoft.com message ok
Nov-21-06 12:05:25 204.16.105.18 <nbusers-return-81262-nbc=aikisoft.com@netbeans.org> to: nbc@aikisoft.com Bayesian spam
Nov-21-06 12:05:26 63.118.7.109 <gnucash-user-bounces@gnucash.org> to: nbc@aikisoft.com Bayesian spam
Nov-21-06 12:05:35 213.170.65.42 <726tadd@irklavimas.lt> RBLCache: 213.170.65.0 blocked by sbl-xbl.spamhaus.org (06-11-21/12:03)
===========
The first and last entries are fine - a message delivered correctly, and one blocked. But the nbuser and gnucash user messages - did those bounce? Or were they thought to be spam? I don't see them in my mailbox, and I don't see them in the spam directory. Am I starting to lose messages? Or worse, am I generating bounce traffic on those mailing lists?

I'd appreciate a quick response so I don't screw things up for other people...

thanks very much!

nbc

I haven't tried ASSP yet, so I don't know. Maybe you can see from your mail log what happened to the mails.

Hi - Here are the corresponding entries in /var/log/maillog for yesterday when I got the message from ASSP about incoming spam from nbusers. The 'lost connection' implies that the programs were not talking to each other, but I don't know how to verify that. I didn't get the message, and I don't see it in either the spam or the notspam directory...

===========
Nov 21 12:05:24 aikisoft postfix/smtpd[24385]: EA2B7FF43: client=localhost.aikis
oft.com[127.0.0.1]
Nov 21 12:05:25 aikisoft postfix/smtpd[24385]: lost connection after DATA from l
ocalhost.aikisoft.com[127.0.0.1]
Nov 21 12:05:25 aikisoft postfix/smtpd[24385]: disconnect from localhost.aikisof
t.com[127.0.0.1]
Nov 21 12:05:25 aikisoft postfix/smtpd[24296]: 65237FF43: client=localhost.aikis
oft.com[127.0.0.1]
Nov 21 12:05:25 aikisoft postfix/smtpd[24385]: connect from localhost.aikisoft.c
om[127.0.0.1]
Nov 21 12:05:25 aikisoft postfix/smtpd[24385]: lost connection after CONNECT fro
m localhost.aikisoft.com[127.0.0.1]
Nov 21 12:05:25 aikisoft postfix/smtpd[24385]: disconnect from localhost.aikisof
t.com[127.0.0.1]
Nov 21 12:05:26 aikisoft postfix/smtpd[24296]: lost connection after DATA from l
ocalhost.aikisoft.com[127.0.0.1]
Nov 21 12:05:26 aikisoft postfix/smtpd[24296]: disconnect from localhost.aikisof
t.com[127.0.0.1]
Nov 21 12:05:34 aikisoft postfix/smtpd[24385]: connect from localhost.aikisoft.c
om[127.0.0.1]
=============

Can anyone tell me what is actually happening here? I did get a couple of messages delivered to my mailbox, I found several messages in the spam directory, and I found 1 false positive in the spam directory, so the program looks like it is doing something and might well be useful. But if it is going to randomly discard messages, that won't be acceptable... I'm guessing I have something set up incorrectly, but I don't know where to look - any help would be appreciated...

One more thing. I disabled ASSP and restarted postfix - and 2 test messages that I had sent home (from my office at work) showed up in my mailbox a few minutes later - they had been dropped or lost while ASSP was running...

Help!?

thanks

nbc

What's the output of netstat -tap when you get these errors in your mail log? What's in /etc/postfix/master.cf?

The disconnect problem is at least temporarily solved.. Someone suggested turning on all the test mode options, and when I do that, it seems that mail is being delivered through to my mailbox without those errors. That's the good news. The bad news is that virtually everything is marked as SPAM. I think that is because I'm just starting and don't have a good 'ham' database yet. If, after I get it trained and turn off the testmode, I start getting these disconnect problems, I'll get back to you with the netstat output...

Some messages are getting deposited in the 'spam' directory, but most are not. I can take the few false positives and put them in the 'notspam' directory. But I have not been able to figure out how to properly collect a set of 'good' messages to place them into the notspam directory so I can train the program. Can someone tell me how to do that? Can I drop an entire mailbox (ie /var/mail/nbc) into the 'notspam' directory or does each file in notspam have to be a single email message by itself?

Thanks very much - enjoy the long weekend...

nbc

Can I drop an entire mailbox (ie /var/mail/nbc) into the 'notspam' directory or does each file in notspam have to be a single email message by itself?

I'd try both ways and see if you get any errors. (I wish I could tell you, but I really don't know...)

Regarding the database, I'll try copying /var/mail/nbc into the notspam directory in a few days after I get enough spam to construct a database...

Meanwhile, I discovered yesterday that I can't send any mail. I have other machines in the house that send SMTP mail to my mail gateway which forwards it on to the InterNet. Those connections are now being refused with ASSP running. I reset the postfix master.cf file so I could get some important messages out - but what do I need to modify to allow my other internal machines to get mail out of the system?

thanks,

nbc