#1  
Old 25th October 2012, 16:51
sjswarts sjswarts is offline
Senior Member
 
Join Date: May 2011
Location: Australia
Posts: 135
Thanks: 17
Thanked 5 Times in 5 Posts
Default Postfix analysis

G'day guys,

I run ISPConfig 3 on a Debian VPS and I'm looking for a way to effectively increase my SPAM protection without getting false positives. Now I realize that its a fine line but surely there must be a way to have a WebGUI which is fed stats from a Cron job that records Postfix's SPAM handling.

This seems like a solution but hasn't been updated for a long time:

http://www.howtoforge.com/forums/sho...stfix+Analysis

I'm hoping there is something to quickly and efficiently bring my attention (email everyday/week) that alerts me to SPAM etc. Then if my clients complain that they aren't getting emails from someone I can adjust postfix accordingly.

Anyway just thought I would ask your opinions.
All the best,
ISPConfig rocks and I'm hanging out for a stable release of ISPConfig 3.0.5

Regards,
Steven Swarts
Reply With Quote
Sponsored Links
  #2  
Old 26th October 2012, 23:10
cbj4074 cbj4074 is offline
Senior Member
 
Join Date: Nov 2010
Posts: 392
Thanks: 29
Thanked 58 Times in 50 Posts
Default

Given that ISPConfig is designed to work with SpamAssassin, SA seems like the obvious choice. Are you not already using it on your ISPConfig server?

Quote:
Then if my clients complain that they aren't getting emails from someone I can adjust postfix accordingly.
Your clients should always receive mail, even if it is almost positively SPAM. That's what a "Junk" folder is for. Deleting mail automatically is strongly discouraged, and if I'm not mistaken, illegal in some places.

Also, don't get into the business of adjusting anything manually (beyond basic SPAM Policy configuration). The most effective way to combat SPAM (in my experience) is with a well-trained Bayes (Bayesian) database. SpamAssassin uses a Bayes database, and the fastest (and arguably most effective) way to train it is to let your users do the training.

If your server uses Dovecot to handle incoming mail, you can use the Antispam Plug-in, which enables your users to drag mail from Inbox to Junk and train the Bayes database in real-time. Conversely, for false-positives, users can drag messages from Junk to Inbox, and the Bayes database will be trained accordingly.

If your server uses Amavis to interact with SpamAssassin (my preferred setup), you can use the amavis-stats package to generate comprehensive graphs (generated with rrdtool) regarding SPAM, viruses, etc.

Finally, you can use a tool like logwatch to receive daily digests that include a detailed list of how every message was handled ("Stored to Inbox", "Stored to Junk", etc.).

I haven't read through the post that you cited, so I don't know how this advice compares; take it for what it's worth .

Last edited by cbj4074; 26th October 2012 at 23:12.
Reply With Quote
  #3  
Old 30th October 2012, 03:16
sjswarts sjswarts is offline
Senior Member
 
Join Date: May 2011
Location: Australia
Posts: 135
Thanks: 17
Thanked 5 Times in 5 Posts
Default

G'day cbj4074,

First up sorry for the delay, much is going on.
Secondly I like your position in regard to keeping it user dependent, solely for the fact that they can decide what is SPAM and what is HAM.
However some of my clients freak out when they receive any SPAM even in their Junk folder. I guess its to be expected and that is all part of helping them understand.

I setup my server with ISPConfig 3 and Debian Squeeze using this tutorial:

http://www.howtoforge.com/perfect-se...ot-ispconfig-3

Part of the tutorial is to include Amavisd-new, SpamAssassin and Clamav. So my system (if not mistaken) is similar to yours.

You mention a Plugin for Dovecot (which I use) is that simply just following this tutorial: http://wiki2.dovecot.org/Plugins/Antispam or is something more involved? I don't want to mess anything up with ISPConfig 3 either.

Awhile ago I used this tutorial

http://www.howtoforge.com/extending-...ze-ispconfig-3

to "harden" my system but after some input from other members I choose not to change all the ports for ISPConfig, phpmyadmin, etc. However is any of this usable? For example it talks about php speed increasing and mysql database tuning... Are these industry accepted methods??

Thank you for your time,
Regards,
Steven Swarts
Reply With Quote
  #4  
Old 7th November 2012, 19:30
cbj4074 cbj4074 is offline
Senior Member
 
Join Date: Nov 2010
Posts: 392
Thanks: 29
Thanked 58 Times in 50 Posts
 
Default

Likewise; sorry for the delayed response.

Quote:
However some of my clients freak out when they receive any SPAM even in their Junk folder. I guess its to be expected and that is all part of helping them understand.
Yes; this is a user education issue. I've had users insist that "really spammy spam" be deleted automatically, and then the same users throw a fit when a "super, ultra important" message is deleted automatically and unrecoverable. Your users will hate you either way.

Yes, it seems that we have very similarly-configured systems. You should be able to follow the same instructions for using Antispam that I did.

Regarding the Dovecot Antispam plug-in, there is complex and convoluted history behind the source code that makes downloading, installing, and configuring the plug-in quite difficult -- unless you know which questions to ask.

Which version of the plug-in you install, and which installation instructions you use, depend entirely on which version of Dovecot you use (v1 vs. v2).

I am using Ubuntu 10.04 (until 12.04 is well-vetted), so I'm stuck with an obsoleted version of Dovecot (1.2.9). This version of Dovecot requires the version 1 ("Johannes") plug-in, whereas Dovecot 2 requires the version 2 ("Eugene") plug-in. (Johannes developed v1, and Eugene took-over with v2.)

There's a lot of useful information in a thread that I started on the Dovecot mailing list, regarding this very issue:

http://www.dovecot.org/list/dovecot/...ead.html#68114

That thread contains everything you could possibly need to install the plug-in and get it up-and-running.

That said, feel free to reply with any questions if you get stuck.

Finally, regarding the Extending Perfect Server tutorial, I have not followed it myself, although, upon a cursory review, I have taken most of the measures outlined therein on my systems. Overall, that tutorial is unrelated to Dovecot + Antispam plug-in, and I don't see any issues there.

If you are asking whether or not you should complete some or all of that tutorial, in general, I would say, "Yes, but not blindly." For example, there are aspects of that tutorial that no longer apply (because the affected software has been patched in a future release, for example), and following those steps will actually break software that may have been working without issue previously.

Unless you are an expert, you run the risk of creating more problems than you solve.

Last edited by cbj4074; 7th November 2012 at 19:45.
Reply With Quote
Reply

Bookmarks

Tags
analysis, false positive, postfix, spam, webgui

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting Email Working ISPConfig3 Squirrelmail and Courier etc Ian Wilson Installation/Configuration 17 19th June 2013 22:58
Postfix SMTP Auth to Dovecot Not Working -- HELP! Scratchpad Server Operation 6 12th April 2011 13:29
localhost postfix/master: fatal: bind 127.0.0.1 port 125: Permission denied g18c Installation/Configuration 4 24th March 2009 17:39
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 15:47
Verify email setup meekish Installation/Configuration 28 27th October 2006 15:36


All times are GMT +2. The time now is 16:16.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.