Postfix analysis

Discussion in 'Installation/Configuration' started by sjswarts, Oct 25, 2012.

  1. sjswarts

    sjswarts New Member

    G'day guys,

    I run ISPConfig 3 on a Debian VPS and I'm looking for a way to effectively increase my SPAM protection without getting false positives. Now I realize that its a fine line but surely there must be a way to have a WebGUI which is fed stats from a Cron job that records Postfix's SPAM handling.

    This seems like a solution but hasn't been updated for a long time:

    I'm hoping there is something to quickly and efficiently bring my attention (email everyday/week) that alerts me to SPAM etc. Then if my clients complain that they aren't getting emails from someone I can adjust postfix accordingly.

    Anyway just thought I would ask your opinions.
    All the best,
    ISPConfig rocks and I'm hanging out for a stable release of ISPConfig 3.0.5

    Steven Swarts
  2. cbj4074

    cbj4074 Member

    Given that ISPConfig is designed to work with SpamAssassin, SA seems like the obvious choice. Are you not already using it on your ISPConfig server?

    Your clients should always receive mail, even if it is almost positively SPAM. That's what a "Junk" folder is for. Deleting mail automatically is strongly discouraged, and if I'm not mistaken, illegal in some places.

    Also, don't get into the business of adjusting anything manually (beyond basic SPAM Policy configuration). The most effective way to combat SPAM (in my experience) is with a well-trained Bayes (Bayesian) database. SpamAssassin uses a Bayes database, and the fastest (and arguably most effective) way to train it is to let your users do the training.

    If your server uses Dovecot to handle incoming mail, you can use the Antispam Plug-in, which enables your users to drag mail from Inbox to Junk and train the Bayes database in real-time. Conversely, for false-positives, users can drag messages from Junk to Inbox, and the Bayes database will be trained accordingly.

    If your server uses Amavis to interact with SpamAssassin (my preferred setup), you can use the amavis-stats package to generate comprehensive graphs (generated with rrdtool) regarding SPAM, viruses, etc.

    Finally, you can use a tool like logwatch to receive daily digests that include a detailed list of how every message was handled ("Stored to Inbox", "Stored to Junk", etc.).

    I haven't read through the post that you cited, so I don't know how this advice compares; take it for what it's worth . :)
    Last edited: Oct 26, 2012
  3. sjswarts

    sjswarts New Member

    G'day cbj4074,

    First up sorry for the delay, much is going on.
    Secondly I like your position in regard to keeping it user dependent, solely for the fact that they can decide what is SPAM and what is HAM.
    However some of my clients freak out when they receive any SPAM even in their Junk folder. I guess its to be expected and that is all part of helping them understand.

    I setup my server with ISPConfig 3 and Debian Squeeze using this tutorial:

    Part of the tutorial is to include Amavisd-new, SpamAssassin and Clamav. So my system (if not mistaken) is similar to yours.

    You mention a Plugin for Dovecot (which I use) is that simply just following this tutorial: or is something more involved? I don't want to mess anything up with ISPConfig 3 either.

    Awhile ago I used this tutorial

    to "harden" my system but after some input from other members I choose not to change all the ports for ISPConfig, phpmyadmin, etc. However is any of this usable? For example it talks about php speed increasing and mysql database tuning... Are these industry accepted methods??

    Thank you for your time,
    Steven Swarts
  4. cbj4074

    cbj4074 Member

    Likewise; sorry for the delayed response.

    Yes; this is a user education issue. I've had users insist that "really spammy spam" be deleted automatically, and then the same users throw a fit when a "super, ultra important" message is deleted automatically and unrecoverable. Your users will hate you either way.

    Yes, it seems that we have very similarly-configured systems. You should be able to follow the same instructions for using Antispam that I did.

    Regarding the Dovecot Antispam plug-in, there is complex and convoluted history behind the source code that makes downloading, installing, and configuring the plug-in quite difficult -- unless you know which questions to ask.

    Which version of the plug-in you install, and which installation instructions you use, depend entirely on which version of Dovecot you use (v1 vs. v2).

    I am using Ubuntu 10.04 (until 12.04 is well-vetted), so I'm stuck with an obsoleted version of Dovecot (1.2.9). This version of Dovecot requires the version 1 ("Johannes") plug-in, whereas Dovecot 2 requires the version 2 ("Eugene") plug-in. (Johannes developed v1, and Eugene took-over with v2.)

    There's a lot of useful information in a thread that I started on the Dovecot mailing list, regarding this very issue:

    That thread contains everything you could possibly need to install the plug-in and get it up-and-running.

    That said, feel free to reply with any questions if you get stuck.

    Finally, regarding the Extending Perfect Server tutorial, I have not followed it myself, although, upon a cursory review, I have taken most of the measures outlined therein on my systems. Overall, that tutorial is unrelated to Dovecot + Antispam plug-in, and I don't see any issues there.

    If you are asking whether or not you should complete some or all of that tutorial, in general, I would say, "Yes, but not blindly." For example, there are aspects of that tutorial that no longer apply (because the affected software has been patched in a future release, for example), and following those steps will actually break software that may have been working without issue previously.

    Unless you are an expert, you run the risk of creating more problems than you solve.
    Last edited: Nov 7, 2012

Share This Page