[Dovecot] Struggling with antispam

Fri Mar 7 12:14:10 UTC 2014

** Alan Chandler <alan at chandlerfamily.org.uk> [2014-03-06 08:01]:
> On 06/03/14 07:48, Alan Chandler wrote:
> >However, when I try to make this work with anitspam, I keep
> >getting failure, and I can't work out what is causing it.  Maybe
> >its again because I am running with uid 10001 when calling
> >sendmail but I don't know.
> >
> >antispam config is
> >
> >plugin {
> >...
> 
> >   antispam_pipe_program=/usr/bin/sendmail
> 
> Arrg:
> 
> I have been struggling with this all yesterday evening.  Two minutes
> after posting this I realise it is /usr/sbin/sendmail, not
> /usr/bin/sendmail
> 
> Sorry for the noise  (Although I would prefer to use the dspam
> backend if I could).
> 
> It is not working yet - postfix has rejected the mail because it
> came from an unknown sender (dspam at chandlerfamily.org.uk) I could
> use %u on the sender address - but then my sieve script to save
> outgoing mail would have to change to ignore mail aimed at the spam
> addresses.
** end quote [Alan Chandler]

I wouldn't worry about it. I've done this plenty of times in the past, usually
when I lack somebody (often completely non-technical) to try and explain things
to. Sometimes it can be worth blogging or documenting - sorry to use that word
;) - things instead of boring somebody with at technical explanation - or
posting something to a mailing list :)

Anyway, as an aside to this, I've been amazed how effective greylisting has
been - so much so a that on my server I've not got round to putting the full
anti-spam configuration back in. I should imagine that on a raspberry pi the
reduced load either of not running the anti-spam or much less mail being
checked would be welcome.

Without going into technical detail, all I am doing is greylisting anything
that comes in and is on a RBL. Non RBL stuff gets straight through, so if a
proper mail server is spamming and not yet on a RBL it doesn't help. If a
legitimate server has ended up on a RBL by mistake it will try again (although
so will a compromised one) and just be slowed down. The vast majority of spam,
for me at least it seems, just doesn't bother to retry so there is no need to
use processing power to scan it. Of course at some point the spammers will
improve their processes no doubt, but for now they just seem to want to churn
it out to anyone that will accept it without question and bother the rest. My
volume of mail is pretty low (only a few thousand a day I think), so the hassle
of setting up scanning hasn't been worth effort - yet - for the small volume of
spam that gets through (although being a long term Mutt user for my mail I find
I fly through managing mail compared to using a mouse).

-- 
 Paul Tansom  |  Aptanet Ltd.  |  http://www.aptanet.com/  |  023 9238 0001
=============================================================================
Registered in England | Company No: 4905028 | Registered Office: Ralls House,
Parklands Business Park, Forrest Road, Denmead, Waterlooville, Hants, PO7 6XP