ASSP and Postfix HowTo

Discussion in 'HOWTO-Related Questions' started by Slicer, Nov 13, 2006.

  1. Slicer

    Slicer Member

    Was taking a look at this howto and wanted to see if there was anything from the Postfix HotTo that would need to be changed.

    http://www.howtoforge.com/antispam_smtp_proxy

    Postfix Howto used:

    http://www.howtoforge.com/virtual_postfix_mysql_quota_courier

    I am also using Greylisting to smack the spmmers around a bit.

    Can anyone tell me if there are any issues that I could possibly run into? From the article it looks like you install and config and off you go. Would like to add this if possible. Would love to add this if it would help beat back the "canned meat by-product" people. :D
     
  2. falko

    falko Super Moderator Howtoforge Staff

    I haven't tested this, but according to the ASSP tutorial the only change to Postfix is this one:

    So if it doesn't work, undo this change, and your old setup should be working again.
     
  3. Slicer

    Slicer Member

    Thanks Falko

    Do you think this would add anything over what your Howto already does?

    If it works that is one thing, but I don't want to be duplicating efforts already in place if it is not going to buy me anything. I worked hard on getting my setup right based on your Howto and being a bit of a mewbie, don't want to mess things up.

    Thanks again for your response.

    Slicer
     
  4. ovis

    ovis New Member HowtoForge Supporter

    Safety Rollback

    Your right, there is some double effort in fighting spam here. And initialy it doesnt work so nice. But when the filter gets seeded with spam/ham it gets better and better. Maby it makes spammassasin obsolete etc. But it still works.

    So if it dont work for you, you can still go back to the old situation. I figure thats handy if you have a big ISPConfig system. If your statifiyed with the proxy you might uninstall spamassassin etc. But it wont hurd to have it as a backup.

    The essence of a proxy is an inbetween strategie where dirt gets kicked at the port of entance. In this way it can be an entirely different machine too.

    If you do not want to have all kind of problems in the begin you just have to run in test mode. Its in the interface. after a week you go to "real" mode.

    There is a email Interface so your users can interactively modifiy the whitelists seed the spam filter and notify false positives.

    And as Falco said just remove
    Code:
    localhost:
    in /etc/postfix/master.cf and your back where you begon.

    Gr Ovis
     
  5. falko

    falko Super Moderator Howtoforge Staff

  6. Slicer

    Slicer Member

    Thanks!!

    Thanks for the feedback guys!

    One last question (hopefully). I also have greylisting turned on. This has been a huge help in my current config. Should I disable this after I install ASSP as it appears to be built in?

    Thanks again,

    Slicer
     
  7. ovis

    ovis New Member HowtoForge Supporter

    Just try out

    I dont see why you can run both systems at the same time. After some monitoring you can decide if your current solution become obsolete and remove it. You might concider it a backup solution. Spam/Virus fighting consist of combining complementary systems.

    As far as i know ASSP makes a greylist and uploads it when you run updatespamdb.pl and have all sort of lists too (white / black / red)

    Let me know about your experiences.

    Gr Ovis
     
  8. stik

    stik New Member HowtoForge Supporter

    ASSP Installation

    Can this be installed on a separate server? I already have an ISPConfig server running quite nicely, and would like to have the added protection of ASSP.

    What kind of changes in the install and configuration would have to be done?

    Thanks!
     
  9. nbc

    nbc New Member

    Adding this to an existing system??

    I am running Fedora with Postfix and SpamAssassin. I've added the greylisting module as well. If I install this software, do I need to remove or disable SpamAssassin or can I just continue to let it run for now?

    thanks,

    nbc
     
  10. nbc

    nbc New Member

    Where to install?

    A related question to the one above... I'm looking at the how-to and it says to tell the program to listen at 123.123.123.123:25 and forward to localhost:25. But does that mean I can't run this on my mail server? If my mail server IS 123.123.123.123 - then that seems to imply an infinite loop. So I'm a bit confused. My setup is that I have a Linux box running as a mail and web server and a firewall, and it is connected directly to my cable modem. It runs postfix to receive mail. How do I set ASSP up to intercept mail coming in to postfix? I was assuming I would run ASSP directly on my mail server machine - am I missing something simple here??

    thanks

    nbc
     
  11. falko

    falko Super Moderator Howtoforge Staff

    I don't think it's necessary to install it on a seperate server as there's really only one line that you change in your Postfix configuration. If it doesn't work, just change it back.
     
  12. falko

    falko Super Moderator Howtoforge Staff

    No, that's not necessary.

    Yes, that's right.
     
  13. nbc

    nbc New Member

    Getting ASSP running...

    Hi - Thanks for the information. I have installed ASSP on my system and it seems to be running. However, I'm seeing the following entries in the ASSP log:

    ============
    Nov-21-06 12:04:50 66.94.237.56 <sentto-13943032-29509-1164128937-nbc=aikisoft.com@returns.groups.yahoo.com> to: [email protected] message ok
    Nov-21-06 12:05:25 204.16.105.18 <[email protected]> to: [email protected] Bayesian spam
    Nov-21-06 12:05:26 63.118.7.109 <[email protected]> to: [email protected] Bayesian spam
    Nov-21-06 12:05:35 213.170.65.42 <[email protected]> RBLCache: 213.170.65.0 blocked by sbl-xbl.spamhaus.org (06-11-21/12:03)
    ===========
    The first and last entries are fine - a message delivered correctly, and one blocked. But the nbuser and gnucash user messages - did those bounce? Or were they thought to be spam? I don't see them in my mailbox, and I don't see them in the spam directory. Am I starting to lose messages? Or worse, am I generating bounce traffic on those mailing lists?

    I'd appreciate a quick response so I don't screw things up for other people...

    thanks very much!

    nbc
     
  14. falko

    falko Super Moderator Howtoforge Staff

    I haven't tried ASSP yet, so I don't know. Maybe you can see from your mail log what happened to the mails.
     
  15. nbc

    nbc New Member

    Missing incoming messages...

    Hi - Here are the corresponding entries in /var/log/maillog for yesterday when I got the message from ASSP about incoming spam from nbusers. The 'lost connection' implies that the programs were not talking to each other, but I don't know how to verify that. I didn't get the message, and I don't see it in either the spam or the notspam directory...

    ===========
    Nov 21 12:05:24 aikisoft postfix/smtpd[24385]: EA2B7FF43: client=localhost.aikis
    oft.com[127.0.0.1]
    Nov 21 12:05:25 aikisoft postfix/smtpd[24385]: lost connection after DATA from l
    ocalhost.aikisoft.com[127.0.0.1]
    Nov 21 12:05:25 aikisoft postfix/smtpd[24385]: disconnect from localhost.aikisof
    t.com[127.0.0.1]
    Nov 21 12:05:25 aikisoft postfix/smtpd[24296]: 65237FF43: client=localhost.aikis
    oft.com[127.0.0.1]
    Nov 21 12:05:25 aikisoft postfix/smtpd[24385]: connect from localhost.aikisoft.c
    om[127.0.0.1]
    Nov 21 12:05:25 aikisoft postfix/smtpd[24385]: lost connection after CONNECT fro
    m localhost.aikisoft.com[127.0.0.1]
    Nov 21 12:05:25 aikisoft postfix/smtpd[24385]: disconnect from localhost.aikisof
    t.com[127.0.0.1]
    Nov 21 12:05:26 aikisoft postfix/smtpd[24296]: lost connection after DATA from l
    ocalhost.aikisoft.com[127.0.0.1]
    Nov 21 12:05:26 aikisoft postfix/smtpd[24296]: disconnect from localhost.aikisof
    t.com[127.0.0.1]
    Nov 21 12:05:34 aikisoft postfix/smtpd[24385]: connect from localhost.aikisoft.c
    om[127.0.0.1]
    =============

    Can anyone tell me what is actually happening here? I did get a couple of messages delivered to my mailbox, I found several messages in the spam directory, and I found 1 false positive in the spam directory, so the program looks like it is doing something and might well be useful. But if it is going to randomly discard messages, that won't be acceptable... I'm guessing I have something set up incorrectly, but I don't know where to look - any help would be appreciated...

    One more thing. I disabled ASSP and restarted postfix - and 2 test messages that I had sent home (from my office at work) showed up in my mailbox a few minutes later - they had been dropped or lost while ASSP was running...

    Help!?

    thanks

    nbc
     
  16. falko

    falko Super Moderator Howtoforge Staff

    What's the output of
    Code:
    netstat -tap
    when you get these errors in your mail log? What's in /etc/postfix/master.cf?
     
  17. nbc

    nbc New Member

    Getting ASSP running...

    The disconnect problem is at least temporarily solved.. Someone suggested turning on all the test mode options, and when I do that, it seems that mail is being delivered through to my mailbox without those errors. That's the good news. The bad news is that virtually everything is marked as SPAM. I think that is because I'm just starting and don't have a good 'ham' database yet. If, after I get it trained and turn off the testmode, I start getting these disconnect problems, I'll get back to you with the netstat output...

    Some messages are getting deposited in the 'spam' directory, but most are not. I can take the few false positives and put them in the 'notspam' directory. But I have not been able to figure out how to properly collect a set of 'good' messages to place them into the notspam directory so I can train the program. Can someone tell me how to do that? Can I drop an entire mailbox (ie /var/mail/nbc) into the 'notspam' directory or does each file in notspam have to be a single email message by itself?

    Thanks very much - enjoy the long weekend...

    nbc
     
  18. falko

    falko Super Moderator Howtoforge Staff

    I'd try both ways and see if you get any errors. (I wish I could tell you, but I really don't know...)
     
  19. nbc

    nbc New Member

    Can't send email with ASSP running...

    Regarding the database, I'll try copying /var/mail/nbc into the notspam directory in a few days after I get enough spam to construct a database...

    Meanwhile, I discovered yesterday that I can't send any mail. I have other machines in the house that send SMTP mail to my mail gateway which forwards it on to the InterNet. Those connections are now being refused with ASSP running. I reset the postfix master.cf file so I could get some important messages out - but what do I need to modify to allow my other internal machines to get mail out of the system?

    thanks,

    nbc
     

Share This Page