Just installed ISPconfig 3 (from the latest github master) on Ubuntu 16.04 with nginx, following this tutorial. Two things I bump into: - Apparently I have installed clamav, amavisd, spamassassin, postfix and dovecot. It is however unclear to me how e-mail routing is done now, for incoming and outgoing mail. For example; I used to have all headers containing "localhost" and "127.0.0.1" removed from mail going out of my servers, using header_checks in postfix but these don't seem to do anything when I send mail using an ISPconfig domain. Any method I've overlooked? Is postfix config being overruled somewhere I haven't seen? - I'm trying to find a reason that really proves the value of SA and amavisd to me, but it still seems enormously resource heavy/high maintenance mail-filtering for the gains. Smart use of RBLs, whitelists and just header_checks and body_checks does wonders, as far as my experience goes. I used to be quite happy with postfix and clamsmtpd doing *all* the filtering I need. I have years of mail-filtering experience in postfix, and it worked well. The only big change I would welcome is having the filtered mail appear in the user's Junk folder, systemwide. Is this hard to accomplish, or do I really need amavisd and SA to get there? Thanks for any and all advice, I love your panel thus far, especially since it's free.
Here's what I used to do without amavisd or spamassassin: https://gist.github.com/jult/1e319f284b580d1f72d734e51da4d8d3 I had clamsmtpd, postfix and dovecot installed for that.
All checks in postfix will reject the mail during the smtp-connect. The mail will pass postfix so you can not store the in any mailbox. I don't use header-checks in postfix. Better update sa-rules regulary and add some additonal rules. You can find some rules here.
After a little grepping I found out that someone somewhere has /etc/postfix/master.cf configged with two entries of: Code: -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks So, I've removed both of the "no_header_body_checks"; One for outgoing, the other for incoming mail, because I also would prefer to remove the annoying X-Spam-Status and X-Spam-Level headers. Postfix' regexp header_checks is the best tool for the job. It cleans up mail really well, and fast too. I really don't like all the header-abuse by software that pushes that. For those wanting the same, put Code: header_checks = regexp:/etc/postfix/header_checks smtp_header_checks = regexp:/etc/postfix/headers_out at the bottom of /etc/postfix/main.cf This is my /etc/postfix/headers_out file (for outgoing mail): Code: /^Received: .*localhost/ IGNORE /^Received:.*\[127\.0\.0\.1/ IGNORE /^.*amavisd-new/ IGNORE /^X-Spam-Level:/ IGNORE /^X-Spam-Status:/ IGNORE This is my /etc/postfix/header_checks file (for incoming mail): Code: /^X-Spam-Level:/ IGNORE /^X-Spam-Status:/ IGNORE and then reload the config; # postfix reload
I don't use the update-script shipped with several distributions: disabled by default runs daily runs sa-compile even if there are no new rules tries to start spamd not very usefull if you want to use additional channels You can add additional rules to the default script: ~line 64 in /etc/cron.daily/spamassassin: # Update umask 022 sa-update sa-update --nogpg --channel sa.schaal-it.net
This is confusing. I assume by the shipped update-script you mean /etc/cron.daily/spamassassin ? Since you also linked to your schaal-24 post, why would we want to use /etc/cron.daily/spamassassin in addition to that? I had removed it. I'm now only using /etc/cron.daily/sa-update which I installed using your link posted earlier.
you have CRON=0 in /etc/default/spamassassin by default so your cron.daily/spamassassin will not run. If you set cron to 1 this will run spamassassin reload (you don't need this with ispconfig).
Yes. amavis loads the spamassassin libs and rules internally, so you don't need a running spamassassin daemon.
There is a recommended block list in CSF. You can select the one you like. You can try the spamhaus list. I guess many of them are famous spam engines and unmanaged zombies: /etc/csf/csf.blocklists
Could you modify your script so that it won't output so much compilation history record which flood my cron log and block those useful information. Thanks. /etc/cron.daily/sa-update