Subject: The mailing list for listmasters using Sympa
List archive
Re: [sympa-users] connecting Sympa to anti-spam/anti-virus software
- From: Cefiar <address@concealed>
- To: address@concealed
- Subject: Re: [sympa-users] connecting Sympa to anti-spam/anti-virus software
- Date: Wed, 1 Nov 2006 23:56:51 +1100
On Wednesday 01 November 2006 23:14, Miles Fidelman wrote:
> This is a result of the fairly standard setup I'm using, and it seems
> less than optimal. I wonder if anybody has any thoughts on a better setup.
>
> Basic Setup:
> Linux (Debian)
> Postfix
> amavisd-new
> spamassassin
> clamAV
>
> Every message is scanned on it's way into to the system, before being
> passed on for delivery. So... every message that gets to Sympa is
> either clean, or marked as possible Spam (low score) - and I have a
> scenari defined to bounce possible Spam to list owners. I don't use the
> Sympa settings to scan messages, because they've already been scanned.
What you want to do is disable content filtering on the local mail injection.
This is ONLY useful if the local injection system is ONLY used for processing
mail with sympa. If you inject mail into the system locally
(via /usr/bin/sendmail or via a web interface) that is untrusted in some way,
then you do NOT want to do this without some further planning and
configuration.
In postfix's master.cf file, edit the entry for the 'pickup' service so that
it looks like this:
pickup fifo n - - 60 1 pickup
-o content_filter=
The "-o content_filter=" is the important bit here. It disables the
content_filter entry (which is the way amavisd-new is usually implemented),
so that it isn't used for this injection/delivery service.
This is the same method used by amavisd-new itself to allow the message to be
reinjected into the mailer without being caught in a loop.
> Seems like a large waste of resources. Can anybody suggest a better
> approach? (Of course that then leads to the question of how to deal
> with messages that are submitted via the web interface).
For the setup I take care of, this is generally a non-issue, as the person
has
to be manually approved as a subscriber before they can even read the lists,
let alone post via the web interface. While it's possible that they could
submit spam this way, it's fairly unlikely.
Of course, if sympa could be set up to submit web posts via a different
executable (or one with different parameters), then it could probably be
submitted to a different injection/delivery service which has
content_filtering enabled.
Hope this helps.
--
Stuart Young - aka Cefiar - address@concealed
-
[sympa-users] connecting Sympa to anti-spam/anti-virus software,
Miles Fidelman, 11/01/2006
-
Re: [sympa-users] connecting Sympa to anti-spam/anti-virus software,
Cefiar, 11/01/2006
- Re: [sympa-users] connecting Sympa to anti-spam/anti-virus software, Miles Fidelman, 11/01/2006
-
Re: [sympa-users] connecting Sympa to anti-spam/anti-virus software,
Cefiar, 11/01/2006
Archive powered by MHonArc 2.6.19+.