Mailing List Archive: SpamAssassin: users

SA on outgoing SMTP servers

Index | Next | Previous | View Threaded

uhlar at fantomas

Sep 9, 2011, 8:20 AM

Post #1 of 5 (280 views)
Permalink

SA on outgoing SMTP servers

Hello,

due to many spam problems (outbreaks) in history, we check for
spamminess on outgoing mail servers.

However there are rules that should not apply on them.

- Dynamic/blacklist (except URIBL) checks
I can avoid these by defining local server to msa_networks

- ALL_TRUSTED
I'm sure I have to turn this off, does it also apply to dependencies?
What about !ALL_TRUSTED dependencies?

- SPF checks
While we should reject/quarantine e-mail that does not match SPF, it
should not apply to domains we are designed to send mail for .
(SPF records include us)

... any other ideas?
--
Matus UHLAR - fantomas, uhlar [at] fantomas ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm

robert at schetterer

Sep 9, 2011, 11:17 AM

Post #2 of 5 (263 views)
Permalink

Re: SA on outgoing SMTP servers [In reply to]

Am 09.09.2011 17:20, schrieb Matus UHLAR - fantomas:
> Hello,
>
> due to many spam problems (outbreaks) in history, we check for
> spamminess on outgoing mail servers.
>
> However there are rules that should not apply on them.
> - Dynamic/blacklist (except URIBL) checks
> I can avoid these by defining local server to msa_networks
>
> - ALL_TRUSTED
> I'm sure I have to turn this off, does it also apply to dependencies?
> What about !ALL_TRUSTED dependencies?
>
> - SPF checks
> While we should reject/quarantine e-mail that does not match SPF, it
> should not apply to domains we are designed to send mail for .
> (SPF records include us)
>
>
> ... any other ideas?

try using clamav-milter with sanesecurity antispam signatures
this should avoid a lot of outgoing spam

--
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

uhlar at fantomas

Sep 12, 2011, 4:36 AM

Post #3 of 5 (263 views)
Permalink

Re: SA on outgoing SMTP servers [In reply to]

>Am 09.09.2011 17:20, schrieb Matus UHLAR - fantomas:
>> due to many spam problems (outbreaks) in history, we check for
>> spamminess on outgoing mail servers.
>>
>> However there are rules that should not apply on them.
>> - Dynamic/blacklist (except URIBL) checks
>> I can avoid these by defining local server to msa_networks
>>
>> - ALL_TRUSTED
>> I'm sure I have to turn this off, does it also apply to dependencies?
>> What about !ALL_TRUSTED dependencies?
>>
>> - SPF checks
>> While we should reject/quarantine e-mail that does not match SPF, it
>> should not apply to domains we are designed to send mail for .
>> (SPF records include us)
>>
>>
>> ... any other ideas?

On 09.09.11 20:17, Robert Schetterer wrote:
>try using clamav-milter with sanesecurity antispam signatures
>this should avoid a lot of outgoing spam

Maybe, but this is not what I have asked for, and it won't help me a
bit resolving my problem, sorry.
--
Matus UHLAR - fantomas, uhlar [at] fantomas ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Chernobyl was an Windows 95 beta test site.

uhlar at fantomas

Sep 16, 2011, 7:04 AM

Post #4 of 5 (249 views)
Permalink

Re: SA on outgoing SMTP servers [In reply to]

On 09.09.11 17:20, Matus UHLAR - fantomas wrote:
>due to many spam problems (outbreaks) in history, we check for
>spamminess on outgoing mail servers.
>
>However there are rules that should not apply on them.
>
>- Dynamic/blacklist (except URIBL) checks
>I can avoid these by defining local server to msa_networks
>
>- ALL_TRUSTED
>I'm sure I have to turn this off, does it also apply to dependencies?
>What about !ALL_TRUSTED dependencies?
>
>- SPF checks
>While we should reject/quarantine e-mail that does not match SPF, it
>should not apply to domains we are designed to send mail for .
>(SPF records include us)
>
>
>... any other ideas?

Further watching and thinking advises me to:

- skip all RBL checks that check on IP address, which means all except
rfci and ahbl

- zero (or, make nearly zero) RDNS_NONE and TVD_RCVD_SINGLE

- MAYBE define all hosts as trusted/internal

- MAYBE use first scoreset, as if we didn't do network checks, even if
we do RAZOR, PYZOR, DCC, URIBL's, rfci etc...
(would be worth checking)

--
Matus UHLAR - fantomas, uhlar [at] fantomas ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory.

uhlar at fantomas

Sep 16, 2011, 9:14 AM

Post #5 of 5 (248 views)
Permalink

Re: SA on outgoing SMTP servers [In reply to]

>>due to many spam problems (outbreaks) in history, we check for
>>spamminess on outgoing mail servers.
>>
>>However there are rules that should not apply on them.
>>
>>- Dynamic/blacklist (except URIBL) checks
>>I can avoid these by defining local server to msa_networks
>>
>>- ALL_TRUSTED
>>I'm sure I have to turn this off, does it also apply to dependencies?
>>What about !ALL_TRUSTED dependencies?

>- skip all RBL checks that check on IP address, which means all
>except rfci and ahbl
>
>- zero (or, make nearly zero) RDNS_NONE and TVD_RCVD_SINGLE

I have implemented these until now:

score ALL_TRUSTED 0
meta __DOS_DIRECT_TO_MX (0)
score RDNS_NONE 0
score TVD_RCVD_SINGLE 0

--
Matus UHLAR - fantomas, uhlar [at] fantomas ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
99 percent of lawyers give the rest a bad name.

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads