Thanks Phil,
Is there a way to use policyd with Sendmail? I have used Sendmail for years and it has worked alright.
One solution I have considered but have no idea to implement is to have my mail go to another server using the MX routing in DNS and have it forward the "clean" messages to my server. I have looked for a paid mail host which would provide this sort of service but I have not found anything.
Brennan
On Fri, 5 Jan 2007 15:52:09 -0600, "Phil Cryer" wrote:
On 1/5/07, Brennan Stehling <brennan@offwhite.net> wrote:I have been using SpamAssassin, but I have had problems where incoming spam causes the server to become unresponsive for long periods of time. This is obviously unacceptable. I am pretty sure the biggest part of the problem is that fact that is running with Perl. I have had problems with Perl before when I wrote CGI applications where it can lock up a server if you are handling a lot of data.
I specifically have it set to only handle messages under a certain size, but I still have problems.
I host other things on the same server, like my DNS and Web servers so I cannot allow the spam filter to kill the performance of all applications. Is there something better that I could do? I am seriously considering having all of my mail aliased to my Gmail account and not allow incoming mail to be stored on this server. If I do that I will not be using RC, which I would like to continue using and helping with the development effort.
Brenden
Two ideas, one, use spamc http://spamassassin.apache.org/full/3.0.x/dist/doc/spamc.html for SA checks and two use something like policyd http://policyd.sourceforge.net/ that will handle greylisting, rate limiting, Spamtrap monitoring and blacklisting, HELO checks, with auto blacklisting. Basically it listens before Postfix (or whatever MTA) and grabs the mail first, only passing it on once it's happy with it. It's also a c program, and you can now have it hook into clamav as well. It's pretty light, plus it takes away a bunch of work that your MTA used to have to do. Honestly I've been running it lately and not bothering with SA, since I have a .procmailrc rule to fwd all mail to my Gmail acct which deals with the spam really well - just as you desc. It can check with clamav if it has an attachment and deny it there. The downside is I haven't had time to configure/use RC for awhile (I used to have Gmail forward all mail to my home server since I only used RC back then!)
I used to have a very convoluted plan with greylisting/sa/rules-du-jour/clam/razor/dcc and other checks, all handled by Mailscanner, which is more perl, and yeah, I felt the heat and dropped most of it after I discovered policyd. If you do that alone you'll reduce your load a lot. Just adding that w/o sa really reduced my spam amount, if I get back into it I need to put SA (or as I was leaning towards dspam) in the mix with it. I also still want to get my openbsd box in the mix to handle spamd to do the phoney smtp tarpit server, but that's later even though it's pretty much setup. Anyway, a simplier plan right now at home:
INTERNET -> policyd -> (clamav) -> Postfix -> procmail -> Gmail
hth
P
Brennan Stehling
Offwhite.net LLC
brennan@offwhite.net
--
"Without music, life would be a mistake" - Friedrich Nietzsche
Brennan Stehling Offwhite.net LLC brennan@offwhite.net