LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 10-07-2010, 03:10 PM   #1
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,189

Rep: Reputation: 60
Spam/virus Fetchmail Option


My client has finally had enough of being attacked via SPAM/Viruses and having his single email account for his company being destroyed. Since it is a single account and he does not want to add additional accounts or create a new one(mail is hosted by ISP), I wanted to ask the forum on their opinion on using Fetchmail to download the POP3 mail and having it piped through SMAM Assassion or DSpam and or CLAM_AV or F-PROT. In addition to that I am going to use a corporate strength anti-virus such as F-prot(Been using for years) and really put this email through a microscope. I also was thinking of just blocking out all domains other than his clients list of domains so in other words block all and allow just the domains that we know are valid and are only from his clients. It is super restrictive but what I believe will end his issue. Any comments?
 
Old 10-07-2010, 04:06 PM   #2
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, RPi OS, Mint & Android
Posts: 13,416

Rep: Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835
I did this for myself a while back. The approach I used was to pipe through

1. Vipul's razor. This alone counted caught over half of the spam, and sidelined it.
2. DCC. While messier to set up, this caught bulk mail.Not much in my case.
3. spamd/spamc from spamassassin. I had sessions for a few weeks trying mail. I would fiddle rules and scores on false positives and negatives trying to get them to land correctly. Because of the nature of the spam I was getting, I had a 95% - 103% coverage (approximately). This meant my dodgy brother in the States always ended up in the spam, but I felt that was the right place for him. You would have to back off a little on my settings for a commercial outfit.

By penalizing exes and zips in spamassassin I got away with no anti-virus, but that was before the days of sophisticated worms and the like. I would be using clamav now.

I also tracked what rules were actually hitting. I found some of the extra rule sets were very good, and the bulky standard ones hit nothing. As my box was resource challenged, I lifted some of those. I would have problems with bulk mail as too many procmail processes stopped it.

I wouldn't block domains. There are lists you can use spamhaus, etc. Bear in mind with fetchmail, you can't reject mail.

Last edited by business_kid; 10-07-2010 at 04:12 PM.
 
Old 10-08-2010, 02:13 PM   #3
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,189

Original Poster
Rep: Reputation: 60
would it be better to use sendmail(MTA) procmail(organize mail), dovecot(IMAP and POP stuff)? Also as far as SPAM filtering/Virus protection is concerned which is preferred(SPAM ASSASSIN, DSPAM, SPAM BAYES? Also as far as an anti-virus is concerned I prefer to use F-prot(I have used it for years) and am not confident in what clamav can do. I have never used it an office environment. Thanks
 
Old 10-09-2010, 03:41 AM   #4
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, RPi OS, Mint & Android
Posts: 13,416

Rep: Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835
you are more or less stuck with procmail, because if you're picking from an isp, rejecting mail isn't open to you. Picture it - fetchmail getting the next message and you saying 'I don't want it.' You will need an mta. I used postfix, because it's secure & configurable. Avoid qmail, if you want my advice.

I don't know where it's going, btw. With only one email, I imagine one person must be responsible for it internally. Beware of permissions; procmail barfs if your user's mail directories aren't owned by that user with permissions 0600.

A more normal thing is to have a mail server deciding whose mail it is, several email addresses, and nobody has to distribute it. You can set up a domain and have three or four external addresses fetched and added into the mix(info@, sales@, m.d.@, returns@). That is better.
 
Old 10-09-2010, 03:22 PM   #5
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,189

Original Poster
Rep: Reputation: 60
this client is avid on having just one e-mail account. I will go the postfix, procmail,dovecot,f-prot and spamassassin route. Can you recommend a decent how to for what I want to do? Ok Let me see if I understand this correctly. I have 2 options:

1 - The simpler of the too. Go with fetchmail, procmail, dovecot,Spam Assassin and F-prot. I wont have to create an MX record, I would just pull down the POP3 mail and have procmail organize it,SPAMASSASSIN/F-PROT to filter the e-mail and use dovecot for the IMAP connections and ultimately have outlook client configured to pull the e-mail from the server.

2 - The more difficult of the too. Go with postfix, procmail, dovecot, spamassassin/f-prot and bind. Create a MX record to point to my internal e-mail server from the ISP, Setup a bind for DNS and setup postfix to receive the e-mail. Then use procmail to organize the e-mail and use spamassassin/f-prot to filter it. Then use dovecot for IMAP a connection and simple setup the outlook clients for IMAP pointing the server for e-mail.

Any feedback?

Last edited by metallica1973; 10-09-2010 at 03:42 PM.
 
Old 10-10-2010, 04:42 AM   #6
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, RPi OS, Mint & Android
Posts: 13,416

Rep: Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835
I would do

3. Use fetchmail for the external account. Have some internal server (which sendmail requires) even if only to pump mail at one address via vipul's razor, clamav, dcc, & spamassassin in that order (for minimal processing effort) Use procmail to achieve this.

Offer the option of internal company email addresses if the client wants them. Creating the MX record is something isps is very loath to do except for a big outfit. If you do it it simply will never be consulted unless the isp points at it.
 
Old 10-11-2010, 07:40 AM   #7
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,189

Original Poster
Rep: Reputation: 60
so have fetchmail pull the pop mail to an internal postfix/procmail/dovecot/mailscanner server ?
 
Old 10-12-2010, 03:35 AM   #8
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, RPi OS, Mint & Android
Posts: 13,416

Rep: Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835Reputation: 1835
You are not giving us details of your options. I took it that the company had one email address on an isp somewhere, and that this was not to be changed.
If that isn;'t the case, outline what is.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
sendmail+fetchmail+procmail consider as a spam ssilayaraja Linux - Networking 10 05-09-2008 08:47 AM
Virus and Spam filtering ayush1440 Linux - Server 2 02-15-2008 11:07 AM
Spam/Virus filter for e-mail metallica1973 Linux - Security 8 03-26-2006 07:41 PM
fetchmail with interface option vkrishn1 Linux - Enterprise 0 02-14-2005 05:59 PM
Spam+Postfix+Fetchmail DavidHayes Linux - Software 0 03-29-2004 10:31 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 10:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration