How could i implment processing of wildcard MX records.. if the dns looked like

*.example.net MX 10 sv10.example.net

*.example.net MX 20 sv20.example.net

And i needed to forward all mail for *.example.net to some internal smtp servers... Can i do this in the SMTP transport map??

Hi all, i ended up sorting this out..

you can jsut simply use a wildcard in the relay_domains database.

Which RBLs are used in SV by default ( if any ) and how do you go about turning on some more?

Do I have to add more scores to improve

spam-protection or are the other scores given

automatically by spamassassin?

No, when you see entries like that, they are for adjusting the default score. That is, manually specifying the score for when a given rule is matched rather than accepting the defaults.

I have changed my local.cf scores from the SV default to look like:

score BAYES_99 6.000

score BAYES_95 4.000

score BAYES_80 3.000

score BAYES_60 2.000

score BAYES_50 0.000

score BAYES_40 -2.000

score BAYES_20 -3.000

score BAYES_05 -4.000

score BAYES_00 -6.000

score PYZOR_CHECK 5.00

score RAZOR2_CHECK 5.00

score DCC_CHECK 4.000

I don't actually use DCC right now, though I do Pyzor and Razor, but I left the score I made for it in place.

And i needed to forward all mail for *.example.net to

some internal smtp servers... Can i do this in the

SMTP transport map??

Yep. I would recommend you take a look at http://www.postfix.org/transport.5.html. Also, remember that the relay_domains file used only sets the domains that can be forwarded/relayed by SV, it does not tell SV what to do[/i] with those domains. That is the job of the transport map.

As a quick example, here is a snippet from the transport docs (though I recommend you read the whole thing and the relay_domains info to make sure you get your relays and your transports both set up OK):

**START SNIP**

The following sends all mail for example.com and its subdomains to host gateway.example.com:

example.com :\[gateway.example.com]

.example.com :\[gateway.example.com]

**END SNIP**

Is there a way to tweak the quarentine so that it is

not case sensitive like that?

jason_k:

Thanks very much for the report! I'll need to fix that!

Which RBLs are used in SV by default ( if any ) and

how do you go about turning on some more?

SURBLS is used, which is a URI RBL for HTML mail. Some other network checks, such as SPF, are also used. To enable more, you'll need to install whichever RBL plugin is needed for the service you intend to use, and then load it from /usr/local/etc/mail/spamassassin/init.pre. A load line looks similar to:

loadplugin Mail::SpamAssassin::Plugin::URIDNSBL

For some plugins that is all you need, and for others you may also need to add some lines to local.cf for configuration.

I recommend you run 'backup_conf' before and after adding the new stuff, just in case.

I'm trying to install on our mailserver in SMTP mode

using NAT rather than bridging for the network

connection:

The number one thing is, that if you can avoid doing this, I would. That is not always possible, however. I have to use NAT myself, as VMWare Server has never like to run bridged on my mail server, though VirtualPC could do so without issue.

Your first step will be to configure the forwarding of SMTP from the host. For VMWare Server on Windows, that can be done under Host -> Virtual Network Settings -> NAT -> Edit -> Port Forwarding. The simple case would be to add an entry for port 25 on the host to 25 on the guest. See below for some notes on picking the guest's IP address.

What then would be / how do I go about finding:

-the fully qualified hostname (of what ??)

The virtual machine. You are telling it what its hostname should be.

the IP address (is it the IP of the Virtual Machine

on the Virtual Network ??),

The virtual machine. Pick a free IP from your NAT subnet (eg, 192.168.221.0). IIRC, VMWare starts DHCP ranges at 128+, so: A. pick something below 128; B. Back on the NAT tab is gateway IP address. Don't pick that. If you pick something like '.10' you should be fine.

- the default gateway (??),

Of the NAT network. Continuing with the above net as an example, probable 192.168.221.2.

- DNS servers (should I just say yes to DHCP??),

Your DNS server. This doesn't have to be on the same network, so you can use your organization's DNS or your ISP's DNS, whichever is appropriate.

- the internal mail domain (what's the difference

between this and the next one ??),

This is something like mycompany.local. Sometimes the internal (eg, mycompany.local) and external (eg, mycompany.com) domains do not match, while other times they do. This is mainly a question of what your real mailserver expects to see as the domain name for its users.

- the name or address of the (real) mailserver ...

This is the existing mail server where the mail should really go. SV is just a proxy; it takes the mail, filters it, and then moves it along. This sets the destination for the "along." If you use a name, your DNS server needs to resolve it, or an entry needs in /etc/hosts. Else, you can use an IP address.

Again thanks if you can help me out ... I didn't find

the SV or Postfix documentation that explicit for

what I'm trying to do or my level of experience ...

Np, questions are good. One last thing is that you need to make sure your firewall, if you have one, on the host does not block the traffic. Odds are it will be fine but if you want to be able to SSH to your SV appliance from other boxes, your host will need to have routing enabled and not block that traffic, in addition to allowing the SV appliance to talk out, to the Internet.

SURBLS is used, which is a URI RBL for HTML mail.

Some other network checks, such as SPF, are also

used. To enable more, you'll need to install

whichever RBL plugin is needed for the service you

intend to use,

cool.. are there anymore RBLs that are worth setting up over the ones that are set up by default. i'm now using an expanded set of rules, regulary updated with the rule_de_jour ruleset, dcc, pyzor and razor2. This has reduced the spam in my own mail box from about 55 mesages per day to an average of 1.2. This is probably pretty much acceptable.

Thanks a bunch for the great appliance!

I've seen people mention they've updated spamassassin and clamav, but I haven't seen a detailed procedure. Will you be releasing an update that includes these, or some good detailed docs?

Is there a way to configure how a limit on how much spam is kept for viewing? Performance really takes a dive when the number of spam messages gets up there--I'd like to be able to set it to limit how much spam is kept either by date, quantity, or size limit.

Thanks & Merry Christmas!

Hi,

Pardon my ignorence, but First of all I wanted to know where can I post a new thread on this forum?

Secondly, I am a newbee therefore I would like to know that why am I not getting any spam filtered. Only messeges that got filtered, were viruses and BADH. But Spam still keeeps coming in. I also enabled Razor2 according to instructions. What do I need in order for the Spam to work.

Can you please help me?

Thanks in advance

Kumar

Theres quite a number of reasons that you may not be getting particulary good hit rates on Spam. Perhaps you could describe how you have your system set up a bit further.

Have you configured some addtional rule-sets to be used, and did you turn on rules_de_jour. Also i'd suggest you look at configuring DCC.

To resolve that and make reviewing the logs more

useful, I created a cron job that pre-computes the

reports once per hour. I then edited

'pflogstats.cgi' and have it reference the

pre-computed logs. Now it is instanteous; however

the data is up to an hour old.

Unless Teleaky says otherwise, I have made those

changes available on my ftp site that is hosting the

SpamVigilante download.

ftp://sv-ftp.westfallcomputing.com

Hey Netmavrik, i'm guessing this site is down now. I'd be very appreciative if you could post the your cron job that creates the logs somehwere

I have a more secure ftp now, so I set it up again.

Here is the link: ftp://209.223.47.90.83

User: vigilante

Pass: vigilante

Make sure you use ascii mode to ftp it into your setup. You replace the existing file in /usr/local/www/cgi-bin. The permissions and mode need to be the same as the existing file. You can then setup a cron job to call this script as needed. Be warned though, pflogstats is slow and uses a lot of CPU. If you call it too frequently, it will run continuously. I don't use it anymore myself because of this.

Good luck with it.

I have a more secure ftp now, so I set it up again.

Thanks.

Be warned though, pflogstats is slow and uses a lot

of CPU. If you call it too frequently, it will run

continuously. I don't use it anymore myself because

of this.

I'm looking to build a 'daily' emailed report that i'll send out rather than display via a web page. Do you use something else that produces a similar styled report?

The other thing i'd like to do, is run reports that can combine data from several different servers at the same time.. I receive about 120,000 messages a day, for approx 1800 users. In order to get the level of redundancy that i need, i'm runing 3 different SV servers. I thinking of trying to ftp all my log files from the various servers to one 'reporting' server, and catting them all together then running the reports.

Sorry about the type in the above post.

Here is the link: ftp://209.223.47.83

User: vigilante

Pass: vigilante

telackey,

thanks for your reply a few posts back and I succeded in getting SV up and running with NAT. I have been playing around with it the last few days and have a few questions. As this is my first foray into *nix I have had a lot to learn:

like netmavrik I have installed FuzzyOcr, after upgrading SpamAssassin (and Amavisd) to the latest versions using Portsnap, and it is now up and running.

I wonder if you could give a more detailed enumeration than you did earlier about what permissions (and anything else for that matter) that need to be reset after such an update. I have not encountered any functional problems yet but I don't use the www tools.

I am also configuring sa-update to download the SARE recommended rules from RulesEmporium (as outlined here: http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt). As such I no longer need the RulesDuJour updates or the cron job. Could you tell me how to delete this cron job, or at least which user it runs under. I can't seem to find it.

Since updating amavisd (I think) there is a little changed behaviour. On boot, directly after the amavisd service starts I now get the message: "Configuring syscons: blanktime". Also, if stopping amavisd the process won't stop by itself and has to be killed (I forget the name of what does that - but it is reported to the screen). I don't think any of these happened before the update, so is this OK?

Last questions are more general.

I have done quite a bit of reconfiguring and customizing now. Will all this be wiped out with new updates?? and/or if I run the initial config again?

Will a newer release of SpamAssassin be included soon to make the upgrade to (at least) v3.0104 for the FuzzyOcr install unnecesary?

There was talk of getting a proper forum for VA a few pages ago ... is this still on the cards? (this thread is impossible to search)

Lastly thanks for a great VA ... you've succeeded in helping me onto *nix, and introduced me to SpamAssassin, Postfix, and FreeBSD, all in one shot. I'm very grateful.