[Mimedefang] How to configure?
Tilman Schmidt
t.schmidt at phoenixsoftware.de
Thu Nov 5 03:43:53 EST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am 2009-11-04 22:26 schrieb TLD MimeDefang:
> Something like:
>
> if($hits >= 5.0) {
> # make a log entry
> md_syslog('notice', "$hits ($score) $names");
> # reject the message
> action_bounce('SPAM markers found');
> # and return true
> action_discard();
> }
What's that combination (action_bounce + action_discard) for?
I just have
return action_bounce("Rejected: SpamAssassin score too high ($hits)");
there and haven't noticed any ill effects.
> Though, I wouldn't recommend rejecting messages on 5.0. Maybe 9
> or 10 would be a better number. I'd just quarantine anything over
> 5, because chances are, you'll find quite a few false positives on
> 5.
Indeed. In my experience, even 10 is too low for rejecting.
What I do is add a spam header at 5 and reject at 15.
> Mime defang is set up to automatically use anti-virus programs
> that are supported by it. For example, I use clamav, and the
> defang filter already handles it with the filter_begin function.
Specifically, look for the code section starting with:
# Scan for viruses if any virus-scanners are installed
my($code, $category, $action) = message_contains_virus();
> Nothing to do there except keep the clam databases updated.
You can change your "level of paranoia" (quote from the default
mimedefang-filter) to reject only actual virus, or "suspicious objects"
too. You may also want to replace the standard
return action_discard();
by
return action_bounce("Rejected: message contains $VirusName");
in order to reject infected mails during the SMTP dialog with a reason
instead of silently discarding them. That appears much more friendly in
the case of a false positive or accidental infected attachment, while
changing nothing for self-mailing worms which don't handle bounces anyway.
>> 2 bypass SA or whitelist if the sender was authenticated via smtp_auth.
>
> Generally, it's a good idea to maintain the filter even on
> known authenticated senders. Supposing an authenticated user
> accidentally emails out an attachment that is infected with
> a virus? You'd sure want the system to catch it.
>
> Just set your Spamassassin to give whitelisted names a negative
> score, and let the system do its job. I give whitelisted people
> a -10 here and that's been fully sufficient to keep their emails
> flowing smoothly and without problem.
How do you access the smtp_auth identity from inside SpamAssassin?
Or what are you using as the name for the whitelisting?
- --
Tilman Schmidt
Abteilungsleiter Technik
- ------------------------------------------------------------------------
Phoenix Software GmbH Tel. +49 228 97199 0
Adolf-Hombitzer-Str. 12 Fax +49 228 97199 99
53227 Bonn, Germany www.phoenixsoftware.de
Geschäftsführer: W. Grießl Amtsgericht Bonn HRB 2934
- ------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFK8pBJ780oymN0g8MRAvO5AJ4uyVSBK0ez6UtzoSGzyg+RFBtgHgCgu+Zj
cNLROldMMeSPiUVtGYjrzC8=
=sisS
-----END PGP SIGNATURE-----
More information about the MIMEDefang
mailing list