[rt-users] Is there any disadvantage of "Precedence: bulk" in RT emails header
Kenneth Marshall
ktm at rice.edu
Fri Jan 4 11:36:01 EST 2008
We use DSPAM and its Quarantine instead of the bogofilter+SPAM folder
here, but it is basically the same idea and it works very well indeed.
Ken
On Fri, Jan 04, 2008 at 03:33:14PM +0000, Mark Chappell wrote:
> Asrai khn wrote:
>>> We tend to be fairly aggressive on our spam checking when it's going
>>> into RT, with procmail dumping the mail into a separate mail folder if
>>> it even suspects that the mail is spam.
>>>
>> How you achieve this ? imean would you care to share the process/script of
>> dumping spam to separate email folder?
>
> Since you're using Postfix which I don't really know I'll do most of this
> as an outline, and our procmail script is fairly custom do I'll only quote
> chunks of the procmailrc.
>
> The first line of defense are our front-line mail relays. These reject on
> various DNS rbls and add headers for several others. The lists we use
> include SpamHaus' full zen list, SpamCop, MAPS and SORBS. They also run a
> copy of spam assassin WITHOUT any of the baysaen stuff turned on, a high
> enough spam score causes an out right rejection at the end of the SMTP DATA
> time, and leaves a header in the message for lower scores. We also reject
> on Virus signatures using the, and have some extra signatures to pick up
> certain types of phishing scams (http://www.sanesecurity.co.uk/). Any
> rejection at this stage is done before we've actually accepted the mail, so
> backscatter (which I would guess is what caught you out) is seen to come
> from the server sending you the spam NOT from your servers.
>
> This is how we treat almost all incoming mail, rejecting approximately 90%
> of mail before it's even through the front door (with surprisingly few
> complaints about mail not getting through given the number of users we have
> from "spam friendly" countries).
>
> The second line of defense is procmail. The mail server on our RT servers
> don't deliver directly to RT they deliver to the procmail command, which
> eventually delivers to RT. Procmail runs a batch of extra checks,
> including; a baysaen filter using "bogofilter", "renattach" which catches
> certain types of attachments, "nodupmail" which catches certain types of
> mail loops, "double clicks" and general duplicated mail, and some custom
> stuff so that certain queues only see mail sent via a specific web form.
> If bogofilter or the earlier lower spamassassin threshold are triggered
> then we drop the mail into a "SPAM" mail file. We have a couple of perl
> scripts which allow us to identify "privileged" users out of RT and lets
> them bypass most of the procmail filtering.
>
> The privileged check is basically a perl wrapper around some simple RT code
> with a little bit of caching built in.
>
> ====
> my $user = RT::User->new($RT::SystemUser);
>
> $user->Load($username);
>
> unless ($user->Id) {
> exit(1);
> }
>
> foreach my $key qw(Name EmailAddress RealName Privileged Disabled) {
> my $value = $user->$key;
> print($key.": ".$value."\n");
> }
> ====
>
> Getting procmail to run external commands is straight forward
>
> For example here's some of our bogofilter and spam assassin stuff
>
> ====
> BOGOFILTER=/usr/bin/bogofilter
> BOGOFILTER_SPAM_ARGS="-c /etc/bogofilter-SPAM.cf"
> BOGOFILTER_MD_ARGS="-c /etc/bogofilter-MD.cf"
> SPAM_ASSASIN_RESULT="`formail -xX-Spam-Flag: | grep -i yes | awk '{print
> $2}'`"
>
> # SPAM - bogofilter.
> :0fw
> | $BOGOFILTER -e -p $BOGOFILTER_SPAM_ARGS
> # on failure return mail to the queue, the MTA will try delivery later,
> # 75 is the value for EX_TEMPFAIL in /usr/include/sysexits.h
> :0e
> { EXITCODE=75 HOST }
> # record the result.
> BOGOFILTER_RESULT="`formail -xX-Bogosity: | grep -i yes`"
>
> # a virus can bombard us with mta bounce messages because we were used in
> # a forged "From" address, pick these out as they're valid messages despite
> # being caused by a virus.
> :0fw
> | $BOGOFILTER -e -p $BOGOFILTER_MD_ARGS
> :0e
> { EXITCODE=75 HOST }
> MAILER_DAEMON="`formail -xX-MD-Bogosity: | grep -i yes`"
>
> SPAM="$BLACKLISTED$SPAM_ASSASIN_RESULT$BOGOFILTER_RESULT"
>
> :0
> * ? test -n "$SPAM"
> SPAM
> ====
>
> Those final 3 lines are what tells procmail to deliver, literally into a
> file named "SPAM" if there's any content in the $SPAM variable
>
>
> Mark
> --
> Mark Chappell
> Unix Systems Administrator
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> SAVE THOUSANDS OF DOLLARS ON RT SUPPORT:
>
> If you sign up for a new RT support contract before December 31, we'll take
> up to 20 percent off the price. This sale won't last long, so get in touch
> today. Email us at sales at bestpractical.com or call us at +1 617 812
> 0745.
>
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a
> copy at http://rtbook.bestpractical.com
>
More information about the rt-users
mailing list