tons of spam

jdow jdow at earthlink.net
Tue Jun 19 14:53:54 UTC 2007 

From: "Aaron Konstam" <akonstam at sbcglobal.net>

> On Mon, 2007-06-18 at 15:59 -0700, Brian Mury wrote:
>> On Sun, 2007-06-17 at 23:59 -0700, jdow wrote:
>> > Us it as part of your receiving MTA path, SendMail, exim, PostFix, or
>> > whatever else you use - even FetchMail.)
>>
>> This is what I do (with fetchmail); however, I'm curious as to why you
>> say this:
>>
>> > (Just do NOT use SA as part of your MUA,
>> > Mail User Agent, as Fedora has with Eviloution in the past.
>>
>> What's wrong with that? Not disagreeing, just asking.
>
> Well because for some reason which I have asked people to explain why 
> evolution uses spamd to remove
> spam but it works very poorly.
> If someone is willing to explain how to make it work well I am anxious
> to learn.

Place spamd in your path from your MTA to /var/spool/mail/XXX. On a
modestly fast Athlon box it takes about a 3 seconds to scan mails with
the extensive rule set I have. That kind of delay is a killer. That
idiot setup for evilution is what earned it that nickname. It takes
real stupidity to set it up in your reading path where delays damage
the perception of the speed of the machine and installation. Embedding
it in the sendmail processing is a FAR better approach. (And if you DO
run sendmail on your own adding greylisting is a devastatingly effective
approach.)

I happen to use fetchmail and procmail without going through sendmail.
It saves machine cycles avoiding sendmail when fetchmail and procmail
can do it all.

===8<--- runmail - a script to run fetchmail my way. (Handy)
/usr/bin/fetchmail -d 90 --fetchmailrc /home/jdow/.fetchmailrc
===8<---

===8<--- .fetchmailrc (Required)
defaults mda "/usr/bin/procmail -d jdow"
set syslog
set postmaster ""
set no bouncemail
set no spambounce
set properties ""
# Check for new mail every 60 seconds.
#set daemon 60
#set logfile fetchmail_el.log
poll smtp.earthlink.net with proto POP3
   user 'jdow' there with password 'I am no THAT dumb!'
   is 'jdow at xxx.xxx.xxx' here options pass8bits
   smtpaddress '      '
===8<--- (Iterate the last four lines for each account.)

===8<--- .procmailrc simplified a little - minimalist is below this
#############################################################################
# Necessary generic definitions
#############################################################################
SHELL=/bin/sh
DROPPRIVS=yes
# Debugging tool
#VERBOSE=yes

# Diversion to a raw file to prevent loss while experimenting.
## rawmbox is no longer needed at this time.
#:0c: clone.lock
##* ^List-Id: .*(spamassassin\.apache\.org)
#$HOME/mail/rawmbox

# (Some) Sites that have annoyed me more than a little
:0:
* ^From: postoffice at mac\.com
/dev/null

:0:
* ^From: MAILER-DAEMON at ceres\.concept\.net\.nz
/dev/null

:0:
* ^From: Mailer_Daemon at baldwinandfrancis\.com
/dev/null

:0:
* ^From: .*\.fleagroups\.com
$HOME/mail/fleagroups.com

:0:
* ^From: .*\.millikin\.edu
$HOME/mail/fleagroups.com
# etc

#Useful mailing list 
trick##############################################################################
# Rewrite Reply-To: for SpamAssassin user list
##############################################################################

:0 fw
* ^TO_:.*(dev at spamassassin\.apache\.org|dev\.spamassassin\.apache\.org)
| formail -A "$PROCMAILMATCH SpamAssassin Dev list" -i "Reply-to: 
dev at spamassassin.apache.org"

:0 fw
* ^TO_:.*(users at spamassassin\.apache\.org|users\.spamassassin\.apache\.org)
| formail -A "$PROCMAILMATCH SpamAssassin Users list" -i "Reply-to: 
users at spamassassin.apache.org"

:0 fw
* ^List-Id: 
.*(users at spamassassin\.apache\.org|users\.spamassassin\.apache\.org)
| formail -A "$PROCMAILMATCH SpamAssassin users list" -i "Reply-to: 
users at spamassassin.apache.org"
##############################################################################
# Rewrite Reply-To: for SpamAssassin dev list
##############################################################################

:0 fw
* ^List-Id: .*(dev at spamassassin\.apache\.org|dev.spamassassin\.apache\.org)
| formail -A "$PROCMAILMATCH SpamAssassin Dev list" -i "Reply-to: 
dev at spamassassin.apache.org"

##############################################################################
#
# THIS IS THE REAL JUICE
#
#    Note I skip scanning the spamassassin mailing lists.
#
##############################################################################

* < 500000
* !^List-Id: .*(spamassassin\.apache.\org)
{
   :0 fw: spamassassin.lock
   | /usr/bin/spamc -t 150 -u jdow
}
=======8<-----

===8<-- Absolutely minimalist .procmailrc in case you're interested
#############################################################################
# Necessary generic definitions
#############################################################################
SHELL=/bin/sh
DROPPRIVS=yes

##############################################################################
#
# THIS IS THE REAL JUICE
#
#    Note I skip scanning the spamassassin mailing lists.
#
##############################################################################

:0 fw: spamassassin.lock
| /usr/bin/spamc -t 150 -u jdow
======8<-------

With that there is absolutely no need for evilution or any other MDA to
place SpamAssassin in its reading path.

(A side note - due to the DDoS attack SARE is hard to access with the
Rules du Jour program. It works OK with the program I built for myself
about the time RDJ came about. I've never moved over to their program.
At the moment they need to add a delay between the rule file fetches to
make everything work best. Their work around is a suggestion to delete
all your current SARE rules or move them aside and fetch fresh. That
involves fewer connections per second and gets through the DDoS filters.)

(My script is primitive, ugly, and works. If folks are very interested I
could post the simple bash script.)

{^_^}

More information about the fedora-list mailing list