# Anti spam solutions for virual mailhost system

## smeets_marc

I've got a gentoo server that serves a couple of websites + their email.

Previously I did the email with just plain old postfix. Nowadays I've got the email system running like stated in the Virtual mailhost howto in the Documents section of gentoo.org.

That really works much much better.

But, in the last couple of months we are receiving much more spam messages. Most of them are those anoying win32 worms, but also the famous enlargements etc.

To get rid of spam there are a lot of program's with spamassassin as most effective (have done some googleing).

But, as far as I know, implemeting a program as spamassassin on a virtual mailhost system is not going to work. It has a complete different setup because the system doen not work with UNIX users, but users/email addresses defined in a database.

I've searched using google and on this forum. But, it seems like almost nobody has ever implemeted a anti spam solution on a box with a virtual mailing system....or they have done it and it is just as easy as a normal implementation.

Anyone who has implemeted it this way, of has a other solution?

----------

## delta407

 *smeets_marc wrote:*   

> But, as far as I know, implemeting a program as spamassassin on a virtual mailhost system is not going to work.

 Bah. This is UNIX -- anything can work.  :Smile: 

Try this.

First:

```
# emerge spamassassin
```

Add a filter user/group:

```
# echo "filter:x:2001:2001::/home/filter:/bin/false" >>/etc/passwd

# echo "filter:x:2001:" >>/etc/group

# mkdir /home/filter

# chown filter:filter /home/filter
```

Appending to /etc/postfix/master.cf:

```
filter    unix  -       n       n       -       -       pipe

  user=filter argv=/usr/local/bin/filter.sh -f ${sender} -- ${recipient}
```

Modifying /etc/postfix/master.cf (pseudo-diff format):

```
-smtp      inet  n       -       n       -       -       smtpd

+smtp      inet  n       -       n       -       -       smtpd -o content_filter=filter
```

Create /usr/local/bin/filter.sh and add:

```
#!/bin/bash

#!/bin/sh

cat | \

        /usr/bin/spamc | \

        /usr/sbin/sendmail "$@"

exit $?

```

Misc:

```
# chmod +x /usr/local/bin/filter.sh

# /etc/init.d/spamd start

# postfix reload
```

Now you have SpamAssassin being run on every piece of mail as it arrives. Piece of cake, eh? (Creating a procmailrc to drop certain pieces of mail -- for instance, those with a SA score of >15 -- is left as an exercise to the reader.)

----------

## smeets_marc

Ok, it is possible to implement it systemwide. Thanks for the brief but cool step by step guide.

One question. Dropped email is stuffed in /home/filter ?

But, enableing SA per domain or per user is not possible this way, or any way. Giving SA some extra parameters is not possible.

That's all because of the non existing UNIX users. They only exist virtual in a database.

Or do you have another cool solution...You are the guy that says everthing is possible in UNIX  :Wink: Last edited by smeets_marc on Wed Sep 24, 2003 4:23 pm; edited 1 time in total

----------

## smeets_marc

-edit-

double posted

----------

## delta407

 *smeets_marc wrote:*   

> Dropped email is stuffed in /home/filter ?

 No. There is no dropped e-mail (again, exercise for the reader) -- Postfix hands off e-mail to the 'filter' target, which pipes it through spamc and back into Postfix. If spamc can't talk to spamd, it simply pipes the message through without modification, so nothing bad happens.

 *smeets_marc wrote:*   

> But, enableing SA per domain or per user is not possible this way, or any way. Giving SA some extra parameters is not possible.

 Oh, come now. Let's not be so hasty.

 *smeets_marc wrote:*   

> Or do you have another cool solution...You are the guy that says everthing is possible in UNIX 

 Of course.  :Wink: 

Recent versions of SpamAssassin can talk to any database accessible via Perl DBI and get per-user configuration values from them. In my mail setup, users can change their SA settings (and their account password, and...) from a CVS installation of Horde. There are (always) other ways to get such things into the database. Anyway, the -q option to spamd makes it try to talk to a database. (See the manpage for setting the database access options.)

We need to make spamc identify itself as the target user, so that the associated SA rules will be loaded. This is done using the -u option, so it's just a matter of getting the username to the filter script. But wait, let's check how it gets invoked:

```
filter    unix  -       n       n       -       -       pipe

  user=filter argv=/usr/local/bin/filter.sh -f ${sender} -- ${recipient}
```

We see that filter.sh is always invoked with the recipient listed as the fourth parameter. So:

```
#!/bin/sh

cat | \

        /usr/bin/spamc -u "$4" | \

        /usr/sbin/sendmail "$@"

exit $?
```

 :Very Happy: 

----------

## Black

<wave hand>

These are not the droids you're looking for.

Delta407, you want to write your knowledge somewhere!

</wave hand>

Hey, does somebody want to contribute to the Virtual Mail How-To?  :Very Happy: 

----------

## delta407

 *Black wrote:*   

> Delta407, you want to write your knowledge somewhere!
> 
> </wave hand>
> 
> Hey, does somebody want to contribute to the Virtual Mail How-To? 

 Very nice.

To be fair, I did write the moderately popular Virtual Hosting Made Easy thread, and I am describing the process I'm using to set up a new Gentoo server that handles mail and web hosting.

I do plan to write all this up, make no mistake. But first, since I'm not happy with everything yet, I want to perfect it.  :Wink:  This involves:

Making my DNS setup more flexible. This will be difficult, since I'm already using a somewhat complex self-designed multi-master replication system  :Wink: 

Making a web-based administration interface for everything. Web, mail, DNS, database, mailing lists...

Re-working stuff to give individual customers dedicated partitions. Web, mail, database, mailing lists, etc. all share space on a single partition. (That'll be fun.) Oh, and giving customers access to information like "how much disk do I gots?" without telling them to SSH.

Finding/making some type of central monitoring -- consolidating log files (from different services and different machines) and probably service checks (web server down?). And no, I don't like Nagios.

Finding/making an integrated web/mail/user account support system.

Fixing a few minor problems. For instance, the above per-user spam configuration doesn't always work for me, since I have a mix of real UNIX users and virtual users. Delivery, IMAP, webmail, etc. work fine -- but the recipient address given to the filter script uses the local hostname for delivery rather than the users' IMAP account, breaking the web-based SA rules administration. It's a little thing (that only affects me, conveniently enough), but it's a problem nonetheless.That's all I can think of right now, but I'm sure I'll come up with more.  :Wink: 

----------

## chaz

 *Quote:*   

> 
> 
> To be fair, I did write the moderately popular Virtual Hosting Made Easy thread, and I am describing the process I'm using to set up a new Gentoo server that handles mail and web hosting.
> 
> I do plan to write all this up, make no mistake. But first, since I'm not happy with everything yet, I want to perfect it.  This involves:
> ...

 

 I have had great success with the Virtual Mail HOWTO guide, and this thread, getting Spam Assassin to work.

However, Do you have a hint as to how I can over come your last point? I also have a mix of real and virtual users. Controlled via a MySQL DB, and accessed mostly via Squirrel Mail.

Thanks 

Charles Andrews

----------

## delta407

 *chaz wrote:*   

> However, Do you have a hint as to how I can over come your last point?

 Well, in your case, I would just add some logging to the filter.sh to find out what user it wants to use (probably localuser@hostname) and add control entries accordingly.

----------

## chaz

 *delta407 wrote:*   

> Well, in your case, I would just add some logging to the filter.sh to find out what user it wants to use (probably localuser@hostname) and add control entries accordingly.

 

```

Oct  1 10:52:36 [postfix/smtpd] D42B75FA76: client=out002pub.verizon.net[xxx.xx.xxx.xxx]

Oct  1 10:52:37 [postfix/cleanup] D42B75FA76: message-id=<3F7AB207.24323.FAC5E5@localhost>

Oct  1 10:52:37 [postfix/qmgr] D42B75FA76: from=<charlesa@NOSPAM.com>, size=1048, nrcpt=1 (queue active)

spamd[23863]: [handle_user] unable to find user 'spam@VIRT_HOST.com'!

spamd[23863]: [Still running as root] user not specified with -u, not found, or set to root.  Fall back to nobody.

spamd[23863]: [processing message <3F7AB207.24323.FAC5E5@localhost> for spam@VIRT_HOST.com] 65534.

Oct  1 10:52:37 [postfix/smtpd] disconnect from out002pub.verizon.net[xxx.xx.xxx.xxx]

spamd[23863]: [clean message (4.0/5.0) for spam@VIRT_HOST.com] 65534 in 28.7 seconds, 1026 bytes.

Oct  1 10:53:05 [postfix/pipe] D42B75FA76: to=<spam@VIRT_HOST.com>, relay=filter, delay=29, status=sent (REAL_HOST.net)

Oct  1 10:53:05 [postfix/pickup] DA88F5FB9E: uid=2001 from=<charlesa@NOSPAM.com>

Oct  1 10:53:05 [postfix/cleanup] DA88F5FB9E: message-id=<3F7AB207.24323.FAC5E5@localhost>

Oct  1 10:53:05 [postfix/qmgr] DA88F5FB9E: from=<charlesa@NOSPAM.com>, size=1393, nrcpt=1 (queue active)

Oct  1 10:53:06 [postfix/virtual] DA88F5FB9E: to=<spam@VIRT_HOST.com>, relay=virtual, delay=1, status=sent (maildir)

Oct  1 10:54:20 [imapd] Connection, ip=[127.0.0.1]

Oct  1 10:54:25 [imapd] LOGIN FAILED, ip=[127.0.0.1]

Oct  1 10:54:25 [imapd] DISCONNECTED, ip=[127.0.0.1], headers=0, body=0

Oct  1 10:54:33 [imapd] Connection, ip=[127.0.0.1]

Oct  1 10:54:33 [imapd] LOGIN, user=spam@VIRT_HOST.com, ip=[127.0.0.1]

Oct  1 10:54:33 [imapd] LOGOUT, user=spam@VIRT_HOST.com, ip=[127.0.0.1], headers=0, body=0
```

I'm a scripting newbie, but I think know that I will need to do.

    1. mail addresses that goto user@REAL_HOST.net, are real local users

    2. mail addresses that goto user@VIRT_MAIL.com, are virtual users

    3. REAL users .maildir is located under /home/user_name/.maildir

    4. Virt. users .maildir is located under /home/vmail/F.Q.D.N./virtual_user_name/.maildir

So the path to spam@VIRT_HOST.com's .maildir is = /home/vmail/VIRT_HOST.com/spam/.maildir

I think(know) I can work out how to parse VIRT_HOST.com users into the user "vmail", and REAL_HOST.net users

into the real local user's name. I believe that would disallow individual preference settings for each of the

virtual users though, and this would be bad. That means I need to work out how to save and load the preference files

to the virtual users directories.

Yikes!! I think I'm in a little over my head at this point.

Am I on the right track though?

Thanks

Charles Andrews

----------

## delta407

 *chaz wrote:*   

> 
> 
> ```
> spamd[23863]: [handle_user] unable to find user 'spam@VIRT_HOST.com'!
> ```
> ...

 Assuming your database is set up correctly (and that SpamAssassin can talk to it), you should be able to add parameters for "spam@VIRT_HOST.com" and change spamd's behavior.

 *chaz wrote:*   

> I'm a scripting newbie, but I think know that I will need to do.
> 
>     1. mail addresses that goto user@REAL_HOST.net, are real local users
> 
>     2. mail addresses that goto user@VIRT_MAIL.com, are virtual users

 I don't know how your mail routing is being done -- you appear to have a domain for local users and one or more domains for virtual users. My setup is different -- I have local users and virtual users on the same domain  :Wink: 

 *chaz wrote:*   

> I think(know) I can work out how to parse VIRT_HOST.com users into the user "vmail", and REAL_HOST.net users into the real local user's name. I believe that would disallow individual preference settings for each of the virtual users though, and this would be bad.

 I'm not sure what you're saying. With the modified script depicted above (with `spamc -u $4`) and the conf.d/spamd listed above (with the '-q' switch), spamd will query a SQL database for configuration directives, using the recipient address seen in the to=<> field of your Postfix log as the username field in the database.

Clear?  :Wink: 

 *chaz wrote:*   

> Yikes!! I think I'm in a little over my head at this point.

 Virtual mail systems can get hairy, at times.

 *chaz wrote:*   

> Am I on the right track though?

 Well, you're working on it, poking around, and asking questions, which is a good start.  :Very Happy: 

----------

## chaz

 *delta407 wrote:*   

>  *chaz wrote:*   
> 
> ```
> spamd[23863]: [handle_user] unable to find user 'spam@VIRT_HOST.com'!
> ```
> ...

 

 :Shocked:  OOPS... I think I missed a few rather large steps/options.

   So... spamd needs to be configured to access the DB

   The db will get a new field/table.

   That field or table will contain the users options.

correct?

 *delta407 wrote:*   

>  *chaz wrote:*   I'm a scripting newbie, but I think know that I will need to do.
> 
>     1. mail addresses that goto user@REAL_HOST.net, are real local users
> 
>     2. mail addresses that goto user@VIRT_MAIL.com, are virtual users I don't know how your mail routing is being done -- you appear to have a domain for local users and one or more domains for virtual users. My setup is different -- I have local users and virtual users on the same domain 

 

That is correct I have a domain for local users and one or more domains for virtual users.

 *delta407 wrote:*   

>  *chaz wrote:*   I think(know) I can work out how to parse VIRT_HOST.com users into the user "vmail", and REAL_HOST.net users into the real local user's name. I believe that would disallow individual preference settings for each of the virtual users though, and this would be bad. I'm not sure what you're saying. With the modified script depicted above (with `spamc -u $4`) and the conf.d/spamd listed above (with the '-q' switch), spamd will query a SQL database for configuration directives, using the recipient address seen in the to=<> field of your Postfix log as the username field in the database.
> 
> Clear? 

 

Crystal now   :Cool:   I was going in the left direction thinking I needed to for some reason to seperate out the domain and fake user...

But what I really needed to do was SETUP the Database   :Idea: 

 *delta407 wrote:*   

>  *chaz wrote:*   Yikes!! I think I'm in a little over my head at this point. Virtual mail systems can get hairy, at times.

 

 *delta407 wrote:*   

>  *chaz wrote:*   Am I on the right track though? Well, you're working on it, poking around, and asking questions, which is a good start. 

 

Thanks again, I think I've got a better handle on it now. (we'll see)  :Wink: 

Charles Andrews

----------

## jwegman

This is fantastic meaty stuff, I really dig it!  Thank you delta407.

Let's talk about individual bayesian db's for virtual users!  I have the postfix-mysql-courier-imap cake where user information is stored in the mysql database and the virtual user mailboxes are maildir's on the /vmail filesystem.  Each virtual user has physical storage and can accomodate a bayesian db, however how do we tell spamd to use/update thier bayesian db's?

regards,

Jake

----------

## jief

the most effective spam filters i've found yet are the ones available here:

http://www.securitysage.com/guides/postfix_uce.html

check out the header and body checks. it's really good. never had spam since then. it also blocks all unecessary type of attachments, i.e. .exe. .bat, .mp3 and so one. For a corporate environment, that's great!

----------

## Souperman

 *delta407 wrote:*   

> 
> 
> ```
> -smtp      inet  n       -       n       -       -       smtpd
> 
> ...

 

Thanks, this is working well.  :Wink:   Just a question, I have:

```
smtpd_recipient_restrictions =

        permit_sasl_authenticated,

        permit_mynetworks,

        reject_unauth_destination,

        reject_rbl_client bl.spamcop.net,

        reject_rbl_client relays.ordb.org,

        reject_rbl_client sbl.spamhaus.org,

        reject_rbl_client spews.relays.osirusoft.com,

        reject_rbl_client proxies.relays.monkeys.com
```

in my main.cf.  Does the content_filter process take place before smtpd_recipient_restrictions, or after?  I'd prefer it to take place after, so that mail from an open relay is immediately rejected, rather than having SA just tag it.  Am I making sense?

----------

## delta407

 *gpd wrote:*   

> Thanks, this is working well.   Just a question, I have:
> 
> ```
> smtpd_recipient_restrictions =
> 
> ...

 Ewww. I use ORDB, and only ORDB. It's perfectly fair -- once someone actually fixes their system, they can get removed immediately. Most of the other RBLs are very difficult to get off of... I should know, since I've been called to fix broken mail systems before. (It's nicer to people like me.) Besides, by default, SpamAssassin checks RBLs; I have Postfix reject mail from ORDB hosts, and have SpamAssassin distrust mail from sources listed in other RBLs. Rarely do I get complaints of users being unable to receive mail from specific places, since everyone that's on ORDB has a reason (they are an open relay) and everyone that's not can still send mail (even if it gets tagged as spam, it's the user's option).

Anyway, that's not what you asked about.  :Wink: 

 *gpd wrote:*   

> Does the content_filter process take place before smtpd_recipient_restrictions, or after?  I'd prefer it to take place after, so that mail from an open relay is immediately rejected, rather than having SA just tag it.

 Yes, it is indeed after, and RBLs save processing power. I believe content_filter takes place immediately before handing a spooled message to a delivery agent. I don't have docs to prove this, but I'm pretty sure that content_filter works as follows: Postfix normally compares a message against the transport table after it passes arrival checks, but with content_filter enabled, it gets sent through content_filter and then (if content_filter re-inserts it into the queue) to the transport table and to the delivery agent. (In this manner, you can have content_filter process mail on a "mail gateway" before handing off to an internal mail server.)

Hope this makes more sense.  :Very Happy: 

----------

## Souperman

Makes perfect sense, thanks.  I figured that was probably the case because it doesn't make much sense the other way around.  :Wink: 

Thanks for the tip regarding the RBLs too.   :Smile: 

----------

## alexandero

Somehow I cannot get the spam filtering to work - I set up everything as descripbed in the Virtual Mailhosting Guide in the Docs and now added&altered the configuration as above (see the code below) - but mail is only delivered when sending a mail from mutt (as root on the mail server), but not when sending it from another computer:

```

   From:      root@dmz.sos-mitmensch.at

   Subject:    schau an

   Datum:    14. Jänner 2004 18:52:40 GMT+01:00

   To:      testuser@poolbar.at

   Return-Path:    <root@sos-mitmensch.at>

   X-Original-To:    testuser@poolbar.at

   Delivered-To:    testuser@poolbar.at

   Received:    by dmz.sos-mitmensch.at (Postfix, from userid 0) id CA4961CBC77; Wed, 14 Jan 2004 18:52:40 +0100 (CET)

   Message-Id:    <20040114175240.GA21906@dmz.sos-mitmensch.at>

   Mime-Version:    1.0

   Content-Type:    text/plain; charset=us-ascii

   Content-Disposition:    inline

   User-Agent:    Mutt/1.5.4i

```

As soon as I send a mail from my mail client (Apple Mail.app 10.3.2), smtping to this host, the mail gets delivered with empty body and subject, and is delievered to "undisclosed-recipients:;":

```

   From:      alex@sos-mitmensch.at

   Date:    14. Jänner 2004 18:43:56 GMT+01:00

   To:      undisclosed-recipients:;

   Return-Path:    <alex@sos-mitmensch.at>

   X-Original-To:    testuser@poolbar.at

   Delivered-To:    testuser@poolbar.at

   Received:    by dmz.sos-mitmensch.at (Postfix, from userid 2001) id 6CF891CBC6D; Wed, 14 Jan 2004 18:43:56 +0100 (CET)

   Message-Id:    <20040114174356.6CF891CBC6D@mail.sos-mitmensch.at>

```

additionally I dont know how to check the rating of spamassassin for each mail, shouldnt it add a line in the mail header with the value it thinks the mail has?

Here is my configuration, and thanks in advance for any hints:

The filter-directory is there and has 'filter' as owner:

```

#dmz home # ls -al         

total 3

drwxr-xr-x    5 root     root          144 Jan 14 18:38 .

drwxr-xr-x   18 root     root          408 Dec 31 11:08 ..

-rw-r--r--    1 root     root            0 Jan  3 13:45 .keep

drwxr-xr-x    2 filter   filter         48 Jan 14 18:38 filter

drwxr-xr-x    7 root     root          168 Nov 13 20:35 httpd

drwxr-xr-x    4 vmail    users         112 Jan 14 15:59 vmail

```

The filter rule is added in postfix master.cf:

```

#dmz home # egrep ^[^#] /etc/postfix/master.cf 

smtp      inet  n       -       n       -       -       smtpd -o content_filter=filter

pickup    fifo  n       -       n       60      1       pickup

cleanup   unix  n       -       n       -       0       cleanup

qmgr      fifo  n       -       n       300     1       qmgr

rewrite   unix  -       -       n       -       -       trivial-rewrite

bounce    unix  -       -       n       -       0       bounce

defer     unix  -       -       n       -       0       bounce

flush     unix  n       -       n       1000?   0       flush

proxymap  unix  -       -       n       -       -       proxymap

smtp      unix  -       -       n       -       -       smtp

relay     unix  -       -       n       -       -       smtp

showq     unix  n       -       n       -       -       showq

error     unix  -       -       n       -       -       error

local     unix  -       n       n       -       -       local

virtual   unix  -       n       n       -       -       virtual

lmtp      unix  -       -       n       -       -       lmtp

maildrop  unix  -       n       n       -       -       pipe

  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}

old-cyrus unix  -       n       n       -       -       pipe

  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}

cyrus     unix  -       n       n       -       -       pipe

  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}

uucp      unix  -       n       n       -       -       pipe

  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

ifmail    unix  -       n       n       -       -       pipe

  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)

bsmtp     unix  -       n       n       -       -       pipe

  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

filter    unix  -       n       n       -       -       pipe 

  user=filter argv=/usr/local/bin/filter.sh -f ${sender} -- ${recipient}

```

is the filter script ok? I dont understand what it does:

```

#dmz home # egrep ^[^#] /usr/local/bin/filter.sh 

cat | /usr/bin/spamc | /usr/sbin/sendmail "$@" 

exit $?

```

Lets look at postfix main.cf:

```

#dmz home # egrep ^[^#] /etc/postfix/main.cf   

queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

mail_owner = postfix

myhostname = dmz.sos-mitmensch.at

mydomain = sos-mitmensch.at

myorigin = $mydomain

inet_interfaces = all

mydestination = $myhostname, localhost.$mydomain $mydomain

unknown_local_recipient_reject_code = 450

mynetworks = 10.1.1.0/24, 127.0.0.0/8

alias_maps = hash:/etc/mail/aliases

alias_database = hash:/etc/mail/aliases

home_mailbox = .maildir/

local_destination_concurrency_limit = 2

default_destination_concurrency_limit = 10

debug_peer_level = 2

debugger_command =

         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

         xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail

newaliases_path = /usr/bin/newaliases

mailq_path = /usr/bin/mailq

setgid_group = postdrop

manpage_directory = /usr/share/man

sample_directory = /etc/postfix/sample

readme_directory = /usr/share/doc/postfix-2.0.11

smtpd_sasl_auth_enable = yes

smtpd_sasl2_auth_enable = yes

smtpd_sasl_security_options = noanonymous

broken_sasl_auth_clients = yes

smtpd_sasl_local_domain =

smtpd_recipient_restrictions =

        permit_sasl_authenticated,

        permit_mynetworks,

        reject_unauth_destination

smtpd_use_tls = yes

smtpd_tls_key_file = /etc/postfix/newreq.pem

smtpd_tls_cert_file = /etc/postfix/newcert.pem

smtpd_tls_CAfile = /etc/postfix/cacert.pem

smtpd_tls_loglevel = 3

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom

alias_maps = mysql:/etc/postfix/mysql-aliases.cf

relocated_maps = mysql:/etc/postfix/mysql-relocated.cf

local_transport = local

local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname

virtual_transport = virtual

virtual_mailbox_domains = poolbar.at

virtual_minimum_uid = 1000

virtual_gid_maps = static:100

virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf

virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf

virtual_uid_maps = static:1003

virtual_mailbox_base = /

```

and this is spamassassins local.cf:

```

#dmz home # egrep ^[^#] /etc/mail/spamassassin/local.cf 

auto_whitelist_path /var/spool/spamassassin/auto-whitelist 

bayes_ignore_header X-Spam-Report 

bayes_ignore_header X-Spam-Status

required_hits           10.0

rewrite_subject         1

subject_tag             **SPAM**

report_safe             1

use_terse_report        0

use_bayes               1

auto_learn              1

skip_rbl_checks         0

use_razor2              1

use_dcc                 1

use_pyzor               1

ok_languages            de 

ok_locales              all

```

What happenes when a mail is sent? (mail.log)

```

Jan 14 19:02:44 dmz postfix/smtpd[21982]: connect from unknown[10.1.1.17]

Jan 14 19:02:44 dmz postfix/smtpd[21982]: BEE171CBC03: client=unknown[10.1.1.17]

Jan 14 19:02:44 dmz postfix/cleanup[21983]: BEE171CBC03: message-id=<DCF02EF2-46BB-11D8-A4CD-000393488DFA@sos-mitmensch.at>

Jan 14 19:02:44 dmz postfix/qmgr[21981]: BEE171CBC03: from=<alex@sos-mitmensch.at>, size=575, nrcpt=1 (queue active)

Jan 14 19:02:44 dmz postfix/pickup[21980]: F2CE11CBC7E: uid=2001 from=<alex@sos-mitmensch.at>

Jan 14 19:02:45 dmz postfix/cleanup[21983]: F2CE11CBC7E: message-id=<20040114180244.F2CE11CBC7E@dmz.sos-mitmensch.at>

Jan 14 19:02:45 dmz postfix/qmgr[21981]: F2CE11CBC7E: from=<alex@sos-mitmensch.at>, size=304, nrcpt=1 (queue active)

Jan 14 19:02:45 dmz postfix/pipe[21990]: BEE171CBC03: to=<testuser@poolbar.at>, relay=filter, delay=1, status=sent (dmz.sos-mitmensch.at)

Jan 14 19:02:45 dmz postfix/virtual[21998]: F2CE11CBC7E: to=<testuser@poolbar.at>, relay=virtual, delay=1, status=sent (maildir)

Jan 14 19:03:44 dmz postfix/smtpd[21982]: disconnect from unknown[10.1.1.17]

```

PS: as I didnt mention it, before trying to make spamassassin to work everything worked fine, so I assume its not related to my mail program or my client

PPS: the server feels responsible for both above domains (one as local, the other as virtual), and is not connected to the public net at the moment...

----------

## Dr_Stein

```
smtpd_recipient_restrictions =

        permit_sasl_authenticated,

        permit_mynetworks,

        reject_unauth_destination,

        reject_rbl_client bl.spamcop.net,

        reject_rbl_client relays.ordb.org,

        reject_rbl_client sbl.spamhaus.org,

        reject_rbl_client spews.relays.osirusoft.com,

        reject_rbl_client proxies.relays.monkeys.com
```

I believe the monkeys.com and osirusoft.com RBLs are *dead* and should no longer be used.

It's actually a better idea (IMHO) to let SpamAssassin do the RBL checking so it can tag the mail instead of just blocking it at the MTA. It's a personal preference of course, but we've been hit with too many false positives from MTA level RBL blocking.

----------

## Dr_Stein

delta407 and I got engaged on the same day!  :Razz: 

Well, delta407 and his girlfriend did. My girlfriend and I are in California and I've never met delta407.

I just thought I'd point out the coincidence and hopefully bribe delta407 to explain how he got SpamAssassin working with virtual users in a little more detail.  :Wink: 

I have SpamAssassin (and other stuff) running on a box I call "mailgate" - mail is taken in, processed, and finally handed off to the box called "mail" (original, ain't I?) but I'm not letting users edit their own SpamAssassin rules/etc yet because I'm not quite sure how to set it up. Will spamd know to look for the username in email? 

In /var/log/mail/current (metalog) I see:

Jan 14 14:52:20 [postfix/pipe] CC728C219: to=<bob@example.com>, relay=filter, delay=7, status=sent (dummy)

Is spamd smart enough to say "Hey, this email is for bob@example.com. Let me check the SQL database and see what his ruleset is.." or will it just go "Uh... duh..." and do nothing? 

That's the $64,000 question.  :Smile: 

----------

## georwell

You should also look at MailScanner http://www.mailscanner.info  It uses spam assassin to check for spam (and gives you plenty of options for what to do with it) and it interfaces with about 12 different virus scanners too.  And the best part is you don't have to change any of your MTA (and it supports almost all of them) settings to get it to work.  There is no ebuild but it only takes about 10 minutes to install anyways.  

I really need to get around to making an ebuild for this thing...

----------

## alexandero

just a short note: after upgrading from postfix 2.0.11 ->2.0.16-r1 everything worked the way it should, no lost subjects and bodies anymore.

----------

## antifa

Hi all,

I have to say there are some smart cookies on this thread. Or is that smart monkeys? Anyway, work is in process to finally complete work on and add content filtering and av instructions to the vmail guide. If you are interested in participating in this work, and subsequently testing our creation, please contact me. I can be reached at antifa at gentoo dot org. 

Thanks for your time.

----------

## fury

I was looking for a solution for spam filtering per-user (from a db) on a mass virtual hosting configuration and came across this older thread.  Just like to add, some useful info on configuring the mysql side of this can be found here:

http://spamassassin.apache.org/full/3.0.x/dist/sql/README

Thanks guys!  I was able to get my config set up in only a few mins using this thread.

----------

