Is Spamassassin really necessary???

[KKJensen]

I found a website that talks about integrating blacklist blocking right into sendmail...so what else does spamassassin have to offer? I tried the mailwasher program by firetrust but it ended up crashing all the time and my posts to their forum have been to no avail.

Here's the site I read from: http://labnotesh.wordpress.com/2006/09/16/stopping-spam-on-sendmail/

I'd like to hear if anybody else has tried this and if it works well.

[chris]

Hi KKJensen,

there are two things mentioned on that site: blocking ingress email from the local domain, and using RBL's.

Blocking unauthenticated email imcoming from the local domain is considered good security practice, however it has a tendency to break things. Think about, for example, an externally hosted web-server with a 'send to a friend' function with mail from website@local.domain. That will be blocked so you need to consider that and make sure the webserver (or other similar cases) have an explicit permit. Otherwise, that's been good security practice for many years.

Real time blacklists are also integrated into spamassassin (there a couple of posts on these forums, search for RBL) and can be used from there or directly sendmail. Either one works.

Spamassassin does a *LOT* more than just those two checks.

Read about it at http://spamassassin.apache.org to learn what else it does, but it is much more extensive. With the incorporation of DCC, razor and pyzor particularly, your catch rate on spam will be significantly better than with just a couple of simple RBL's.

My two cents...

Chris

[William]

sendmail + dnsbl + scalix works really well. It really depends on how much spam you get and if the majority of the spam sources who send you spam are listed on the these BL. If they are not then the spam may get through to your users/.
Only a few small changes to sendmail + scalix get it working. Try searching for DNSBL on this forum.

Chris: I did not see the "blocking ingress email from the local domain" part of that page..I am sure his use of REJECT in the /etc/mail/access file was in reference to blocking perticular spam domains preceeded by FROM: or perhaps CONNECT:.

Spamassassin would be a superior solution to simply plugging dnsbl into sendmail.

[chris]

Chris: I did not see the "blocking ingress email from the local domain" part of that page..I am sure his use of REJECT in the /etc/mail/access file was in reference to blocking perticular spam domains preceeded by FROM: or perhaps CONNECT:.

Hi William,

upon rereading that, you seem to be right. When I originally read it, I just couldn't imagine that anyone tries to block spam by domain name anymore.

It's like trying to fight off a swarm of bees by swatting any bee named "Charlie" in my opinion...

Chris

[Kieg Khan]

Hello Chris,
I was interested to read your comment about blocking ingress e-mail. I fully agree this is a good security practice, but find it incredible that so many systems are designed to spoof the local domain addresses. Until system developers start to code their e-mail systems correctly, using an ingress filter to block the local domain is virtually impossible.

A concerted push needs to be made to get developers to fix the flaw in their mail sending routines like this:
If the Scalix forums send me e-mail using my email address, me@local.domain, then my system will reject it as a spoofed address.
What the Scalix forums should do is to send me an email from ScalixForum@scalix.domain and then place the reply to address being my local domain. This way I can clearly identify the mail came from Scalix Forums, my ingress filter is happy because the address is not spoofed and any replies will be sent to my correct address.

You could even add a subject like, "The Scalix Forum has sent you a message from <SCALIX MEMBER>"

For the sake of one more e-mail header (being the reply to field) this is the easiest and most logical way to fix the problem and would result in a much more secure email environment for all users.

Bye.