[heroes] Update on mx[12].o.o
As of Monday I’m going away on vacation until beginning of August, so just a brief update on the status of mx[12].o.o - mx[12].o.o are both ready to relay email for “opensuse.org”, with TLS support but without spam and virus filtering. (see below). TLS: I borrowed the certificates from pontifex, but of course they should be automagically distributed instead. (from crtmgr.i.o.o) Member aliases are being retrieved from connect.o.o (thanks for the hint Christian) once a day, with a consistency check. I have created mailing list aliases based on existing lists on baloo. Firewall is open for smtp traffic only. Lars says reverse entries for the IP addresses should be ready end of week. Freshclam – updated to log to its own logfile, and notify admin-auto when the software is outdated. (which it is). I wonder if we should just build from source, sometimes new clamav versions come in rapid succession. Spam- and virus-filtering: I have had to disable rspamd, there is some config issue. milter unix:/run/rspamd/worker-proxy.socket: can't read SMFIC_BODYEOB reply packet header For now, I have used postgrey to do selective greylisting, but I am worried about the lack of spam filtering, we could easily end up being blacklisted. I'll be taking a closer look at the rspamd setup. Note – baloo depends on spamassassin headers to identify HTML messages. Not very critical. Ratelimiting - for certain known destinations. Outbound delivery - I guess we have to change relay.i.o.o ? -- Per Jessen, Zürich (20.8°C) Member, openSUSE Heroes -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Am 14.07.20 um 12:30 schrieb Per Jessen:
Spam- and virus-filtering: I have had to disable rspamd
I am using spampd in my private mail setup. Works decently well to reject mail during the SMTP dialog. It just needs 2 entries in /etc/postfix/master.cf like this: https://github.com/bmwiedemann/zq1-salt/blob/test/srv/salt/role/mailserver/f... smtp inet n - n - - smtpd -o smtpd_proxy_filter=127.0.0.1:10025 -o smtpd_client_connection_count_limit=10 127.0.0.1:10026 inet n - n - - smtpd -o smtpd_authorized_xforward_hosts=127.0.0.0/8,192.168.0.0/16 -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions= -o mynetworks=127.0.0.0/8,192.168.0.0/16,10.0.0.0/8 -o receive_override_options=no_unknown_recipient_checks and then I use 'header_checks' to match and reject overly spammy mails. -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTykslvYmKwlIQesLNdovN53d8CLgUCXw2QGAAKCRBdovN53d8C LjRBAQDYcGWLIA0dIemuLLOmP77m/1v5NTre5QpMedsMgrdLJQD/V4IxWRnGP29h bqIt7WUP1BmiXR+rtQVgsqEThDCyQQ0= =PHeZ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
Bernhard M. Wiedemann wrote:
I am using spampd in my private mail setup. Works decently well to reject mail during the SMTP dialog.
It just needs 2 entries in /etc/postfix/master.cf like this: https://github.com/bmwiedemann/zq1-salt/blob/test/srv/salt/role/mailserver/f...
Okay, I'll try that - sofar I only tried to use rspamd as a milter. I like your set up a lot better. coz' it looks like what I use in the business :-) -- Per Jessen, Zürich (23.9°C) Member, openSUSE Heroes -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
Per Jessen wrote:
Bernhard M. Wiedemann wrote:
I am using spampd in my private mail setup. Works decently well to reject mail during the SMTP dialog.
It just needs 2 entries in /etc/postfix/master.cf like this:
https://github.com/bmwiedemann/zq1-salt/blob/test/srv/salt/role/mailserver/f...
Okay, I'll try that - sofar I only tried to use rspamd as a milter. I like your set up a lot better. coz' it looks like what I use in the business :-)
Bernhard, your setup looks much more like an amavisd setup? I can't make it work - I can't work out how to make rspamd work like an smtp proxy. Instead I somehow managed to get it to work as a milter. The rspamd proxy was expecting to find a worker on localhost:11333 instead of the bind_socket that came with config. I'm not so impressed with rspamd, I have to say. The whole config seems immensely complex and the documentation is somewhat lacking. Does anyone here know rspamd really well ? -- Per Jessen, Zürich (26.9°C) Member, openSUSE Heroes -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
Am 14. Juli 2020 18:04:25 MESZ schrieb Per Jessen <per@opensuse.org>:
Per Jessen wrote:
Bernhard M. Wiedemann wrote:
I am using spampd in my private mail setup. Works decently well to reject mail during the SMTP dialog.
It just needs 2 entries in /etc/postfix/master.cf like this:
https://github.com/bmwiedemann/zq1-salt/blob/test/srv/salt/role/mailserver/f...
Bernhard, your setup looks much more like an amavisd setup?
I can't make it work - I can't work out how to make rspamd work like an smtp proxy.
spampd works as a SMTP proxy for me. I have no experience with rspamd. -- Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet. -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
Bernhard M. Wiedemann wrote:
Am 14. Juli 2020 18:04:25 MESZ schrieb Per Jessen <per@opensuse.org>:
Per Jessen wrote:
Bernhard M. Wiedemann wrote:
I am using spampd in my private mail setup. Works decently well to reject mail during the SMTP dialog.
It just needs 2 entries in /etc/postfix/master.cf like this:
https://github.com/bmwiedemann/zq1-salt/blob/test/srv/salt/role/mailserver/f...
Bernhard, your setup looks much more like an amavisd setup?
I can't make it work - I can't work out how to make rspamd work like an smtp proxy.
spampd works as a SMTP proxy for me. I have no experience with rspamd.
Sorry, I am the one who can't read :-) Well, fwiw, I would currently much prefer spampd+spamassassin over rspamd. -- Per Jessen, Zürich (25.6°C) Member, openSUSE Heroes -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
participants (3)
-
Bernhard M. Wiedemann -
Bernhard M. Wiedemann -
Per Jessen