On Tue, 2004-05-18 at 10:24, hongwei@xxxxxxxxxxxxxxxxxx wrote: > Hi, > > I also use spamassassin/procmail to treat spams. However, I feel that SA > does not scan for viruses. Am I wrong? That is why I am looking for a > virus-scanner. I found that many virus-scaning packages strongly > recommend sendmail with milter support, and mention that sendmail without > milter is "old". That is why I originally post this question here: I > install the sendmail on fc1, but did not see any reference about milter. > Is sendmail without milter really old? where can I get milter for > sendmail on fc1? or no way? > You are correct. SA does not scan for viruses. However I have found that many email messages end up flagged as spam which are redirected to a holding account. So many of them end up isolated. I believe you can get clamv (sp?) for linux which does scan for viruses. Have not set that up myself but looks like it would be easy. It appears you would just add another rule in procmail to have all messages examined by it. > > A couple of things I did differently was to add a rule in procmail to > flag a message when it went through so spamassassin did not get run > against the same message twice. > *** Could you tell me what rule do you add to avoid "twice scan"? > When I first set it up I noticed almost immediately in the log file that some messages were getting looped through sendmail a couple of times. I believe this happened since procmail was put in the mix and after processing the email it would send it back to sendmail for delivery. Since I was setting this up to scan all incoming email I added a rule after spamassassin was done with it to check the headers on the messages. If it was marked as spam I have procmail deliver the message to my spamuser so it can be checked later if needed. I also put a rule in the spamc section to check if the message had been checked. Something like this: :0fw * < 256000 * !^X-Spam-Status: | /usr/bin/spamc -u spamuser -f :0: * ^X-Spam-Flag: YES /var/mail/spamuser Pretty simple once I figured that out. Otherwise I would sometimes see a message that had been analyzed by spamassassin more than once. > Also to have a single bayseian database > I invoked spamc with the -u option to specify a dedicated user > (spamuser) so the database is kept under that users home directory. > *** what is spamuser? a special user you set for spamassassin? I don't > see this point in spamassassin doc. Could you explain it more? > Yes, spamuser is just a dummy account I created. I use that as place to keep the database and I run sa-learn as that user when teaching it new spam and ham. In the /etc/procmailrc file above you see I force spamassassin to run as spamuser so that is the database it uses. This will also let it auto update the database as it scans each message. No users actually login to the spamuser account. > *** This will be a more general "strange question". Most of my users > don't know how to run ssh to connect to our email server. The only thing > they know is to use pop3 mail tool (Netscape mail, Outlook express, etc.) > to read/send emails (I don't blam them, they are experts in other > fields). To my undersdanding, each user needs to run sa-learn to let > his/her own bayseian database learn about spam and non-spam (different > users may have different opinion: I do have 2 users asking me just > completely opposit qustion about the same mail. One said this mail > should be blocked, while the other saked why this mail is marked as > "spam"). If the users don't know how to run ssh (I disabled telnet), how > can they run sa-learn? Is there any way that the system admin (root, > superuser) can run sa-learn for other users, i.e. to make their bayseian > database learn about "their" spam and non-spam? > The way I run it the end users do not login or run sa-learn themselves. The users do not have a database to run against. There is just the one system wide database that is maintained. This is done by the administrator periodically. He reviews the messages put in the /var/mail/spamuser file to see if there were any false positives. Then he runs the sa-learn process on those messages along with any unflagged spam that got through. The unflagged spam is collected for this purpose. One thing to note, do not have people forward you spam messages for processing, they need to bounce them. The difference is subtle, a forwarded message will have new headers and the users email as the sender, which you do not want spamassassin to learn as being spam. A bounced message sends the message as it originally arrived so when it is processed sa-learn will have the correct information to mark it as spam. After many months there have been no real false positives. And very few spam get through to the users. -- Scot L. Harris <webid@xxxxxxxxxx>