Discussion
Loading...

Post

  • About
  • Code of conduct
  • Privacy
  • Users
  • Instances
  • About Bonfire
Stefano Marinelli
@stefano@mastodon.bsd.cafe  ·  activity timestamp 3 days ago

Friends using OpenBSD for e-mail servers: I'm using rspamd and it's fine, but what about the base system "spamd"? Are you using it? Is it effective?

#OpenBSD #spamd #rspamd

  • Copy link
  • Flag this post
  • Block
mx alex tax1a - 2020 (5)
@atax1a@infosec.exchange replied  ·  activity timestamp 2 days ago

@stefano we have it fronting our qmail stack, maintaining a passlist generated by smtpctl spf walk, and a trap list of known bad addresses. works great, we can watch the logs on the backend server in real time and not be bothered by spam

  • Copy link
  • Flag this comment
  • Block
Joel Carnat ♑ 🤪
@joel@gts.tumfatig.net replied  ·  activity timestamp 3 days ago

@stefano I used to. In general, it is great. But for specific tasks like create a new account and receive an email to activate the account or lost password and receive the link to renew, it can be annoying. Because most such remote servers have retries set to days. Which means you have to wait quite long for the second SMTP connection to happen.
I replaced spamd with IP blacklisting and rspamd. They are more user friendly in my opinion.

  • Copy link
  • Flag this comment
  • Block
Ricardo Martín
@ricardo@mastodon.bsd.cafe replied  ·  activity timestamp 3 days ago

@joel @stefano Not directly related, but it seems that Sieve is not that popular anymore 🤔

  • Copy link
  • Flag this comment
  • Block
gabe.
@gabeguz@bsd.network replied  ·  activity timestamp 3 days ago

@stefano I use it in greylisting mode, works pretty well though spammers are getting better about retrying their delivery attempts lately. I also use it to SPAMTRAP email addresses and works pretty well there as well. Has a bit of a hard time with big senders that don't retry from the same IP addresses, but this can be somewhat mitigated with spf-walk. Still a few false positives that I have to whitelist manually from time to time though.

  • Copy link
  • Flag this comment
  • Block
Fritz Adalis
@FritzAdalis@infosec.exchange replied  ·  activity timestamp 3 days ago

@stefano
A while back I switched to a "deliver everything and let spamassassin sort it out" policy. No more quarantine, no more false positives, easy to admin. I sort the spam into score 2-5, 5-10, 10+ and feed those back into the filter. Inbox gets bayesian'd as ham.

  • Copy link
  • Flag this comment
  • Block
Tim Chase
@gumnos@mastodon.bsd.cafe replied  ·  activity timestamp 3 days ago

@stefano

✅ using OpenSMTPD?
❌ using rspamd?
❌ using spamd?
🤷 effective?

I know @pitrh has gotten reasonable results with spamd though:

https://nxdomain.no/~peter/better_off_with_pf.html

That grumpy BSD guy: A Few of My Favorite Things About The OpenBSD Packet Filter Tools

  • Copy link
  • Flag this comment
  • Block
Peter N. M. Hansteen
@pitrh@mastodon.social replied  ·  activity timestamp 3 days ago

@gumnos @stefano my setup is something that developed over a few years almost 20 years ago. Back then, exim was a reasonable MTA choice, I had been using spamassassin for a while when I set up a spamd in front of it.

The "18 years of greytrapping" piece https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html has *all* the links, most of them potentially useful I think.

The main takeaway is that a greylisting spamd takes a lot of load off any content filtering (and then there is greytrapping for entertainment)

Eighteen Years of Greytrapping - Is the Weirdness Finally Paying Off?

  • Copy link
  • Flag this comment
  • Block
Peter N. M. Hansteen
@pitrh@mastodon.social replied  ·  activity timestamp 3 days ago

@gumnos @stefano For a bit of my writing that is not necessarily about spamd (but still mostly with an #openbsd and other #opensource theme), there is my "Short reading list" https://nxdomain.no/~peter/the_short_reading_list.html which is close to what I came up with for some #bookofpf promo material that @nostarch were putting together earlier this year.

That Grumpy BSD Guy: A Short Reading List

  • Copy link
  • Flag this comment
  • Block
Alexander Bochmann
@galaxis@mastodon.infra.de replied  ·  activity timestamp 3 days ago

@stefano I only use it as a dedicated tarpit for source IPs that I select with fail2ban heuristics from the mail server log. Most spammers seem to detect it quite quickly nowadays and don't spend much time connected to it.

I have no idea how useful it is as a frontline greytrapping tool, I just use greylisting via rspamd.

  • Copy link
  • Flag this comment
  • Block
Stefano Marinelli
@stefano@mastodon.bsd.cafe replied  ·  activity timestamp 3 days ago

@galaxis thank you!

  • Copy link
  • Flag this comment
  • Block
Log in

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances
Bonfire social · 1.0.0-rc.3.1 no JS en
Automatic federation enabled
  • Explore
  • About
  • Members
  • Code of Conduct
Home
Login