DSPAM stuff

Misc scripts

Before queue content filter with procmail and DSPAM with this proxy-r.ml. It's written in ocaml so it's relatively lightweight and fast:

28620 filt 1 48 0 2488K 1528K sleep 0:00 0.00% proxy

suid wrapper (like Apache's suexec), so that the proxy doesn't need to run as root spawn.c

Note that it currently reads the entire message into memory before passing it along. Procmail and DSPAM do also, so I guess it's possible to have 3X the length of the message in memory.

I run this under runit with a run script that looks like:

echo starting `date`
export PATH
exec envuidgid Gsmtpprox /usr/local/bin/smtpprox \ 10025 10026

I used the instructions for before queue content filtering from here: Postfix before-queue content filter. The result is that spam is delivered (incase there's a false positive, or for training or diagnostic purposes), but the remote SMTP client sees a 550.

Excerpted from my postfix master.cf

smtp inet  n  -  n  -  -  smtpd
  -o smtpd_proxy_filter=
  -o smtpd_client_connection_count_limit=10 inet  n  n  n  -  -  smtpd
  -o smtpd_authorized_xforward_hosts=
  -o smtpd_client_restrictions=
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o smtpd_data_restrictions=
  -o mynetworks=
  -o receive_override_options=no_unknown_recipient_checks

And my .procmailrc-filter looks like:

# check the whitelist

# if it matches, deliver
* ^X-wl: match

# if it doesn't match, run DSPAM
| dspam --mode=teft --deliver=spam,innocent --stdout


Runit is a init replacement, similar to daemontools