[BlueOnyx:16480] Re: mailwatch

Michael Stauber mstauber at blueonyx.it
Tue Nov 18 19:58:53 -05 2014 

Hi Dudi,

> My goal is to give a domain admin access to his user's quarantine so he can manage it release, re-classify etc., one task less for me.
> 
> I can't understand why Mailwatch/MailScanner are kept out of BlueOnyx without providing an alternative, even commercially.

You see, I think MailScanner is a horrible contraption where someone
cobbled one stupid idea on top of another and somehow kept things just
one step from falling apart on their own.

And I won't sell anything that I'm not convinced of. Hence I never will
offer a MailScanner package. I did so many, many years ago and it simply
was horrible stuff. I really don't want to go there again.

> Any other solution comes to your mind?

The AV-SPAM from the BlueOnyx Shop. It uses SpamAssassin/SpamAss-Milter,
Clam AV + Clam-Milter and Milter Greylist.

As these Sendmail milters directly interface with Sendmail it works
without the metric ton of duct tape that MailScanner needs. Via the GUI
you can administer all aspects of it.

The server admin can administer the global settings and the settings for
all users. The reseller can administer all settings for all Vsites and
users under his control. The Vsite admin can administer the settings for
all his users. And each end user has the ability to modify the settings
under his email settings in "Personal Profile".

To see how it looks you can check the BlueOnyx Demo, which has the
AV-SPAM installed. Login details can be found here:

http://www.blueonyx.it/index.php?page=live-demo

While logged in, also check the Email statistics. The built in
statistics also keep a record of found SPAM and virii:

http://demo.blueonyx.it:444/sitestats/summaryEmail?type=mail&group=server

The demo doesn't have any real email traffic aside from the daily
logwatch report and maintenance emails. But it'll give you some ideas.
These statistics are also available on a per Vsite basis.

As for MailWatch: That contraption sure is needed for MailScanner to
break loose all the false positivest that it quarantined. The AV-SPAM
doesn't need it, as it simply uses different methods due to the superior
way of the Milter integration:

Highscoring SPAM's are rejected at the MTA level. This is configurable
and can be turned off or adjusted. And it's not a bounce. It's a true
reject. Meaning: Someone tries to send you a blatant SPAM and during the
stage where Sendmail examines the email (before it really accepts it!)
it tells the sender: "Sorry, I won't accept this SPAM" and it closes the
connection. So that email doesn't actually make it past Sendmail and the
sending mailserver never gets rid of that SPAM to begin with, as you
won't accept it.

Lower scoring SPAM is accepted and filtered on per user rules that are
configurable for each individual account. The end user can decide what
happens with a SPAM. Default is to accept it, but to mark it as such.
Optionally each user can choose to quarantine detected SPAM in a
separate IMAP folder. Or he can choose to delete all SPAM automatically
on the server. Or - if he really wants to: He can disable the filtering
for that account. So you got optional quarantining (if anyone wants it!)
and the quarantined SPAM's can be checked and reviewed with any IMAP
capable email program or via Webmail such as RoundCube.

As for virii: Detected virii are also simply rejected on the MTA level
as well and no quarantining is needed or performed. It doesn't simply
forbid attachments based on their extension such as MailScanner offers.
Yet (aside from piping all attachments through the virus scanner) there
still is some additional attachment checking done via SpamAssassin,
which (based on rules) might give certain attachments a higher SPAM-score.

Lastly: There is Greylisting, which (if enabled) delays all emails from
first time senders for a short duration to make sure it's really coming
from a proper mail relay that does re-queue and not some throw away bot.
After an email makes it past the Greylisting the sender address is
whitelisted from future Greylisting delays for a certain period of time
(also configurable via the GUI). Naturally: You can exclude certain IPs
from Greylisting altogether.

As for performance: The way of using Milters (and milterized daemons) is
about 15x more performant than MailScanner. So it is a lot easier on the
load and the results are generally much better.

Give it a try and I'm sure you'll like it.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list