A2I Communications Info Site

User Tools

Site Tools

Trace:
hints:classic_linux_mail_flow

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
hints:classic_linux_mail_flow [2021/03/02 12:25]
admin [Run Procmail and SpamAssassin] 		hints:classic_linux_mail_flow [2021/03/05 17:26]
admin [Run Procmail and SpamAssassin]
Line 12: Line 12:
  
 Postfix then feeds the same message to Rspamd in real time, i.e., while the same SMTP transaction is in progress. Postfix then feeds the same message to Rspamd in real time, i.e., while the same SMTP transaction is in progress.
- 
-Rspamd does a large number of spam checks, including checking the headers added by OpenDKIM, and checking for DMARC and SPF records in DNS.((For more information about how DKIM, SPF, and DMARC records work, see [[hints:DMARC DNS entry and mystery email reports]].)) 
  
 Rspamd feeds the same message to Clamd, which checks for viruses and returns a result to Rspamd. Rspamd feeds the same message to Clamd, which checks for viruses and returns a result to Rspamd.
  
-Rspamd then returns its final findings to Postfix, which may ask Postfix to:+Rspamd does a large number of spam checks, including checking the headers added by OpenDKIM, and checking for DMARC and SPF records in DNS.((For more information about how DKIM, SPF, and DMARC records work, see [[hints:DMARC DNS entry and mystery email reports]].)) 
 + 
 +Rspamd then returns its final findings to Postfix. These findings may ask Postfix to:
  
-  * Accept the message because it contains no spam and no virus. 
   * Reject the message because it contains a virus.   * Reject the message because it contains a virus.
   * Reject the message because it contains guaranteed spam.   * Reject the message because it contains guaranteed spam.
   * Greylist the message because it contains likely spam.   * Greylist the message because it contains likely spam.
 +  * Accept the message because it contains no spam and no virus.
  
-Postfix acts on these findings. It will accept the message from the remote SMTP client, or it will send a permanent rejection reply to the remote SMTP client, or it will do greylisting by sending a temporary rejection to the remote SMTP client (which means try again later).((Most infected Microsoft Windows machines that are part of a botnet being used to send spam will not retry sending the same spam message, so greylisting eliminates almost all spam sent by such machines. The next time the same client sends a message from the same sender to the same recipient, within a predetermined period, it will not be greylisted.))+Postfix acts on these findings. It will send a permanent rejection reply to the remote SMTP client due to a virus or guaranteed spam, or do greylisting by sending a temporary rejection to the remote SMTP client (which means try again later).((Most infected Microsoft Windows machines that are part of a botnet being used to send spam will not retry sending the same spam message, so greylisting eliminates almost all spam sent by such machines. The next time the same client sends a message from the same sender to the same recipient, within a predetermined period, it will not be greylisted.)), or accept the message from the remote SMTP client. Due to the high incidence of spam and viruses, only about 20% of incoming mail is unconditionally accepted. Most is rejected outright, and some is greylisted.
  
 If Postfix accepts the message, it expands aliases and domain names until it determines the final recipient, which in Classic Linux is always a Linux user. Let's call that user the first user, also called USER. If Postfix accepts the message, it expands aliases and domain names until it determines the final recipient, which in Classic Linux is always a Linux user. Let's call that user the first user, also called USER.
Line 44: Line 44:
 Taking into account these preferences, Procmail now does the final mail delivery. If the first user has a .procmailrc file, then instructions in it will be followed. Otherwise Procmail simply delivers the message into the first user's Maildir directory in [[:hints:maildir]] format, either into the user's inbox, or into the spam folder. Taking into account these preferences, Procmail now does the final mail delivery. If the first user has a .procmailrc file, then instructions in it will be followed. Otherwise Procmail simply delivers the message into the first user's Maildir directory in [[:hints:maildir]] format, either into the user's inbox, or into the spam folder.
  
-Because spam-checking is done in sequence by Rspamd and SpamAssassin, you will often find two sets of headers in a message, some added by Rspamd and some by SpamAssassin. Rspamd adds headers only if it finds at least a little spam. SpamAssasin always adds headers, but makes them verbose only if it finds some spam, otherwise the SpamAssasin headers for not-spam are quite brief.+Because spam-checking is done in sequence by Rspamd and SpamAssassin, you will often find two sets of headers in a message, some added by Rspamd and some by SpamAssassin. The verbosity of these headers may vary depending on the amount of spam found in a message.
  
 If the first user has a .forward file that sends mail elsewhere, Procmail is not run, and therefore SpamAssassin is not run. If the first user has a .forward file that sends mail elsewhere, Procmail is not run, and therefore SpamAssassin is not run.
Line 50: Line 50:
 If the first user's .forward file causes mail to go to a second user, then Postfix goes back to the step **check for .forward file** above, and looks for the second user's .forward file, if any. If the second user doesn't have a .forward file, then Procmail will run for the second user and Procmail will call SpamAssassin for the user. If the first user's .forward file causes mail to go to a second user, then Postfix goes back to the step **check for .forward file** above, and looks for the second user's .forward file, if any. If the second user doesn't have a .forward file, then Procmail will run for the second user and Procmail will call SpamAssassin for the user.
  
-If the first user's .forward file causes mail to go off-site (i.e., mail is forwarded to some other place like Gmail, Yahoo, etc.), then SpamAssassin will never run for the first user. However, Rspamd already ran, so guaranteed spam, i.e., anything recognized as spam with high certainty, has already been rejected. But likely spam, not recognized as spam with high certainty, will be forwarded -- see the discussion of spam thresholds below.+If the first user's .forward file causes mail to go off-site (i.e., mail is forwarded to some other place like Gmail, Yahoo, etc.), then SpamAssassin will never run for the first user. However, Rspamd already ran, so guaranteed spam — anything recognized as spam with high certainty — has already been rejected. But likely spam, not recognized as spam with high certainty, will be forwarded — see the discussion of spam thresholds below.
  
 ===== Spam thresholds ===== ===== Spam thresholds =====
Line 60: Line 60:
 Because of Rspamd's high threshold for rejecting spam, and because SpamAssassin does not run when a .forward file is used, mail forwarded with a .forward file will contain likely spam but not guaranteed spam. Because of Rspamd's high threshold for rejecting spam, and because SpamAssassin does not run when a .forward file is used, mail forwarded with a .forward file will contain likely spam but not guaranteed spam.
  
-You can make the amount of spam much lower by [[hints:example_procmailrc_file_forwarding|forwarding mail with a Procmail script]] and not with a .forward file.+You can make the amount of forwarded spam quite a bit lower by [[hints:example_procmailrc_file_forwarding|forwarding mail with a Procmail script]] and not with a .forward file.
hints/classic_linux_mail_flow.txt · Last modified: 2021/04/03 07:41 by admin

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki