postfix, procmail and SELinux - No Go

Marc Schwartz MSchwartz at mn.rr.com
Thu Jun 8 00:38:47 UTC 2006 

Nicolas Mailhot wrote:
> Le mercredi 07 juin 2006 à 13:12 -0500, Marc Schwartz (via MN) a écrit :
>> aul and Dan,
>>
>> As of this moment, now running in Enforcing Mode, the following are
>> known to work with Paul's policies and context changes:
>>
>>   Incoming multiple POP3 account mail via fetchmail is working.
>>   fetchmail, BTW, runs every 2 mins. from my own crontab file, not the
>>   system crontab, using ~/.fetchmailrc.
>>
>>   Outgoing mail via company SMTP server is working
>>
>>   Mail forwarding off my laptop via procmail/postfix is working
>>
>>   Clamassassin is working
>>
>>   Spamassassin is working
>>
>>
>> I have not yet had any Viagra-like e-mails to be able to test the other
>> remote servers (ie. pyzor, razor and DCC) to check for function.
>> Hopefully some with come through today (why can't you get them when you
>> want them....  ;-).
> 
> 
> BTW (did I already wrote this?) it seems strange that on a postfix
> +procmail+clamav+sa setup you wouldn't be using amavis, especailly since
> it's available in FE

Nicolas,

No, you had not queried me on that previously.

When I set this approach up two or three years ago, I was looking for 
something relatively easy to maintain, that was targeted to a relatively 
low volume, single user system.  I became aware of ClamAssassin via the 
ClamAV third party apps web page and subsequent Google searches.

My readings of amavisd-new suggested that it was targeted more for 
multi-user mail server configurations, given the more complex processing 
options and reporting. Kind of along the lines of some of the other 
mail::scanner classes of applications.

This was quick and easy to configure using procmail, including enabling 
subject and header re-writes for SA and ClamAV.  The remote spam tests 
via SA were quick and easy to install and (prior to SA 3.1 as you first 
noted) no other configuration modifications were required.

Most importantly, it has been effective at dramatically reducing my 
manual handling of spam.

The occasional 'infected' e-mail that I still get is picked up quickly 
and deleted using a filter in Evo based upon the X-Virus-Status tag. I 
could set up the procmail recipe to send them to /dev/null, but I like 
to keep track of them to have a sense of frequency. Between my company's 
server filters and my personal ISP's filters, they are a rarity now.

I appreciate your asking and hope that this clarifies my logic.

Regards,

Marc Schwartz

More information about the fedora-selinux-list mailing list