faqts : Computers : Internet : Mail Servers : qmail : Anti-Spam Techniques

+ Search
Add Entry AlertManage Folder Edit Entry Add page to http://del.icio.us/
Did You Find This Entry Useful?

60 of 95 people (63%) answered Yes
Recently 6 of 10 people (60%) answered Yes


How can I filter all incoming messages for spam?
How can I check all incoming messages for viruses?
How can I perform some operation on all incoming messages?

Aug 6th, 2006 14:36
John Mazza, Rahul Mehta, Dave Sill,

For spam and virus checking, there are existing packages available from
http://www.qmail.org that might do what you want.
If those don't meet your needs, or you want to do some customized
processing, here's a general approach:
1. Install qmail twice with the same user ID's, but different
conf-qmail's, e.g., /var/qmail and /var/qmail2. If qmail is already
installed, edit conf-qmail and do "make setup check" to install the
second qmail. Mirror the startup mechanism for qmail-send and change all
references to /var/qmail to /var/qmail2. For example, with a "Life with
qmail" installation, copy /var/qmail/rc and
/var/qmail/supervise/qmail-send to /var/qmail2, edit rc and the run
scripts, then link /var/qmail2/supervise/qmail-send to
/service/qmail2-send. Create the /var/log/qmail2 directory and chown it
to qmaill.
2. Configure "qmail2" with the proper domains in control/locals
(rcpthosts and virtualdomains should be empty).
3. Configure /var/qmail to listen to port 25 and/or whatever other ports
you want, such as QMTP. Populate control/rcpthosts normally, but leave
control/locals empty. In control/virtualdomains, direct incoming mail to
a processing script or drop it in a staging area for batch processing.
For example, to implement accept/reject filtering, in
Then, in ~alias/.qmail-filter-default:
Where customfilter is a script or binary that examines the message on
standard input and exits with exit code 100 after outputting a reason
for the rejection if a message is to be rejected, or exits with exit
code 0 if the message is to be accepted. A simple filter that bounces
all messages containing the word "Outlook", for example:
#!/usr/bin/perl -n
if (m/Outlook/) {
  print "Look out!\n";
  exit 100;
Alternatively, if you want to process messages, possibly altering them,
simply deliver messages to your filter in ~alias/.qmail-filter-default
The customfilter script/binary does your custom processing then invokes
/var/qmail2/bin/qmail-inject to deliver the message. The filter can also
use the normal qmail-command exit codes to bounce messages.
I prefer to use Qmail-scanner with ClamAV (www.clamav.net) and 
SpamAssassin to filter mail.  It reduces the complexity of installing 
two qmail setups.