Implementing SPAM and virus protection for mail server

Alexander Dalloz alexander.dalloz at uni-bielefeld.de
Sat Sep 18 00:34:01 UTC 2004 

Am Sa, den 18.09.2004 schrieb Scot L. Harris um 0:54:

> spamassassin is very good once you get the bayes database trained and
> add a few of the SARE rulesets.  The new version (3.0) implements the
> SURBL lists and reports are that it does an excellent job.

The SA shipped with Fedora Core already does a very good job. Training
with with own individual SPAM and HAM and then using bayes is of course
recommended to gain best results.

> In addition I highly recommend greylisting.  I am sure you can find a
> package to implement greylisting for postfix.  I used milter-greylist
> with sendmail.  I was getting between 3000 and 6000 spam messages a
> day.  Greylisting reduced this to 5 to 10 spam messages a day.  And
> spamassassin typically tags those for me.  The biggest benefit that
> greylisting provides is that it rejects the spam messages before your
> system ever has to look at the body of the message.  This means your
> system does not have to spend as many resources processing spam through
> spamassassin.  Has proved to be much more effective than I had ever
> expected.

Greylisting has the downside that the sending MTAs have much to manage
more work, as it has to handle the sending at least at the first time
twice. The other negative point is that delivery of mails lasts longer.
Can be 1 hour and even more, regardless of what the greylisting MTA has
set as greylist time.

I like the new Sendmail feature greet_pause. I did it patch from
Sendmail 8.13.x into the version shipped with Fedora and am amazed how
many SPAM attempts just a low greet delay blocks. 3000 or 5000
milliseconds is enough in most cases.

> I have not implemented it but I understand clamav does a good job of
> scanning for windows viruses.  Of course if you are not running windows
> then you probably don't need to bother with that.

ClamAV also helps blocking worm mails already when it reaches the MTA.
Speaking about an integration into the data stream. I am using
clamav-milter in conjunction with Sendmail for that. Detected virus /
worm mails are immediately rejected with an DSN and do not fill the
recipient's mailbox.

> Scot L. Harris

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.8-1.521smp 
Serendipity 02:23:28 up 18 days, 23:40, load average: 0.72, 0.47, 0.41 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040918/69651433/attachment-0001.sig>

More information about the fedora-list mailing list