Implementing SPAM and virus protection for mail server

Scot L. Harris webid at cfl.rr.com
Sat Sep 18 02:39:12 UTC 2004 

On Fri, 2004-09-17 at 20:34, Alexander Dalloz wrote:
> Am Sa, den 18.09.2004 schrieb Scot L. Harris um 0:54:
> 
> > spamassassin is very good once you get the bayes database trained and
> > add a few of the SARE rulesets.  The new version (3.0) implements the
> > SURBL lists and reports are that it does an excellent job.
> 
> The SA shipped with Fedora Core already does a very good job. Training
> with with own individual SPAM and HAM and then using bayes is of course
> recommended to gain best results.
> 
> > In addition I highly recommend greylisting.  I am sure you can find a
> > package to implement greylisting for postfix.  I used milter-greylist
> > with sendmail.  I was getting between 3000 and 6000 spam messages a
> > day.  Greylisting reduced this to 5 to 10 spam messages a day.  And
> > spamassassin typically tags those for me.  The biggest benefit that
> > greylisting provides is that it rejects the spam messages before your
> > system ever has to look at the body of the message.  This means your
> > system does not have to spend as many resources processing spam through
> > spamassassin.  Has proved to be much more effective than I had ever
> > expected.
> 
> Greylisting has the downside that the sending MTAs have much to manage
> more work, as it has to handle the sending at least at the first time
> twice. The other negative point is that delivery of mails lasts longer.
> Can be 1 hour and even more, regardless of what the greylisting MTA has
> set as greylist time.
> 

I use a delay of just a few minutes.  True the sending MTA may not retry
the message for several hours.  But you can also white list servers
which you correspond with regularly so no delay is imposed on their
messages.  I spent a few hours reviewing the log files to pre-populate
the white list for legitimate email servers.  In practice I have not
seen any problems with this setup.

Plus email is not instant messaging.  :)

> I like the new Sendmail feature greet_pause. I did it patch from
> Sendmail 8.13.x into the version shipped with Fedora and am amazed how
> many SPAM attempts just a low greet delay blocks. 3000 or 5000
> milliseconds is enough in most cases.
> 

I also like this new option.  Have not implemented it yet but it has the
possibility of having similar results that I have seen with
greylisting.  It is really amazing how many virus infected systems are
used to send spam, and they don't seem to play by any of the normal
rules, which is good for us. 

> > I have not implemented it but I understand clamav does a good job of
> > scanning for windows viruses.  Of course if you are not running windows
> > then you probably don't need to bother with that.
> 
> ClamAV also helps blocking worm mails already when it reaches the MTA.
> Speaking about an integration into the data stream. I am using
> clamav-milter in conjunction with Sendmail for that. Detected virus /
> worm mails are immediately rejected with an DSN and do not fill the
> recipient's mailbox.
> 
> > Scot L. Harris
> 
> Alexander
-- 
Scot L. Harris
webid at cfl.rr.com

It is only with the heart one can see clearly; what is essential is
invisible to the eye.
		-- The Fox, 'The Little Prince"

More information about the fedora-list mailing list