Recommendations for spam/antivirus

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Recommendations for spam/antivirus

Guy-749
Hi,

I'm busy setting up a new mail gateway. I'll be replacing a temporary
gateway (we had a massive increase in mail due to taking on a new
domain) that's currently running postfix-policyd (greylisting only)
and amavisd-new with clamav.
I've been looking at howtos and people have a variety of antispam combinations.

Does anyone have any recommendations on which packages work well
together out of spamassassin, dspam, razor, DCC etc? I was under the
impression that dspam and spamassassin did some similar things, but
I've seen a howto with both on the same gateway so I'm wondering what
should make for a good combination that won't kill the server.

The gateway should be get about 200000 mails a day incoming. It's a
single CPU Q9300 with 2GB RAM so I expect that that may limit what I'm
going to able to run on it? It needs to be able to handle the load on
its own until I can bring in a secondary server.

Thanks
Guy

--
Don't just do something...sit there!
Reply | Threaded
Open this post in threaded view
|

Re: Recommendations for spam/antivirus

Justin Piszcz


On Wed, 25 Jun 2008, Guy wrote:

> Hi,
>
> I'm busy setting up a new mail gateway. I'll be replacing a temporary
> gateway (we had a massive increase in mail due to taking on a new
> domain) that's currently running postfix-policyd (greylisting only)
> and amavisd-new with clamav.
> I've been looking at howtos and people have a variety of antispam combinations.
>
> Does anyone have any recommendations on which packages work well
> together out of spamassassin, dspam, razor, DCC etc? I was under the
> impression that dspam and spamassassin did some similar things, but
> I've seen a howto with both on the same gateway so I'm wondering what
> should make for a good combination that won't kill the server.
>
> The gateway should be get about 200000 mails a day incoming. It's a
> single CPU Q9300 with 2GB RAM so I expect that that may limit what I'm
> going to able to run on it? It needs to be able to handle the load on
> its own until I can bring in a secondary server.
>
> Thanks
> Guy
>
> --
> Don't just do something...sit there!
>

I think it depends on one's opinion.  For me, amavisd-new & clam-av &
spam-assassin work very well together.

I've used razor and dcc but did not find I needed them for my server in
particular.

Also look at policyd-weight, geoip policy server (0.1), and the openSPF
policy server.

Justin.
Reply | Threaded
Open this post in threaded view
|

Re: Recommendations for spam/antivirus

mouss-2
In reply to this post by Guy-749
Guy wrote:

> Hi,
>
> I'm busy setting up a new mail gateway. I'll be replacing a temporary
> gateway (we had a massive increase in mail due to taking on a new
> domain) that's currently running postfix-policyd (greylisting only)
> and amavisd-new with clamav.
> I've been looking at howtos and people have a variety of antispam combinations.
>
> Does anyone have any recommendations on which packages work well
> together out of spamassassin, dspam, razor, DCC etc? I was under the
> impression that dspam and spamassassin did some similar things, but
> I've seen a howto with both on the same gateway so I'm wondering what
> should make for a good combination that won't kill the server.
>
> The gateway should be get about 200000 mails a day incoming. It's a
> single CPU Q9300 with 2GB RAM so I expect that that may limit what I'm
> going to able to run on it? It needs to be able to handle the load on
> its own until I can bring in a secondary server.
>
> Thanks
> Guy
>
>  

the advantage with amavisd+clamav+spamassassin is that it provides a
solution that works out of the box, with minimal maitenance work (mostly
sa-update).

you can go for dspam or bogofilter if you can train them. a perfectly
trained dspam or bogofilter will outperform SA in performance and in
"old spam" filtering. but correct training is hard, and detecting "new
spam" is not a pure "text analysis" problem (think of uribl, DNSBL, ...
etc).

I am not very "score|confidence|probability|*" oriented guy. so I
recommend blocking as much as you can at postfix level, based on the
envelope. content filtering is more a game than a science. blocking
"bad" clients is more effective. while I can spend time looking at my
Junk folder, most users won't. so in a lot of cases, a quarantine is
equivalent to discarding mail, and this is bad.
Reply | Threaded
Open this post in threaded view
|

Re: Recommendations for spam/antivirus

Michael Monnerie-4
On Mittwoch, 25. Juni 2008 mouss wrote:
> I am not very "score|confidence|probability|*" oriented guy. so I
> recommend blocking as much as you can at postfix level, based on the
> envelope. content filtering is more a game than a science. blocking
> "bad" clients is more effective. while I can spend time looking at my
> Junk folder, most users won't. so in a lot of cases, a quarantine is
> equivalent to discarding mail, and this is bad.

Same for us. We block 85% of all connections directly at SMTP level, and
then only below 10% of all e-mails are spam. Overall, users are *very*
happy with our setup, and we don't even have quarantine or such.

SA+clamav+postfix, using RBLs and the usual stuff.

mfg zmi
--
// Michael Monnerie, Ing.BSc    -----      http://it-management.at
// Tel: 0660 / 415 65 31                      .network.your.ideas.
// PGP Key:         "curl -s http://zmi.at/zmi.asc | gpg --import"
// Fingerprint: AC19 F9D5 36ED CD8A EF38  500E CE14 91F7 1C12 09B4
// Keyserver: www.keyserver.net                   Key-ID: 1C1209B4

signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Recommendations for spam/antivirus

James Brown
In reply to this post by Guy-749
Have you had a look at ASSP?

ClamAV works great (we use it with ASSP) - especially the third party  
signatures which catch a lot of spam/malware (see sanesecurity's web  
site).

James.

On 26/06/2008, at 1:50 AM, Guy wrote:

> Hi,
>
> I'm busy setting up a new mail gateway. I'll be replacing a temporary
> gateway (we had a massive increase in mail due to taking on a new
> domain) that's currently running postfix-policyd (greylisting only)
> and amavisd-new with clamav.
> I've been looking at howtos and people have a variety of antispam  
> combinations.
>
> Does anyone have any recommendations on which packages work well
> together out of spamassassin, dspam, razor, DCC etc? I was under the
> impression that dspam and spamassassin did some similar things, but
> I've seen a howto with both on the same gateway so I'm wondering what
> should make for a good combination that won't kill the server.
>
> The gateway should be get about 200000 mails a day incoming. It's a
> single CPU Q9300 with 2GB RAM so I expect that that may limit what I'm
> going to able to run on it? It needs to be able to handle the load on
> its own until I can bring in a secondary server.
>
> Thanks
> Guy
>
> --
> Don't just do something...sit there!

Reply | Threaded
Open this post in threaded view
|

Re: Recommendations for spam/antivirus

Richard Foley
In reply to this post by mouss-2
On Wednesday 25 June 2008 21:29:50 mouss wrote:
>
>
> the advantage with amavisd+clamav+spamassassin is that it provides a
> solution that works out of the box, with minimal maitenance work (mostly
> sa-update).
>
Good for sysadmins, and for the rest of us who just like our system to work,
without all that 'fun' tweaking some people seem to live for :-)

> recommend blocking as much as you can at postfix level, based on the
> envelope.
>
Can you recommend a good source for a sound anti-spam setup example at the
postfix level?  I mean which concentrates on the main.cf and master.cf
entries (I guess).

Thanks very muchly in advance.

--
Richard Foley
Ciao - shorter than aufwiedersehen

http://www.rfi.net/