[plug] Preferred mail scanning system?

Craig Foster fostware at westnet.com.au
Wed Oct 13 23:14:26 WST 2004 

 

> -----Original Message-----
> From: plug-bounces at plug.linux.org.au 
> [mailto:plug-bounces at plug.linux.org.au] On Behalf Of Craig Ringer
> Sent: Wednesday, 13 October 2004 9:50 AM
> To: Perth Linux User Group
> Subject: [plug] Preferred mail scanning system?
> 
> Hi folks
> 
> I'm in the process of upgrading our frightening hacked-up 
> used-to-be-RH8 core server to Debian (live, thanks to the 
> wonders of LVM2 and debootstrap). This will be a slow, 
> one-by-one service migration from the main host to the debian chroot.
> 
<snip>
> 
> 	- can quarantine attachments with select file extensions
> 	- can quarantine attachments with select MIME types
> 	- doesn't send out "virus detected" mail
> 	- can pass messages on to a virus scanner then a spam filter
> 	- can quarantine messages _before_ passing to the virus scanner
> 
<snip>
> 
> So ... any suggestions? Recommendations or horror stories?

Apt-get install messagewall
And assp.sourceforge.net
 
Messagewall proxies the SMTP, and gives a 50x for messages that fail:-
Reverse DNS
Valid Reverse MX
Block Lists
Words in body
Words in headers
Viruses
MIME type
Or any combination of the above... all with a scoring system similar in
method to spamassassin.

ASSP is a perl SMTP proxy that bayesian filters mail and gives the usual
is_spam at hostname and is_not_spam at hostname, whitelisting, manual editing,
ability to import a saved mailbox file to spam or ham, admin web interface,
etc. It can get a little CPU heavy during the spam scoring cronjob though.

While people hate having SMTP proxies, but if something goes pear shaped,
it's simple to change a port number and work out what's happening without
affecting everyone else.

> Once I've decided on what I'm going to use and have it all 
> set up I'll let you folks know how it goes and how it all 
> fits together.

It'd be much appreciated, as the scoring cronjob in ASSP has gone 99%CPU for
a couple of hours on machines that don't get a lot of mail. The heavy ones
seem to be OK though. Hmmph!

> --
> Craig Ringer
> 

CraigF

More information about the plug mailing list