From owner-freebsd-questions  Wed Feb 20 13:42:45 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from cody.jharris.com (cody.jharris.com [205.238.128.83])
	by hub.freebsd.org (Postfix) with ESMTP id B1B6C37B43A
	for <freebsd-questions@FreeBSD.ORG>; Wed, 20 Feb 2002 13:42:28 -0800 (PST)
Received: from localhost (nick@localhost)
	by cody.jharris.com (8.11.1/8.9.3) with ESMTP id g1KLg2p12828;
	Wed, 20 Feb 2002 15:42:06 -0600 (CST)
	(envelope-from nick@rogness.net)
Date: Wed, 20 Feb 2002 15:42:02 -0600 (CST)
From: Nick Rogness <nick@rogness.net>
X-Sender: nick@cody.jharris.com
To: Scott Pilz <tech@vikrant.tznet.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: FreeBSD/Procmail/Virus
In-Reply-To: <Pine.BSF.4.21.0202201530180.80223-100000@vikrant.tznet.com>
Message-ID: <Pine.BSF.4.21.0202201532190.8959-100000@cody.jharris.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Wed, 20 Feb 2002, Scott Pilz wrote:

> 
>         Hopefully a simple question.
> 
>         Our setup:
> 
> ProcMail/QPopper/Sendmail/BSD 4.5-Release
> 
>         Around 10k users on our mail server, heavy smtp/pop3 traffic
> on a daily basis, 24/7.
> 
>         I need to implement "good" virus filters for incoming email on
> only selected (those that pay) mailboxes. I have looked long and hard
> for a program to do this - nearly all of them only support "global"
> configurations, or a replacement to procmail altogether (which I
> cannot do).
> 
>         For those customers that subscribe, I'd like to simply modify
> their .procmailrc and include the pass-thru to the virus scanner.. Any
> package that anyone uses/heard of that does this the way I want it to
> work?
> 
>         I find it hard to believe that people like Postini can do this
> on a per-user-level yet there are no good packages available for BSD.
>         

	There is a simple and effective solution to MOST spam.  Look and
	see if the your address is in the TO: part of the header.

	So something like:

	1) allow trusted senders (like mailling lists and POSTMASTER)
	2) Check and see if To: contains the persons email account
	3) Mark it as questionable or delete [whatever].

	This catches about 96% of my spam.  Here is a sample procmailrc:


# Allow and sort freebsd-security mailling list
:0
*^Sender:.owner-freebsd-security@FreeBSD.ORG
/usr/home/nick/mail/FBSD-SECURITY


# Allow from POSTMASTER (bounces)
:0
* ^From: .*POSTMASTER
/var/mail/nick

# Check if I'm in the To: part of the message
:0
* ^To: .*nick@rogness.net
/var/mail/nick

# Put in SPAM box for review
:0
/usr/home/nick/SPAM

	It needs to be tweaked a bit but you get the point.  Like I said,
	it gets about 96% of all SPAM I see.  Postini claims 98%...pretty
	good for a no brainer.

	As far as Virus scanning...you will probably have to buy something
	for that.

Nick Rogness <nick@rogness.net>
 - Don't mind me...I'm just sniffing your packets



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message