From owner-freebsd-isp@FreeBSD.ORG Wed May 18 05:30:25 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 78FD816A4CE for ; Wed, 18 May 2005 05:30:25 +0000 (GMT) Received: from lily.ezo.net (lily.ezo.net [68.23.200.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id CB6C443D9A for ; Wed, 18 May 2005 05:30:23 +0000 (GMT) (envelope-from jflowers@ezo.net) Received: from www.ezo.net (peony.ezo.net [68.23.200.11]) by lily.ezo.net (8.12.6/8.12.6) with ESMTP id j4I5UKqD080360; Wed, 18 May 2005 01:30:20 -0400 (EDT) (envelope-from jflowers@ezo.net) From: "Jim Flowers" To: phill@sysctl.net Date: Wed, 18 May 2005 01:31:32 -0500 Message-Id: <20050518044036.M91942@ezo.net> X-Mailer: Open WebMail 2.10 20031002 X-OriginatingIP: 65.25.64.123 (jflowers) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 cc: freebsd-isp@freebsd.org Subject: Antispam solutions X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 May 2005 05:30:25 -0000 Currently we are building our MXGuardian Mail Gateway systems around MailScanner in the usual Sendmail-->MailScanner-->Sendmail alignment with the top 5 RBLs and SURBLs running in the front end SM along with a number of SM specific routines. This eliminates more than 60% of the messages without having to process the body. MS is configured with dcc, razor, and pyzor through spamassassin and clamAV for anti-virus as well as its own per-domain and per-user features. MS dumps another 8% as high scoring spam and tags 3% to pass on to the users for their handling (all in % of total messages). Mailwatch runs on top of MailScanner to give us visible control and the ability to release individual messages from quarantine and train the Bayesian DB. Finally, Vispan produces some pretty graphs and lists but also monitors the biggest spam offenders and feed-forwards the IP to be blocked by the SM front-end for a blackout period. We are in the process of adding milter-ahead in the SM front end to query the destination mailhubs and eliminate handling of the unknown-user messages by the gateway. Typically we run up to 30 domains on a system with user counts from a couple hundred to several thousands. One system has a domain with right around 10,000 users on a middling FreeBSD server. Load averages about 0.8 with daily peaks to 2.0. About once a month, a false positive has to be released from the quarantine. Of course there may be others, unidentified. Good luck. -- Jim Flowers