Date: Sun, 03 Oct 1999 14:59:06 -0400 From: "Gary Palmer" <gjp@in-addr.com> To: "Kelsey Cummings" <kc@neteze.com> Cc: freebsd-isp@freebsd.org Subject: Re: email content filtering Message-ID: <64205.938977146@noop.colo.erols.net> In-Reply-To: Your message of "Thu, 30 Sep 1999 13:56:21 PDT." <05eb01bf0b86$3ffcd280$33f9c9d0@neteze.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Kelsey Cummings" wrote in message ID <05eb01bf0b86$3ffcd280$33f9c9d0@neteze.com>: > Hey all- > I'm considering adding some more advanced de-spamming to my email > services. I'd like to provide content filtering (for virus signitures, > buffer overruns in subject lines, etc, etc.) Also, ideally, real time > blocking for inbound spam. IE: I've recieved 20 copies of the same message > for different customers, I'm going to spool all further messages that look > like this one for manual processing (approval or rejection by the > postmaster) in a a single group. > Currently I am more concerned about inbound SMTP than what my customers > are sending. So- what I'm asking is: what mail server could be used like > this (after a message passed the filters it would be forwarded to the > existing pop3/smtp server.) I've heard that you can do this with Sendmail > (although its way above my head) but I've also heard that procmail and qmail > are the best choices. Anybody have any experience doing this? What qould > you recommend? Content based filtering is a BAD idea. While your idea of dumping it into a different directory is a good one, it also means you have to have someone there 24/7 to check that directory manually and approve the mail. Also, spammers have taken to injecting random text into the body of the message, changing the subject, changing from lines, etc, to try and combat simple content checks. You are more likely (IMNSHO) to have better results doing IP based filtering ... use some sort of IPC between all your inbound mail servers and figure out what IP address is hitting you hard with inbound mail for multiple recipients. Exceptions would need to be in place to stop you blocking (for example) AOL, but in theory it should work pretty well. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?64205.938977146>