From owner-freebsd-isp Sun Oct 3 11:58:12 1999 Delivered-To: freebsd-isp@freebsd.org Received: from noop.colo.erols.net (noop.colo.erols.net [207.96.1.150]) by hub.freebsd.org (Postfix) with ESMTP id 0207C14DE6 for ; Sun, 3 Oct 1999 11:58:09 -0700 (PDT) (envelope-from gjp@noop.colo.erols.net) Received: from localhost ([127.0.0.1] helo=noop.colo.erols.net) by noop.colo.erols.net with esmtp (Exim 2.12 #1) id 11Xqqh-000Gha-00; Sun, 3 Oct 1999 14:59:07 -0400 To: "Kelsey Cummings" Cc: freebsd-isp@freebsd.org From: "Gary Palmer" Subject: Re: email content filtering In-reply-to: Your message of "Thu, 30 Sep 1999 13:56:21 PDT." <05eb01bf0b86$3ffcd280$33f9c9d0@neteze.com> Date: Sun, 03 Oct 1999 14:59:06 -0400 Message-ID: <64205.938977146@noop.colo.erols.net> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Kelsey Cummings" wrote in message ID <05eb01bf0b86$3ffcd280$33f9c9d0@neteze.com>: > Hey all- > I'm considering adding some more advanced de-spamming to my email > services. I'd like to provide content filtering (for virus signitures, > buffer overruns in subject lines, etc, etc.) Also, ideally, real time > blocking for inbound spam. IE: I've recieved 20 copies of the same message > for different customers, I'm going to spool all further messages that look > like this one for manual processing (approval or rejection by the > postmaster) in a a single group. > Currently I am more concerned about inbound SMTP than what my customers > are sending. So- what I'm asking is: what mail server could be used like > this (after a message passed the filters it would be forwarded to the > existing pop3/smtp server.) I've heard that you can do this with Sendmail > (although its way above my head) but I've also heard that procmail and qmail > are the best choices. Anybody have any experience doing this? What qould > you recommend? Content based filtering is a BAD idea. While your idea of dumping it into a different directory is a good one, it also means you have to have someone there 24/7 to check that directory manually and approve the mail. Also, spammers have taken to injecting random text into the body of the message, changing the subject, changing from lines, etc, to try and combat simple content checks. You are more likely (IMNSHO) to have better results doing IP based filtering ... use some sort of IPC between all your inbound mail servers and figure out what IP address is hitting you hard with inbound mail for multiple recipients. Exceptions would need to be in place to stop you blocking (for example) AOL, but in theory it should work pretty well. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message