From owner-freebsd-isp Fri Jan 4 13:25:44 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75]) by hub.freebsd.org (Postfix) with ESMTP id B0A1937B435 for ; Fri, 4 Jan 2002 13:25:20 -0800 (PST) Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id C56E416B22 for ; Fri, 4 Jan 2002 22:25:18 +0100 (CET) Received: from LenConrad.Go2France.com [66.64.14.18] by mail.Go2France.com with ESMTP (SMTPD32-6.06) id A1871CE6030E; Fri, 04 Jan 2002 22:41:27 +0100 Message-Id: <5.1.0.14.2.20020104150753.0370de18@mail.Go2France.com> X-Sender: LConrad@Go2France.com@mail.Go2France.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 04 Jan 2002 15:25:14 -0600 To: freebsd-isp@freebsd.org From: Len Conrad Subject: Re: Virus and Spam Filtering In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >We currently use Postini to filter spam and viruses, however >Postini is raising prices shortly and we are looking for an alternative. :)) >We run FreeBSD 4.0 with QPopper as the POP3 server, Sendmail as the SMTP >server and Procmail as the delivery agent. > > I'm looking for possibilities that we should consider as an ISP >(with several thousand mail accounts) to replace our current service with >Postini. a couple of hundred ISP's have taken the IMGate approach, see my sig, with universal success, even with enthusiasm. most were were pure GUI jockeys before, and came to FreeBSD only for IMGate. > Furthermore, the following information will be very helpful: > > - What do most large mail servers run? > - Are the programs that do the filtering harsh on the CPU/Memory? unanchored regex's on megabytes of message bodies is expensive. > - How GOOD do the programs work: > - Virus defs. updated often? every day. I use avcheck chroot wrapper for Kaspersky FreeBSD Server Daemon. One ISP I set up with IMgateAV is scanning 300k msgs/day, removing about 1000 infections. the machine is loafing, but the disk can get behind a times, up to a 20 minute delay, but WTF do you want with a cheapo ATA disk? :)) so he's upping to dual 128-mb-caching SCSI controllers and dual disks (separating logging from mailqueuing). > - Spam filtering works well? yes, using RBL databases, DNS validations, SMTP protocol enforcements, regex filtering on headers and bodies will catch 90+%, for free. certainly get it to liveable level. additional approaches like tmda, spamassassin, vipul+s razor will just about slam the door on the last bits of junk. > - When a message is "filtered", is there a way to GET it? Or does >the program simply delete it? best is to just reject at the edge, so the sending mail server notifies the sender. keeps the crap out of your system. nothing's deleted. but AV is different, notices are sent to sender, recipient, and/or admin. most infections are not valid messages, but worm crap so deleting them hurts no one. if someone sends a Really Valuable File (while keeping their own copy) that's infected and deleted, well TS. >any information on what you run on your own server, or any >external program (we used to be with MAPS, then I guess they went down >hill, is ORBS any good orbs is dead, I run: maps_rbl_domains = relays.ordb.org, inputs.orbz.org, dialups.relays.osirusoft.com, spews.relays.osirusoft.com, or.orbl.org >or do they still suck as well?) will be VERY >helpful! IMGate config files are free for the asking. Len http://MenAndMice.com/DNS-training http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message