Date: Fri, 04 Jan 2002 15:25:14 -0600 From: Len Conrad <LConrad@Go2France.com> To: freebsd-isp@freebsd.org Subject: Re: Virus and Spam Filtering Message-ID: <5.1.0.14.2.20020104150753.0370de18@mail.Go2France.com> In-Reply-To: <Pine.BSF.4.05.10201041501010.20703-100000@squid.tznet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>We currently use Postini to filter spam and viruses, however
>Postini is raising prices shortly and we are looking for an alternative.
:))
>We run FreeBSD 4.0 with QPopper as the POP3 server, Sendmail as the SMTP
>server and Procmail as the delivery agent.
>
> I'm looking for possibilities that we should consider as an ISP
>(with several thousand mail accounts) to replace our current service with
>Postini.
a couple of hundred ISP's have taken the IMGate approach, see my sig, with
universal success, even with enthusiasm. most were were pure GUI jockeys
before, and came to FreeBSD only for IMGate.
> Furthermore, the following information will be very helpful:
>
> - What do most large mail servers run?
> - Are the programs that do the filtering harsh on the CPU/Memory?
unanchored regex's on megabytes of message bodies is expensive.
> - How GOOD do the programs work:
> - Virus defs. updated often?
every day. I use avcheck chroot wrapper for Kaspersky FreeBSD Server
Daemon. One ISP I set up with IMgateAV is scanning 300k msgs/day, removing
about 1000 infections. the machine is loafing, but the disk can get behind
a times, up to a 20 minute delay, but WTF do you want with a cheapo ATA
disk? :)) so he's upping to dual 128-mb-caching SCSI controllers and dual
disks (separating logging from mailqueuing).
> - Spam filtering works well?
yes, using RBL databases, DNS validations, SMTP protocol enforcements,
regex filtering on headers and bodies will catch 90+%, for free. certainly
get it to liveable level. additional approaches like tmda, spamassassin,
vipul+s razor will just about slam the door on the last bits of junk.
> - When a message is "filtered", is there a way to GET it? Or does
>the program simply delete it?
best is to just reject at the edge, so the sending mail server notifies the
sender. keeps the crap out of your system. nothing's deleted.
but AV is different, notices are sent to sender, recipient, and/or
admin. most infections are not valid messages, but worm crap so deleting
them hurts no one. if someone sends a Really Valuable File (while keeping
their own copy) that's infected and deleted, well TS.
>any information on what you run on your own server, or any
>external program (we used to be with MAPS, then I guess they went down
>hill, is ORBS any good
orbs is dead, I run:
maps_rbl_domains = relays.ordb.org,
inputs.orbz.org,
dialups.relays.osirusoft.com,
spews.relays.osirusoft.com,
or.orbl.org
>or do they still suck as well?) will be VERY
>helpful!
IMGate config files are free for the asking.
Len
http://MenAndMice.com/DNS-training
http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.2.20020104150753.0370de18>