On Fri, 2004-09-17 at 20:34, Alexander Dalloz wrote: > Am Sa, den 18.09.2004 schrieb Scot L. Harris um 0:54: > > > spamassassin is very good once you get the bayes database trained and > > add a few of the SARE rulesets. The new version (3.0) implements the > > SURBL lists and reports are that it does an excellent job. > > The SA shipped with Fedora Core already does a very good job. Training > with with own individual SPAM and HAM and then using bayes is of course > recommended to gain best results. > > > In addition I highly recommend greylisting. I am sure you can find a > > package to implement greylisting for postfix. I used milter-greylist > > with sendmail. I was getting between 3000 and 6000 spam messages a > > day. Greylisting reduced this to 5 to 10 spam messages a day. And > > spamassassin typically tags those for me. The biggest benefit that > > greylisting provides is that it rejects the spam messages before your > > system ever has to look at the body of the message. This means your > > system does not have to spend as many resources processing spam through > > spamassassin. Has proved to be much more effective than I had ever > > expected. > > Greylisting has the downside that the sending MTAs have much to manage > more work, as it has to handle the sending at least at the first time > twice. The other negative point is that delivery of mails lasts longer. > Can be 1 hour and even more, regardless of what the greylisting MTA has > set as greylist time. > I use a delay of just a few minutes. True the sending MTA may not retry the message for several hours. But you can also white list servers which you correspond with regularly so no delay is imposed on their messages. I spent a few hours reviewing the log files to pre-populate the white list for legitimate email servers. In practice I have not seen any problems with this setup. Plus email is not instant messaging. :) > I like the new Sendmail feature greet_pause. I did it patch from > Sendmail 8.13.x into the version shipped with Fedora and am amazed how > many SPAM attempts just a low greet delay blocks. 3000 or 5000 > milliseconds is enough in most cases. > I also like this new option. Have not implemented it yet but it has the possibility of having similar results that I have seen with greylisting. It is really amazing how many virus infected systems are used to send spam, and they don't seem to play by any of the normal rules, which is good for us. > > I have not implemented it but I understand clamav does a good job of > > scanning for windows viruses. Of course if you are not running windows > > then you probably don't need to bother with that. > > ClamAV also helps blocking worm mails already when it reaches the MTA. > Speaking about an integration into the data stream. I am using > clamav-milter in conjunction with Sendmail for that. Detected virus / > worm mails are immediately rejected with an DSN and do not fill the > recipient's mailbox. > > > Scot L. Harris > > Alexander -- Scot L. Harris webid@xxxxxxxxxx It is only with the heart one can see clearly; what is essential is invisible to the eye. -- The Fox, 'The Little Prince"
