Domain: flakshack.com
Stories and comments across the archive that link to flakshack.com.
Comments · 8
-
Re:RBLs and not getting your mail
As someone who uses Exchange I can say that setting spam filtering up is easy. You can use RBLs or not. You can set thresholds that let a lot in or block a lot with many false positives. If you're worried about losing business mail then you can configure it to be safe about that and never outright refuse or delete mail.
But I don't like it because once you check the boxes, set the sliders and press OK, that's it. Unless you then get into scripting or third party products or any other solutions I can't think of you don't get to customize it any further. In other words, at that point, if you want more, it's just like Unix. I've never worked with any but can't you buy Sendmail or OpenExchange and get a lot of the point and click stuff for free too? And for a lot less then the dragon's horde a small business spends on MS Exchange?
One last thing to mention, we feel the same way as you about losing a customer's mail. So our users don't get anywhere near the spam they used to but the IT Admin that works for me spends anywhere from an hour to two a day checking the spam filter to see what gets tagged. Whitelisting? So far we found a few half ass solutions in forums that for various reasons don't do exactly what we need.
All in all, like most Window's based solutions in my experience, Exchange is easy to set up, hard to customize. We're working on a OpenBSD solution as a front end in our spare time. Hopefully we can get it to get the worst of the spam and then set Exchange to be a lot more lax when it gets in... Anything that keeps us from checking the spam filter all day. -
Alternative guide
For those of us who like details, here's an alternative spam filtering guide: http://www.flakshack.com/anti-spam/wiki/index.php
.
I'm using the setup presented to filter about 1000 messages per day before they hit our exchange server. It works very well and so far has had no false positives. However, it's difficult and time consuming to set up and needs to be trained with sa-learn before using. -
Re:duhI haven't tried this out yet myself, but I've been following the conversation on the Postfix list. It's not distributed, but it does the trick.
http://greylisting.org/implementations/postfix.sh
t mlThere are numerous other greylisting implementations out there on this same webpage. The OpenBSD folks have been putting a lot of effort into their own lately-- if I'm not mistaken, you can get spamd to rewrite pf rules on the fly. This guy has a writeup.
Also check out Vipul's Razor and DCC, which are distributed. I currently use both of these with SpamAssassin when evaluating scores for email.
PS. If you're wondering about load-- we get about 85k email messages a day, and between two dual Xeons (2.something GHz) in a round-robin config, we rarely crack more than 95% idle.
-
Re:NO, don't bounce, reject at MTA level ONLY
I have postfix setup to call amavis as a before-queue content filter. Postfix receives the message and keeps the SMTP connection open, passes the message to amavis which scans the message with ClamAv and SpamAssassin. If the message is spam postfix returns a '550: Message content rejected: looks like SPAM' and a web address that has my contact information so I can be reached if it is not really spam. The message is then quarantined and I can read or release the message when I find it in the logs the next morning. If there is a virus detected, the message is quarantined and I (the admin) get an email with the connecting mail servers IP address / and name, who the message was to, who the message was from [mostly spoofed], and which virus was found.
If the message makes it passed these two checks it is forwarded to our internal Exchange server where it gets scanned by Norton Anti-Virus and delivered to the user.
I followed the how-to listed here: OpenBSD Anti-Spam Gateway
Chop -
Re:Yawn - No OSSdo you have suggestions for a FOSS implementation that will play well with my Native mode 2000/Exchange 2000 domain?
There's a very well-tested and supported Wiki at: Fairly-Secure Anti-SPAM Gateway Using OpenBSD, Postfix, Amavisd-new, SpamAssassin, Razor and DCC that is configured to sit between the 'net and your Exchange server.
I use it standalone and it's very effective. The only missing requirement is the easy whitelist/blacklist/filter manipulation interface, but I'm sure there's existing tools for that (webmin comes to mind).
-
OpenSource SPAM Firewall
Directions for doing this with amavisd here: Fairly-Secure Anti-SPAM Gateway Using OpenBSD, Postfix, Amavisd-new, SpamAssassin, Razor and DCC
-
Re:For Our CEO it's more like 98 out of 100...
There's a really good document describing setting up an OpenBSD server to run as a proxy for Exchange:
Fairly-Secure Anti-SPAM Gateway Using OpenBSD, Postfix, Amavisd-new, SpamAssassin, Razor and DCC -
Anti-SPAM Postfix, Amavisd-new, SpamAssassin
here is a fine guide to build a Fairly-Secure Anti-SPAM Gateway Using OpenBSD, Postfix, Amavisd-new, SpamAssassin, Razor and DCC.
You can follow the steps and build it with Linux too. This entire procedure has been developed with security as a primary focus. These are the main tools it shows:
- Amavisd-new (www.ijs.si/software/amavisd) is the main filter which processes email from postfix and ensures that we don't lose any mail. Amavisd-new is an huge improvement over the original amavis which was a simple virus scanner, and I think it is the best way of implementing SpamAssassin (www.spamassassin.org). SpamAssassin is the main anti-spam component which works by comparing messages to a ruleset and by using a statistical analysis that is custom built based on your email. In addition to the SpamAssassin spam detection software, we will be using 2 online SPAM databases: DCC (www.rhyolite.com/anti-spam/dcc) and Vipul's Razor (razor.sourceforge.net).