Server based SPAM filtering

Toggle sidebar Toggle sidebar
M

mikecel79

Platinum Member
Jan 15, 2002
2,858
1
81
We are looking at an SMTP based SPAM filtering software for use at work. It's gotten to the point where our upper management is getting annoyed with the amount of Spam they are getting (figures takes upper management to get annoyed for us to do something users have complained about for months) so they want to do something about it now.

One of the packages I looked at was Spam Assassin because it comes with Red Hat 9. I'll be testing that tommorrow but looking for other suggestions. Cost is a primary concern (needs to be cheap or free). Must be server based. Don't want to install the software on 400+ clients. Would prefer it to work with one of the more popular Linux MTAs. Any suggestions?
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
I've heard good things of spamassassin. Never used it though. Also, check out OpenBSD's spamd.
 
skyking

skyking

Lifer
Nov 21, 2001
22,889
6,054
146
There are three very effective blacklists you can subscribe to, and reject mail from those hosts before it even gets to your server or spamassasin. My ISP implemented it two months ago, and I just got the third spam email in two months. I was averaging 15 a day or so before. I will look around for that info.
 
F

Fuzznuts

Senior member
Nov 7, 2002
449
0
0
Originally posted by: n0cmonkey
I've heard good things of spamassassin. Never used it though. Also, check out OpenBSD's spamd.
Click to expand...

isnt spamd just a daemonized version of spam assassin? it is in redhat of course bsd may be different.
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: Fuzznuts
Originally posted by: n0cmonkey
I've heard good things of spamassassin. Never used it though. Also, check out OpenBSD's spamd.
Click to expand...

isnt spamd just a daemonized version of spam assassin? it is in redhat of course bsd may be different.
Click to expand...

No. I don't think so.

From the DESCR for spam assassin in OpenBSD's ports (-current as of a couple of hours ago):

SpamAssassin is a mail filter to identify spam.

Using its rule base, it uses a wide range of heuristic tests on
mail headers and body text to identify "spam", also known as
unsolicited commercial email.

The spam-identification tactics used include:

header analysis:
spammers use a number of tricks to mask their
identities, fool you into thinking they've sent a
valid mail, or fool you into thinking you must have
subscribed at some stage. SpamAssassin tries to
spot these.

text analysis:
again, spam mails often have a characteristic style
(to put it politely), and some characteristic
disclaimers and CYA text. SpamAssassin can spot
these, too.

blacklists:
SpamAssassin supports many useful existing blacklists,
such as mail-abuse.org, ordb.org or others.

Razor:
Vipul's Razor is a collaborative spam-tracking
database, which works by taking a signature of spam
messages. Since spam typically operates by sending
an identical message to hundreds of people, Razor
short-circuits this by allowing the first person
to receive a spam to add it to the database -- at
which point everyone else will automatically block
it.

Once identified, the mail can then be optionally tagged as spam for
later filtering using the user's own mail user-agent application.

SpamAssassin requires very little configuration; you do not need
to continually update it with details of your mail accounts, mailing
list memberships, etc. It accomplishes filtering without this
knowledge, as much as possible.
Click to expand...

From the man page for spamd (-release):
DESCRIPTION
spamd is a fake sendmail(8)-like daemon which rejects false mail. If the
pf(4) packet filter is configured to redirect port 25 (SMTP) to this dae-
mon, it will attempt to waste the time and resources of the spam sender.
...
spamd is designed to be very efficient so that it does not slow down the
receiving machine. Spam is never accepted, but always rejected with ei-
ther a 450 or 550 error message. The normal way that spam has been dealt
with in the past is to either accept and drop, or outright block. When
configured to use 450 responses, spamd takes neither of these actions: it
rejects the mail back to the senders' queue.
Click to expand...

I believe some people actually use these in tandem, but I'm not possitive. I believe OpenBSD's spamd (there is a spamd in spam assassin too :Q) uses a blacklist, and bases everything on that. I haven't used it, or looked into it all that much, so I could be wrong.

Another one to look at, although it may be a bad idea for businesses: tmda. I've heard good things about this from friends, but I haven't used this one either. Maybe it's time for me to setup my own mail server...
 
M

mikecel79

Platinum Member
Jan 15, 2002
2,858
1
81
Thanks for the suggestions guys. I'm pretty new to Linux, mostly tried out Redhat 7.2 and 8 but used it as a desktop. I've got Red Hat 9 up and running now with Apache configured but does ayone know of a tutorial on how to setup Sendmail?
 
F

Fuzznuts

Senior member
Nov 7, 2002
449
0
0
Originally posted by: mikecel79
Thanks for the suggestions guys. I'm pretty new to Linux, mostly tried out Redhat 7.2 and 8 but used it as a desktop. I've got Red Hat 9 up and running now with Apache configured but does ayone know of a tutorial on how to setup Sendmail?
Click to expand...

well looking at his i decied to go for postfix + amavisd-new + spamassasin it took about 2 hrs but i finally have it up and running.

I can send you the pdf i used if you want. its a bit of a mare but i now have a scanning gateway for virii and spam. so far it has passed all test i have flung at it.

any way if you want to me to send the pdf drop and email to paul@fuzznuts.no-ip.com and ill send it off to ya. oh and id highly recommend postfix over sendmail. :)
 
F

Fuzznuts

Senior member
Nov 7, 2002
449
0
0
Originally posted by: n0cmonkey
Originally posted by: Fuzznuts
Originally posted by: n0cmonkey
I've heard good things of spamassassin. Never used it though. Also, check out OpenBSD's spamd.
Click to expand...

isnt spamd just a daemonized version of spam assassin? it is in redhat of course bsd may be different.
Click to expand...

No. I don't think so.

From the DESCR for spam assassin in OpenBSD's ports (-current as of a couple of hours ago):

SpamAssassin is a mail filter to identify spam.

Using its rule base, it uses a wide range of heuristic tests on
mail headers and body text to identify "spam", also known as
unsolicited commercial email.

The spam-identification tactics used include:

header analysis:
spammers use a number of tricks to mask their
identities, fool you into thinking they've sent a
valid mail, or fool you into thinking you must have
subscribed at some stage. SpamAssassin tries to
spot these.

text analysis:
again, spam mails often have a characteristic style
(to put it politely), and some characteristic
disclaimers and CYA text. SpamAssassin can spot
these, too.

blacklists:
SpamAssassin supports many useful existing blacklists,
such as mail-abuse.org, ordb.org or others.

Razor:
Vipul's Razor is a collaborative spam-tracking
database, which works by taking a signature of spam
messages. Since spam typically operates by sending
an identical message to hundreds of people, Razor
short-circuits this by allowing the first person
to receive a spam to add it to the database -- at
which point everyone else will automatically block
it.

Once identified, the mail can then be optionally tagged as spam for
later filtering using the user's own mail user-agent application.

SpamAssassin requires very little configuration; you do not need
to continually update it with details of your mail accounts, mailing
list memberships, etc. It accomplishes filtering without this
knowledge, as much as possible.
Click to expand...

From the man page for spamd (-release):
DESCRIPTION
spamd is a fake sendmail(8)-like daemon which rejects false mail. If the
pf(4) packet filter is configured to redirect port 25 (SMTP) to this dae-
mon, it will attempt to waste the time and resources of the spam sender.
...
spamd is designed to be very efficient so that it does not slow down the
receiving machine. Spam is never accepted, but always rejected with ei-
ther a 450 or 550 error message. The normal way that spam has been dealt
with in the past is to either accept and drop, or outright block. When
configured to use 450 responses, spamd takes neither of these actions: it
rejects the mail back to the senders' queue.
Click to expand...

I believe some people actually use these in tandem, but I'm not possitive. I believe OpenBSD's spamd (there is a spamd in spam assassin too :Q) uses a blacklist, and bases everything on that. I haven't used it, or looked into it all that much, so I could be wrong.

Another one to look at, although it may be a bad idea for businesses: tmda. I've heard good things about this from friends, but I haven't used this one either. Maybe it's time for me to setup my own mail server...
Click to expand...


heres the man from my install of spamassassin

SPAMD(1) User Contributed Perl Documentation SPAMD(1)

NAME
spamd - daemonized version of spamassassin

SYNOPSIS
spamd [options]

Options:

DESCRIPTION
The purpose of this program is to provide a daemonized version of the
spamassassin executable. The goal is improving throughput performance
for automated mail checking.

This is intended to be used alongside "spamc", a fast, low-overhead C
client program.

See the README file in the "spamd" directory of the SpamAssassin dis-
tribution for more details.

Note: Although "spamd" will check per-user config files for every mes-
sage, any changes to the system-wide config files will require either
restarting spamd or forcing it to reload itself via SIGHUP for the
changes to take effect.

Note: If "spamd" receives a SIGHUP, it internally reloads itself, which
Click to expand...

diff dists must juts have diff docs for it :)
 
Thor86

Thor86

Diamond Member
May 3, 2001
7,888
7
81
Originally posted by: n0cmonkey
I believe some people actually use these in tandem, but I'm not possitive. I believe OpenBSD's spamd (there is a spamd in spam assassin too :Q) uses a blacklist, and bases everything on that. I haven't used it, or looked into it all that much, so I could be wrong.
Click to expand...

Yes, we do use all these in tandem and they work very well. A learning curve to setup the database, but well worth it when 95-99% of all spam is filtered out. Our first OpenBSD system. :)

 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: Fuzznuts

heres the man from my install of spamassassin

SPAMD(1) User Contributed Perl Documentation SPAMD(1)

NAME
spamd - daemonized version of spamassassin

SYNOPSIS
spamd [options]

Options:

DESCRIPTION
The purpose of this program is to provide a daemonized version of the
spamassassin executable. The goal is improving throughput performance
for automated mail checking.

This is intended to be used alongside "spamc", a fast, low-overhead C
client program.

See the README file in the "spamd" directory of the SpamAssassin dis-
tribution for more details.

Note: Although "spamd" will check per-user config files for every mes-
sage, any changes to the system-wide config files will require either
restarting spamd or forcing it to reload itself via SIGHUP for the
changes to take effect.

Note: If "spamd" receives a SIGHUP, it internally reloads itself, which
Click to expand...

diff dists must juts have diff docs for it :)
Click to expand...

OpenBSD's spamd is different than spam assassin's spamd.
 
W

watts3000

Senior member
Aug 8, 2001
619
0
0
Guys has anyone here used spamassassin to prevent unwanted mail from entering a exchange server. Just wondering because we get a ton of unwanted email. I have 2 redhat servers on the network so if spamassassin is part of redhat 9 maybe I could use it.
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: watts3000
Guys has anyone here used spamassassin to prevent unwanted mail from entering a exchange server. Just wondering because we get a ton of unwanted email. I have 2 redhat servers on the network so if spamassassin is part of redhat 9 maybe I could use it.
Click to expand...

You could setup an email gateway between your exchange server and the internet.
 
W

watts3000

Senior member
Aug 8, 2001
619
0
0
n0cmonkey how would I go about doing this as you can tell by some of my recent post I'm new to linux.
 
M

mikecel79

Platinum Member
Jan 15, 2002
2,858
1
81
Originally posted by: watts3000
Guys has anyone here used spamassassin to prevent unwanted mail from entering a exchange server. Just wondering because we get a ton of unwanted email. I have 2 redhat servers on the network so if spamassassin is part of redhat 9 maybe I could use it.
Click to expand...
This is exactly what we are doing. The link n0cmonkey gave is very good.
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: mikecel79
Originally posted by: watts3000
Guys has anyone here used spamassassin to prevent unwanted mail from entering a exchange server. Just wondering because we get a ton of unwanted email. I have 2 redhat servers on the network so if spamassassin is part of redhat 9 maybe I could use it.
Click to expand...
This is exactly what we are doing. The link n0cmonkey gave is very good.
Click to expand...

It's amazing what 2 minutes of googling can do... ;)
 
J

jose

Platinum Member
Oct 11, 1999
2,079
2
81
You may also want to use your Linux box to stripe emails of certain types of attachments.

check mimedefang.org for info on configuring a milter (mail filter) this would trash *.exe, vbs etc....

Regards,
Jose
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom