[Exim] Spam protection from an outside server..

Top Page
Delete this message
Reply to this message
Author: Kevin Reed
Date:  
To: exim-users
Subject: [Exim] Spam protection from an outside server..
I am in the process of building a replacement outside server for the
company. Currently the server there is just a plain Sendmail Switch based
server that really has no real mail coming through it.

All of our inbound mail is arriving via Corp HQ which is elsewhere.

After the external server is setup, we will switch our inbound to it...
Eventually cutting off what will then be the former Corp HQ mail servers.

Mail will arrive via the external server with user lists available at first
via a flat file and eventually via LDAP. Mail accepted will be passed on to
an internal mail hub where it will be directed on to Exchange servers for
user mail and unix servers for user and process mail.

My original plan was to implement spam, virus protection and user
authentication at the outside server level. Any viruses, or outragously
obvious spam, user not found and other blocks will keep out unwanted mail at
the point of entry. Any mail accepted would be pushed down to the mail hub.

I didn't plan on any real spam or virus protecton at the mail hub level.
Just exiscanACL and the ability to do content checking for problem areas as
they crop up.

On my own server, I have setup pretty much what I thought I would be
using... It was a lot easier to test and blow up my own server rather than
mess around with a live mail stream at work. The virus stuff seems to work
okay, or at least good enough for me as the Exchange servers will continue
to have Antigen which appears to be very good.

My concern is with spam protection. My original thought was that this was
using Spam Assassin a system wide protection system. However, as I look at
it as I works, it appears that what I planned is not really going to happen.

Since 99% of the users will get their mail via Exchange servers, there won't
be any way for them to particiate with the learning process that SA
apparently needs to be effiecent. I'm not all that sure that would be
desired anyway as currently few users actually get spam in their company
mailboxes now and I can't even imagine attempting to train some of the
people who get mail to do something like that. Some of them have a hard
enough time using the computer as it is.

My idea of the system wide approach at least far as I've been understanding
is that SA is more built for user by user tuning rather than as a whole
system wide system at once. Could be that I'm just missing something
though...

What are others in this type of setup doing and what if any other type of
product are you using.

The user base will be somewhere in the 8k - 9k range with a bulk of the mail
staying within the system and not passing out the external server.


BTW... We switched the internal mail hub server to Exim last Friday... After
watching logs all weekend.. It was a great success. It is basically just a
Exim 4.20 with ExiscanACL patch added. Works great and very very fast. The
stats that I am able to get out of the logs kinda blew away the rest of the
mail group in the amount of detail that can be provided.

It has already help us track down some areas that need to be looked at on
some of the servers.