RE: [Exim] Advice - Building mail platform from scratch

Pàgina inicial
Delete this message
Reply to this message
Autor: Dickenson, Steven
Data:  
A: Exim Users
Assumpte: RE: [Exim] Advice - Building mail platform from scratch
Bruce Richardson wrote:
> On Wed, May 12, 2004 at 11:43:37PM +1200, Ray Jackson wrote:
>> 1. Anti-spam: SpamAssassin vs. DSPAM? (or something else?)
>
> I haven't evaluated DSPAM itself but I would warn you not to trust
> some of the very silly things the developer says while slating the
> competition in his documentation. This doesn't say anything about
> DSPAM as an application, it just makes his judgement a little
> questionable.


Agreed. In addition, DSPAM is not really designed to be run on
multi-recipient messages, which rules it out of SMTP time scanning and
rejection. You'd need to implement it as a router/transport configuration
and scan messages on a per-user basis. We use SpamAssassin configured to
use Bayes, network checks (DNS, RBL), Razor, and some custom rule sets from
SARE. Works great.

>> 2. Anti-Virus:  Which engine (we are looking at Sophos Sweep)
>>                 and do I use Amavis or Exiscan (or something else?)
>>                 If I choose Sophos - do I use Sophie?


We use Exiscan-ACL with ClamAV and are quite happy with the setup. The
ability to bounce mail at SMTP time allows you to send real AV notifications
to real people, while not creating collateral spam by sending NDR's to
forged senders.

> listening on a dedicated host. You might also consider only scanning
> messages under a certain size (maybe 20K) with Exiscan and sending
> messages over that size through a more conventional filter: this
> avoids the danger of timeouts caused by scanning very large messages
> (and since viruses in documents over that size are quite rare,
> spurious NDRs are still not much of a risk).


I don't spam-scan messages over 50k, and don't virus scan messages over
200k. One of the more recent viruses was using zip file attachments of
about 167k, which is the biggest I've seen. We have a relatively low load
(about 3000 messages a day), so I'm not concerned about tweaking my setup
for ultimate performance. Plus, this is a gateway machine. All mail is
delivered on to an Exchange server.

As far as your other choices go, I thought the IMP/Horde project was in a
state of abandonment? I much prefer Squirrelmail.

Steven
---
Steven Dickenson <sdickenson@???>
Network Administrator
The Key School, Annapolis Maryland