Re: [exim] Sophos PureMessage

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MROGERS Richard M at <-
 
Delete this message
Reply to this message
Author: Chris Siebenmann
Date:  
To: ROGERS Richard M
CC: 'exim-users@exim.org', cks
Subject: Re: [exim] Sophos PureMessage
> > >>>>> "j.linn" == Linn, Dr John A <j.linn@???> writes:
> > j.linn> For malware, is anyone using Sophos's PureMessage and has
> > j.linn> anyone integrated it into Exim in a similar way to Sophie?
> >
> > Sophos' official stance (as of earlier this year) is that it's not
> > supported, but a few folks had managed to make it work. I poked the
> > list back then and didn't get much of a response so I don't think
> > anyone is still using it with exim.
>
> Is anyone currently integrating Sophos anti-spam/anti-virus with Exim?
>
> We are about to undertake a review of our anti-virus provision, and
> the Sophos Complete Security Suite (which includes mail scanning
> functionality) will be part of this review.
>
> Thanks and regards

We currently use Sophos PureMessage here with Exim for both anti-spam
and virus filtering. PureMessage can be used as essentially a SMTP
server, so our inbound setup is an Exim MX gateway that accepts email
then routes it through PureMessage before passing it to our main Exim
server (we do some magic to not have an extra Received: line that shows
this extra hop).

With more work and hackery you can also hook up PureMessage as a
SMTP time scoring system so you can reject things it doesn't like
during the SMTP conversation instead of afterwards (using PureMessage's
milter interface, which means you could do the same for any anti-spam
system that has a milter API). Our experience is that this is not quite
exactly the same as the post-accept SMTP filtering; some mail passes the
at-SMTP-time check but then fails the post-accept checking. Our current
system for doing this is probably too inefficient for large scale usage
but works okay at our moderate volume (~10-20k messages a day).

Our experience with this setup has been positive in that it works,
doesn't require staff attention, and appears to get rid of a lot of
spam. 

 If you're curious about more details on our setup, see:
    http://utcc.utoronto.ca/~cks/space/blog/spam/CSLabSpamFilteringII
    http://utcc.utoronto.ca/~cks/space/blog/sysadmin/EximMilterHookup


I'd be happy to answer further questions if people have any. 

    - cks


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Sophos PureMessage[exim] Default Filter->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)