Re: Looking for Linux based anti-spam system

From: Michael Fread (shaitand_at_email.wintu.edu)
Date: 10/31/04 

Date: Sat, 30 Oct 2004 23:11:41 -0500

I've setup countless mailservers like this. Here is what I recommend
(there are countless ways you could do this). For distribution, I'd
recommend Fedora Core 2, as a desktop it's not really stable but the
core packages are very solid, stable, and fast that's what you'll be
using here.

So Fedora, be sure to leave the following ports open during installation
110 (only inside users need this)
25 (smtp)
22 (ssh for remote admin)
10000 (webmin, nice web-based admin tool)

Also you'll want to use postfix rather than sendmail. Sendmail is a bear
to configure, outdated, and a SERIOUS security problem.

Next you'll want to install apt from http://dag.wieers.com/packages/apt/
do an "apt-get update; apt-get upgrade" which will get you up to date.

You want to install spamassassin (apt-get install spamassassin).
Also amavisd-new and clamav/clamd, also fetchmail.

Configuring each of these is actually fairly easy and can be looked up.

Fetchmail is really easy, just look it up.
Postfix is simple enough, just fix the relaying
amavis is easy, just READ the conf file, you'll be configuring
spamassassin in the amavisd.conf as well. Be sure to use the postfix
method and make sure it's listening on port 10024.
for clam you just need to make sure to configure it to update regularly!

Telnet 25 and 10024 to make sure postfix and amavis are working, then
check out http://ftp.cfu.net/pub/amavisd-new/README.postfix for info on
setting up postfix to listen to port 10025.

Last but not least, you'll want to go into the xinetd configuration and
change the disable = yes line for pop3 to disable = no. Restart xinetd and
you'll have pop3 working.

Another option would be to use dspam rather than spamassassin, from my
understanding you get better results without much training. Spamassassin
doesn't work well without at least 10,000 spam and good mail to train on.

how it works:

Fetchmail gets mail from isp, then passes it to postfix, postfix makes
sure the mail is going to someone valid (since it's coming from the isp
who already did this, it should ALWAYS be valid).

Postfix in turn passes it to amavis, amavis runs it through spamassassin
and clam, doing whatever you've told it to do with the messages (usually I
configure this to TAG the subject if it's spam, or quarantine if a virus,
by default it wants to quarantine spam!!! I prefer to filter it out based
on the subject at the client end instead in case of false positives).

Now the clients login to server using the name and password you've created
for them (they all need accounts on the server, but the shell can be
/bin/false). They do this with regular pop3. If you've configured like I
did, they don't get viruses and spam comes with a special tag in the
subject. A filter and junk folder can be setup on the mail client easily!

Another nice thing to do, I like to create an account on the server
that users can send good and bad mail to, usually I get creative with the
names, often going to the extreme like naming them good and bad
respectively. Then setup a cron job that trains and archives the mail
from these boxes for spamassassin everynight. While invididuals will
consider different things to be spam, I find this melting pot approach
results in the most satisfied users without the overhead of trying to
explain and support individual level filtering.

On Thu, 28 Oct 2004 14:37:15 -0500, bpn wrote:

> I hope to try to explain what I am looking for. Our mail server is hosted
> by an outside ISP, so we have no control over the mail server itself.
>
> I want the mail to flow from the mail server to the anti-spam system, then
> to the user.
>
> Mail Server --->Linux Anti-Spam --->User
>
> What I am looking for is a Linux based system that sits between the mail
> server and the users. A system that would get the mail from the mail
> server, check if for spam, and then hold it until the user downloaded it
> from the anti-spam system. I'm not sure if the correct terminology is
> "gateway" or "relay" or what.
>
> I know there are commercial products available, but am trying to go
> open-source.
>
> Any info is appreciated.

Relevant Pages

  • RE: Getting a new server
    ... Subject: Getting a new server ... spamassassin can EASILY be set up to allow the users ... I just feed all my spam in and my ... dspam makes it so rediculously easy for both POP and IMAP ...
    (freebsd-questions)
  • Re: Bocking IPs rather than Email domains
    ... Would it be better to block IP's instead of domains for an email server? ... however stop the next ip range from sending you spam. ... Qmail, qmail-scanner, ClamAV, Spamassassin, maildrop. ...
    (Fedora)
  • Re: SuSE 9.1, postfix, spamassassin: no user prefs?
    ... :>I'm running SuSE 9.1 Professional with postfix and spamassassin. ... :>is flagged, but any configuration must be done at the system level, ie: ... spamassasin what is SPAM and HAM, I have to copy my bayes* files to ...
    (alt.os.linux.suse)
  • Re: anti-spam measures
    ... >>SpamAssassin is free. ... >>This is an efficient antispam mail filter which is also used inside some ... > before it even gets to the server. ... but I still have not seen that big a drop off in spam. ...
    (comp.lang.java.programmer)
  • Re: Really headache on antispam!
    ... >>>I am very tired on the spam mail, what would be the better way for my mail ... > spamcop in the RBL checks that SpamAssassin performs is a better approach. ... lists in the world only control a very small amount of the spam you'll see. ... At the mail server level the best way of implementing, ...
    (comp.os.linux.security)