On 12/03/2011 07:59 PM, Grant wrote:
I haven't set up any antivirus measures on my Gentoo systems so I
think I should. Is clamav run as a scheduled filesystem scanner on
each system and as an email scanner on the mail server all that's
necessary?
Nobody (as far as I know?) scans linux filesystems unless there's a legal
requirement or the files might wind up on a Windows box.
Very cool. I found out clamscan and avgfree scan the filesystem so I
thought I should set it up, but if it's not necessary I won't bother.
All of my mail users are on Gentoo so do I need to bother having
clamav scan my incoming mail?
Well, they aren't going to get infected with anything, but ClamAV could
still keep the virus message (which is obviously unwanted) out of their
inbox. There are also some third-party signatures[1] for ClamAV that
catch scam/phishing mail.
I'm currently greylisting email to prevent spam from getting through.
It catches a lot, but more and more gets through. I'm not using any
mailfilters now and If I set up a clamav mailfilter I think I may as
well set up a spamassassin mailfilter to take the place of
greylisting. Is this the best guide for clamav and spamassassin:
SpamAssassin shouldn't take the place of greylisting; they reject different
stuff. Keep the greylisting unless the delays bother you, but use postscreen
to do it (see below).
I just did some reading on postscreen but it doesn't sound like a
greylister. Should I use postscreen in addition to postgrey, or are
they substitutes for each other?
Postscreen isn't a greylist daemon per se, but it has the same effect if
you enable the "deep protocol" tests. Once it gets past the initial
greeting (into the "deep" stages), postscreen can no longer hand off the
session to a real smtpd. So, even if the client passes all of the tests,
postscreen will send it a "4xx try again." That's essentially greylisting.
Postscreen, like Postgrey, keeps a database of good clients, so you
shouldn't lose any functionality there. This is what makes the
aforementioned 4xx strategy work: when the client reconnects, it
bypasses postscreen entirely and goes to a real smtpd.
I would make the switch when you have some free time. Postscreen is part
of postfix, so it removes one dependency from your mail system. It also
adds a couple of nice anti-spam features for free. And, if you ever
decide to implement Amavis, postscreen makes the before-queue setup viable.
http://www.gentoo.org/doc/en/mailfilter-guide.xml
Could I run into any problems with clamav or spamassassin that might
make we wish I hadn't implemented them?
Yeah. The first is false positives. The second, related problem is that
you'll have to manage a quarantine unless you stick amavisd-new in front of
the postfix queue.
Now that sounds like a hassle. Greylisting leaves me with about 50/50
spam/legit mail and maybe incorporating postscreen I'll do even
better. Deleting spam in my inbox might be easier than dealing with
false positives and managing a quarantine.
You should be able to do a lot better than that with just postscreen and
postfix. If you try to implement postscreen, post your main.cf over on
postfix-users for review. The built-in restrictions combined with a few
RBLs should get you well below 50/50.
Plus, if you still get too much spam, you'll already have postscreen in
place and that will make adding amavisd-new that much easier.
[1] http://www.sanesecurity.com/
