RE: use of ram after upgrade

From: Balzi Andrea snippers I've try it, but now I've the follow use: Tasks: 83 total, 2 running, 81 sleeping, 0 stopped, 0 zombie Cpu0 : 0.0% user, 1.3% system, 1.7% nice, 97.0% idle Cpu1 : 0.0% user, 1.3% system, 0.0% nice, 98.7% idle Cpu2 : 0.0% user,

RE: Bayesing Filtering needs to be rewritten

One of the problems now with bayes is that image spam is causing bayes to be useless. We need a new plan to avoid bayes poisoning. Poisoning is caused when messages are learned where the text of the message is a nonspam type text and the spam is in the image. Bayes needs to be smarter

RE: Bayesing Filtering needs to be rewritten

tflag FUZZY_OCR noautolearn Is this something we can do now that works? Do we put this in any .cf file or a particular one? - rh -- Robert - Abba Communications Computer Internet Services (509) 624-7159 - www.abbacomm.net

RE: Should I upgrade to 3.1.6?

Just looked over the bug fix list for 3.1.6 and it doesn't seem like anything *major* that would suggest that I should make the leap. I'm right now running 3.1.5 on my box. Is there other improvements, such as rules and the like, that would make this a preferable upgrade? Or

RE: Re[2]: Any comments of the SpamHaus lawsuit?

Blame the plaintiffs, blame what some might consider to be less-than-stellar legal advice given Spamhaus, but don't blame the court for following the law. -- Best regards, Robert Braver Why blame the plaintiffs? Fortunately or unfortunately as the case may be, law is subject to

RE: How to filter these spam messages

Someone want to explain Greylisting? Here is an example that references a coupla websites http://qmail.jms1.net/scripts/jgreylist.shtml - rh -- Robert - Abba Communications Computer Internet Services (509) 624-7159 - www.abbacomm.net

RE: Any suggestions for 'postmaster' spams?

It appears that my email address is now being used as a from address in many spam emails to many addresses. Over the past week, I have gotten 150+ postmaster: mail delivery failure -each day-. Does anyone have suggestions on how to handle this? They're all semi-standard 'delivery failure'

RE: Any suggestions for 'postmaster' spams?

Uh. Yeah. Is it just me, or are all the dumb answers coming up today? Or, perhaps, run spamassassin and don't worry about changing your e-mail constantly? Duh? -- Jo Rhett Network/Software Engineer Net Consonance It's you Jo. Yet we apologize Jo, we are all having a really

RE: I'm getting killed with spammers

I need some help here.. Last Mon, Tues Wed I had severe inflow of spam, always at 12.30p EST, Wed it didn't stop till almost 5p. The server seems to not be very cooperative when the queue grows over 200 or so. I have max child set to 15 (up from 5) and not sure what else I can offer

RE: Any suggestions for 'postmaster' spams?

Okay, I'll answer. I am convinced that spam (in all its forms) will continue to be a problem until spammers start dying for what they are doing. That will change the risk/benefit analysis rather strongly towards the negative. -- John Hardin KA7OHZICQ#15735746

RE: How to filter these spam messages

I reviewed greylisting as a solution in the past, we couldn't accept it due to delay and I also read not all email servers will resend properly. So there is a chance few legitimate emails will never get redelivered. When you are running a business shop, such delays or exceptions

RE: What's with UCEPROTECT List?

It's also a good trick to cause a denial of service. Regards, -sm Maybe... under extremely special circumstances, yet more realistically not. Well programmed software can rate limit itself when things look hokey... - rh -- Robert - Abba Communications Computer Internet Services

RE: What's with UCEPROTECT List?

hat it looks like to me is a way of blacklisting competition to try to stear business their way. The only way to get off their lists is to pay them money. It looks more like extortion to me. Marc After reading their EN website, http://www.uceprotect.net/en/ ...maybe you could be the one

RE: What's with UCEPROTECT List?

Right. And rate limiting limits the real service. Thus, you have ... oh yeah, DENIAL OF SERVICE. THINK! It's not hard. -- Jo Rhett Network/Software Engineer Net Consonance Don't assume Jo. You do not know specifically what I was talking about rate limiting and why or how. We

RE: What's with UCEPROTECT List?

Um, yes. Well, I've seen it DoSed by just attempts to deliver to an address that doesn't exist. User not found after RCPT TO is the exact same traffic load. That was very modern hardware, and it happened just a few weeks ago. Think about it. It doesn't require you to stretch your brain

RE: dealing with DoS attacks (Re: ALL_TRUSTED creating a problem)

Yes, I know. I'm actually one of the supertechs you refer to. Er, at least top of the food chain in that regard :-) Law enforcement in Santa Clara is excellent, but they have to focus on the big fish. This is small stuff to them. It's also just small enough to fall under the radar of

RE: sare suggestions.

I don't use rulesdujour because it seems like too much hackery. sa-update (included with spamassassin) does it all very cleanly, and is supported by the team. (sa-update is newer than rdj, so it's not really rdj's fault) Frankly, I subscribed to almost every single ruleset on the

RE: What's with UCEPROTECT List?

My incoming servers know literally nothing about which users have valid addresses and which do not. All these servers do is accept or reject inbound mail based on a (long) list of SMTP-level rules and forward the messages that are accepted to another machine for SA and virus scanning. If

RE: sare suggestions.

This is a personal colo box with very light load. 1gb of memory and an AMD XP1800+ processor... old, old technology. The daemons are consistently around 70mb apiece, and there are usually 5-7 running. Low limit is 2, upper limit is 10. Load average is always 0 across the board. This

RE: SA Webmail Portal

Hi, explain to your customers that giving you a list of mail accounts is beneficial to them Wolfgang Hamann I see your point yet... What specific kind of customers? If if is part of your policy and procedure from start to finish it shouldnt be a big deal... Meaning, if they are

RE: ALL_TRUSTED creating a problem

This is the whole point. If the message hasn't been Received: by a local server, it is by definition not in your network. By feeding messages to SA without a local Received: header, you are explicitly telling SA that the message is still in some other network, not yours. So what's SA

RE: Any suggestions for 'postmaster' spams?

Plussed addressing helps here. I hate web forms that refuse to let me put a plus sign in my email address. (Typically a result of over-zealous input filtering.) I probably subscribe to 100 lists. Re-subscribing them all every time a subscribed address was spammed would be murder. Well, ya

sare top choices

Greetings I pulled down a large subset of all the sare filters today on a test mail server... -rw-r--r-- 1 root root 53868 Apr 20 02:00 70_sare_adult.cf -rw-r--r-- 1 root root 3839 Jun 1 2005 70_sare_bayes_poison_nxm.cf -rw-r--r-- 1 root root 24298 Oct 5 2005 70_sare_evilnum0.cf

.cf file update procedures

When you folks are adding, deleting or updating spamassassin .cf files... After the changes are implemented and you have --lint do you folks shutdown your main SMTP process before you run something like /etc/init.d/spamassassin restart And then bring back up your smtp? Or do you just restart

RE: .cf file update procedures

It depends from your MTA + SA setup. I use postfix + amavis + SA. Postfix is configured to pre- and post-queue messages around amavis. Postfix and amavis comm by inet/unix socks. SA is run embedded into amavis. As a result, this confs allow restarting amavis (cf.: SA) without loosing

RE: R: Scoring PTR's

Actually, by definition they are supposed to match A to PTR and PTR to A. Just because everyone doesn't do it perfectly does not mean it is correct to not do reverse DNS or to not do it correctly. There are variations on best practices. Oh well... RFC 1123 says you should not reject based

RE: R: Scoring PTR's

This suggestion has been superceded, or perhaps better elucidated, by later RFC's, particularly RFC 2181, section 10.2. Nowadays many of us have reverse-DNS delegation in place since as an end-user we have no control over the in-addr.arpa records for our particular IP subnet. For

RE: R: Scoring PTR's

RFC 1123 says you should not reject based upon HELO Bah. If some mechine I don't control tries to HELO whatever.impsec.org I'm absolutely going to tell them to go away. -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ what program is doing the rejection

RE: scoring spam

If you are having problems with memory after downloading the rules, you just need to be careful that you use the right ones. Read the descriptions of the rules carefully and only use the ones that you think would be useful. Any time you add more rules, the spamd children will take up more

RE: Spamassassin effectiveness, BAYES_99

From: Benny Pedersen i have changed bayes scores to catch most spam here, and changed threshold to learn spam / ham with less range so it more accurate and prevents bayes poinson on the same time, just have them at scores so spam is still autolearned, and ham is still autolearned, check

SA, clamav qmail-scanner w/ Qmail

Greetings, If anyone on the list is using latest SA, clamav qmail-scanner with the Qmail MTA can you please hit me with an email offlist? I will be glad to share a synopsis of what I am trying to find out and implement once I get there with this list. I haven't been able to find it anywhere

sa-update -D

On a certain box we ran a successful current sa-update Later on, I went back and ran sa-update -D in it was this [7317] dbg: diag: module not installed: Mail::SPF::Query ('require' failed) [7317] dbg: diag: module not installed: IP::Country::Fast ('require' failed) [7317] dbg: diag: module

RE: razor and dcc : high cpu load

Like a text-file based (it's not a security hole?!) or a ldap-replica on mail-server? I'm searching for more examples and other ideas and find this patch for qmail: http://qmail.jms1.net/patches/validrcptto.cdb.shtml I don't no if this patch is really necessary.. but it's a sugestion

RE: change spamhaus.org's score

On spamhaus or spamcop? This thread is getting confusing. Personally I drop on a spamhaus sbl-xbl hit at the smtp point. To date I've not had a complaint/problem. Though my userbase is pretty static in send/receives. I don't have much faith in spamcop. Nigel Are you saying that you do

rbl insight and wisdom please

Hopefully this hasn't been rehashed to death on this list yet has there ever been a general consensus as to which rbl's and similar lists are best to use if you are going to engineer your mail systems with such? Anyone care to share their implementations as well as current best and worst

required_score aggressive ??

When looking up required_score info, as most know, it say that the default is 5.0 and that it is considered aggressive in various circumstances Used to be called required_hits When I first started using SA I was told that as an ISP going in the 4.0 range give or take a little was an excellent

spam testings from outside

Is there a URL on the net where one can go and enter an email address and that server will send a known SA count or random very spammy email to that address to test for various things like SA markup or SA markup total or even smtp rejection and verification based upon SA markup etc? Thanks -

RE: spam testings from outside

You have a yahoo account? Send yourself a gtube message: http://spamassassin.apache.org/gtube/ or even smtp rejection and verification based upon SA markup etc? Well, considering spamassassin cannot reject messages, thats up to your MTA. But see above. Thanks for the info. I

SMTP rejection based on SA Scores etc

Those of you that have some good data can you please share some excellent numbers that you base your SMTP rejection based on SA scores and otherwise please? All I have here are SA averages and im not quite sure that is the right vector to base the rejection scores on. Thanks in advance. - rh

RE: Tarpits are fun!

Dec 12 12:16:30 ga : Initial Connect - tarpitting: 124.240.124.222 14526 - x.x.x.x 25 * snip Dec 12 16:19:20 ga : Persist Activity: 124.240.124.222 14526 - x.x.x.x 25 * Three spambot threads stuck for *hours*! -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/

RE: Breaking up the Bot army - we need a plan

You didn't read what I actually said. I didn't say the domain didn't look right. I said the IP address registration didn't look right. nslookup ebay.com Name: ebay.com Address: 66.135.192.87 whois 66.135.192.87 OrgName:eBay, Inc OrgID: EBAY Address:

RE: sa-update is broken

With all due respect to all involved. Is sa-update broken or is this just a prolonged and poorly thought up global name for a thread? - rh -- Robert - Abba Communications Computer Internet Services (509) 624-7159 - www.abbacomm.net

RE: sa-update is broken

No. But it does work better if you install all needed dependencies and follow the instructions. Without dependencies it doesn't run (who would have guessed?), and without following the instructions the result may not be what you expected. -thh Thanks, the context of my question was

BAYES_00 possible score modification info thread help etc

Recently there was a thread on BAYES_00 and how folks were considering or changing the score on this etc -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.] Ive searched and cannot locate it (the thread) somehow. Can someone help

RE: Deleting SA headers on ham

I changed my ham script to: nice -n15 sa-learn -L --ham --no-rebuild --single | spamassassin -d This did not work. Why on earth are there two different functions for the letter d in spamassassin? Meaning spamassassin -D spamassassin -d do or are associate with two different

RE: SA-UPDATE and recent branches/3.1 rules? or Did I miss an SA version update?

No, your SA won't be broken. IIRC SA won't apply anything if there's a failure. At least my SA is still running fine here after my attempted update this morning. I didn't restart after the failure so in theory at least SA should still be running off the old set even if the new set did cause

comprehensive perl module site like cpan or other for SA needs ???

Greetings Seeking some list wisdom please? We have some well functioning boxes running SA out there Most run RHEL 4 or CentOS 4 I am wondering where to go to find out specifically for each perl module if we have the latest greatest and most stable version(s) etc Please note the sa-update

RE: comprehensive perl module site like cpan or other for SA needs ???

So how did you install in the first place? Yes, installing these would cause them to start working. I recommend installing using CPAN, as it is portable, reliable, picks up its pre-requsites very well and you are not dependent on some Distro specific packager. If you have the latest

RE: comprehensive perl module site like cpan or other for SA needs ???

Design and engineering? You want Spamassassin to work or not? You install what it needs. What does that have to do with engineering? If you start managing library installation on a library by library basis you are opening a can of worms. You select the packages you need to get the

restart from scratch with 3.1.7 ???

Greetings My SA 3.1.7 installs run as user spamd My /home/spamd/.spamassassin directory looks like this -rw--- 1 spamd spamd 5210112 Jan 21 14:25 auto-whitelist -rw--- 1 spamd spamd 60864 Jan 21 14:25 bayes_journal -rw--- 1 spamd spamd 2711552 Jan 21 14:18 bayes_seen -rw---

RE: dynablock.njabl.org ends (and resolving pbl.spamhaus.org)

Maybe interesting for those that use dynablock.njabl.org (as I do at the MTA-level). Got an email last friday from njabl about dynablock.njabl.org, it's no longer maintained by njabl but is now only a copy of the pbl.spamhaus.org list. Eventually the dynablock.njabl.org zone will be

autowhitelist

We are using 3.17 on this particular server In reading the docs on autowhitelist it told me about v310.pre and this setting # AWL - do auto-whitelist checks # loadplugin Mail::SpamAssassin::Plugin::AWL do I need to comment out this below in the v310.pre or leave it alone and add the below

botnet 7 perl error

I only found one reference to this error searching the net Use of uninitialized value in string eq at /etc/mail/spamassassin/Botnet.pm line 564, GEN16 line 7 This appears to be the line of code in Botnet.pm although I could be wrong Mail::SpamAssassin::Plugin::dbg(Botnet: miss ( . $tests

RE: spamassassin with qmail

_ From: night duke Hi i'm trying to use spamassassin with qmail but i was unable to use them together. Anyone can help me?. Thanks. Until you get to know it well this can and will help http://www.qmailrocks.org http://www.qmailrocks.org/

sa-learn and qmail Maildir

I guess the bottom line is what are qmail folks doing for training? I had never thought about it before yet I haven't had the need to sa-learn anything until recently When processing using sa-learn in a qmail Maildir should one use an options below --mboxInput

RE: sa-learn and qmail Maildir

From: Theo (note: I don't use qmail) maildir is typically one file per message in a directory. In that situation, just pointing at the directory would be appropriate, sa-learn will use all messages in the directory. Yup. That's why I figure that going to the appropriate

train forwarded messages on local SA server

Is it ok to sa-learn train forwarded messages that end up in my local account mailboxes from accounts on remote servers (out of my admin control) that are spam? - rh -- Robert - Abba Communications Computer Internet Services (509) 624-7159 - www.abbacomm.net

RE: market buy with image

By fred rules, do you mean by Fred Tarasevicius Which specific fred rules are the best by experience? Thanks! - rh -- Robert - Abba Communications Computer Internet Services (509) 624-7159 - www.abbacomm.net

RE: market buy with image

I'd use 00_FVGT_File001.cf which is a new file Fred. This combines a lot of his older 88_FVGT* cf files into one. -- -Doc Thanks, if anyone out there running some or a lot of the FRED rules with a lot of success or should we only run certain ones in general Bottom line is, I

RE: Re[2]: market buy with image

My rules are very aggressive, but they can and possibly will cause FP's!! As soon as 3.2 is released, those rules of mine that survive the rescoring and mass-check runs will be included in the stock rules! Frederic Tarasevicius Good lookin' out Frederic Will you please keep us posted

spamdoptions ???

Apologies for not finding it in my searching yet... I think it is my sometimers kickin' in... ;- I am looking for info on the granularity knob control for number of extra spamd daemons on startup. ...AND if one has enough processors and ram memory, how to know how many extra to have

sa-learn --sync importance ???

Can anyone comment on the true importance of this command and option below? sa-learn --sync my simple research is telling me that if you don't do this at some regular interval, that your training isn't fully put into action when journaling starts. I haven't found much mention of it on the www

RE: sa-learn --sync importance ???

I didn't quite parse that. But man sa-learn, it has many an informational statement about how it all works. In short, by default, it stores token timestamp updates. Whenever the journal goes over a certain size, SA will automatically sync it for you. Thank you Theo and Matt for the

stupid users tricks in the wrong place with sa-learn

If a person was logged in as user spamd And was in the /home/spamd directory and accidentally did this command sa-learn --spam --showdots * would sa-learn actually do anything and fry the spamassassin database? I know it will try, yet will it succede at anything in this accident? Or? - rh

RE: stupid users tricks in the wrong place with sa-learn

I don't know about fry the DB, but sa-learn will happily attempt to learn from whatever files/directories matched '*'. Likely, it'll see them all as messages w/ no headers, so a lot of body tokens. The question of course is, does this matter, which is hard to say. If the tokens are

one or two different processes for sa-learn

In the circumstance of using sa-learn Is it ok to have sa-learn --spam --showdots * sa-learn --ham --showdots * running as two different processes on two different datasets at the same time with SA 3.1.7 ? or is it better to do serially ? - rh -- Robert - Abba Communications Computer

RE: one or two different processes for sa-learn

If you're using a DBM file (as opposed to SQL), you can only have 1 process writing the DB at any given point. So you can run both commands, but one of them will be sitting there waiting for the write lock until the other one is done. I'd probably just specify both ham and spam sets

RE: one or two different processes for sa-learn

There's a couple of ways, but a simple one is: sa-learn --ham ... --spam ... where ... are the files you want to learn. I see I take it you have done this... And one can use wildcards doing this without problem? - rh -- Robert - Abba Communications Computer Internet Services

latest changes and external rulesets

I looked briefly at the changelog info I was wondering, are there any external rulesets that we should not use or change out of from 3.17 to 3.18 upgrade because some of the external rules were pulled into SA? Thanks and kind regards - rh -- Robert

RE: Google Summer of Code 2007 ...

May I ask... Whis is this thread named as such. Does Google help fund SA efforts in one or multiple ways? If so, may I ask how or directions to already posted docs on it? - rh -- Robert - Abba Communications Computer Internet Services (509) 624-7159 - www.abbacomm.net

RE: Google Summer of Code 2007 ...

Yes, if you Goole for Google Summer of Code+spamassassin you'll get a bunch of relevant hits. ;) For example, check out: http://wiki.apache.org/spamassassin/SummerOfCode2006 Thank you I was hoping for meaningful and relevant info from someone of authority and in the know from the SA

RE: tie failed

1) are you using bayes_path ? 2) have you set bayes_file_mode 0777 in your local.cf? If you use bayes_path in a multi-user environment, you *MUST* set bayes_file_mode 0777 in local.cf. Also, make sure that /var/.spamassassin has world rwx privileges. Doesn't this create a potential

RE: complete false hits for BASE64 and LW_STOCK_SPAM4

However, all blackberry messages also hit base64 text and excess base64 which puts them right on the edge. Anything that hits any other rule will cause a problem. And frankly I disagree with the logic that rules that hit wrongly shouldn't be fixed unless it raises the score about 5.0.

RE: lowering your spam threshold howto

It's very simple. Tag messages above your soft limit and put them in a different folder. Check the folder periodically for false positives. Try to identify why they are FP. Look carefully at all of your normal mail, and confirm where it normally scores. Lower your score limit to the

RE: lowering your spam threshold howto

Hm. Your experience differs from mine. I tried using bayes, spent hundreds of hours training bayes with lots of good mail from archives, and lots of bad mail, and never got better than .5% (point- five or .005) difference in spam detection. So we stopped using it. In comparison, we've

SA integration with qmail-scanner-queue.pl question(s)

Greetings I have stable long term SA setups integrated with qmail-scanner-queue.pl The way I have it setup, I have qmail-scanner-queue.pl take the incoming mail and hand it to SA 3.1.8 for scoring. If the score is equal to or above a certain number it does an SMTP rejection. In this setup we

RE: Bayes and Upgrade

F: Theo Van Dinter No. Especially not for a maintenance release upgrade (major.minor.maintenance). Hm Will we need to retrain for the upcoming 3.2.0 ? Im not sure if that is considered major or not -- Robert - Abba Communications http://www.abbacomm.net/

RE: NOTICE: SpamAssassin 3.2.0-pre2 PRERELEASE available

127/8 is now always trusted. Remove that trusted_networks 127/8 line and all should be well. Phil Are you saying we should remove the entry 127.0.0.1 from the trusted_networks ? What about if in the internal_networks entry ? Is this for 3.2.0 only or is it in 3.1.8 too? Isn't this

RE: Spamassassin 3.1.8

I have upgraded spamassassin from 3.1.7 to 3.1.8 and have a easy quiestion, When I look at the headers it still shows that Spamassassin 3.1.7 is installed / running Why is that? I did the following -- downloaded Mail-SpamassAssin- 3.1.8.tar.gz and installed by perl Makefile.PL / make /

RE: Spamhaus Tests

I've just spotted a major flaw then that's going to hit me when this changes. Not being an ISP, I have no idea what my users' IP addresses are at any given time. They authenticate when using SMTP so that I will accept and forward the mail but may well be using an ISP dial-up or DSL

RE: reset spam bayes

Dean Manners said: sa-learn --clear Make sure you have a ham/spam pile ready to re-train your db's after clearing. Hmm so if someone does this sa-learn --clear Q: when that command is completed, should one restart SA or are we good to go immediately after for training etc? - rh

RE: Is Bayes Dead? Have the spammers won?

Are you sure of this? Have you also trained these ham messages to counter this effect? Not too long ago we were in the same situation. I have autolearn enabled but I have adjusted the thresholds to avoid This is quite possible. I have heard other stories of people using things

RE: Sender Address Verification is NOT abouse and very effective

+1 If Marc is bouncing spams, even when domains who refuse to play the SAV game are involved, he's being even more abusive than I had thought. Daryl I'm confused, Rick said he was rejecting in the smtp session above a certain score too... Bounce, reject... etc... Are you talking

whitelist_from_rcvd inquiry

Greeting, Can lines be combined in a situation like this... whitelist_from_rcvd [EMAIL PROTECTED] hisdomain.com whitelist_from_rcvd [EMAIL PROTECTED] hisotherdomain.com does this work or should this be done? can they be combined into one statement or should they be separate? Any other tips

RE: whitelist_from_rcvd inquiry

Matt Kettler wrote: Separate. *snip* In general, for options that you can do many of on one line, you only put the option name itself once, you don't repeat it. Thanks What I was getting at is what if there are multiple sending hosts... Obviously the thing that changed was the last

mistakes with sending email address to list

Greetings, I would appreciate it if the list admins would make it so that mistake (emails with wrong sending email address) would bounce instead of being allowed to make it to the list please? Comments? -rh -- Abba Communications Internet PO Box 7175 Spokane, WA 99207-7175 www.abbacomm.net

RE: Spam bounceback attack

Jason wrote: Thanks Jim and John, that helps a lot. I'm glad that qmail is like this by default because otherwise my setup would be to blame. :) I'm using qmail to handle incoming and outgoing mail for my domain but using a very old lan based mail server to actually deliver mail to our users

RE: USing Botnet.cf to delete all spam incoming

Any recipe recommendations? -- Doc, Score the rule high and reject the email before accepted. We do it in some of our installations using a patched older version of qmail-scanner-queue.pl If you need more website references, hit me off list... - rh -- Abba Communications Internet

RE: USing Botnet.cf to delete all spam incoming

You use sendmail. http://www.google.com/search?hl=enq=reject+spam+during+sendmail+smtp+sessio n+for+spamassassin+scoring http://wiki.apache.org/spamassassin/DeletingAllMailsMarkedSpam http://wiki.apache.org/spamassassin/IntegratedInMta We use qmail, specific qmail patches, ClamAV,