Hi Darrick Point taken. In fact, our firewall support contractor has pushed for us to take such a third-party facility. I've always knocked it back on the grounds that we have the tools on-site to deal with it, and do not want to take on an additional charge. If, however, we are looking to ditch the Smoothwall, making a saving on support there, then you are right that this might be worth consideration.
Whether this approach would save much bandwidth is moot. The Smoothwall operates at the SMTP level only, checking RBL and greylisting only on the basis of the SMTP headers. It is therefore only these spam headers which take up our bandwidth, not the whole emails. Anyway, thanks for the help Tom -----Original Message----- From: Darrick Hartman [mailto:[email protected]] Sent: 04 April 2012 20:00 To: 'AstLinux Users Mailing List' Subject: Re: [Astlinux-users] Incoming mail/spam Tom, I'm not aware of a good way to do this in iptables. It's really needs to be done by an SMTP service. Usually systems like this are fronted by a mechanism like amavisd that intercepts the smtp traffic, filters it through various mechanisms (spamassassin et al) and finally hands it over to the real SMTP server. The load on some of those mechanisms can be pretty high and very susceptible to attacks. You might consider one of two things: 1). Use a 3rd party filtering service and only accept SMTP traffic from their IP addresses (this usually gives you some buffering as well if you have an internet connection that goes down). Most are reasonably priced, typically a couple of $$ per mailbox. 2). Use a more full-featured firewall such as an Astaro gateway. These things are slick, but definitely cost more than free. I don't see us adding this as a feature in AstLinux. Darrick -----Original Message----- From: Tom Chadwin [mailto:[email protected]] Sent: Wednesday, April 04, 2012 2:28 AM To: 'AstLinux Users Mailing List' Subject: [Astlinux-users] Incoming mail/spam Hello all As some of you might have gathered, I'm trying to find out whether we can replace our firewalls with AstLinux. Most features we need probably are present in Astlinux, with two notable exceptions. Firstly, our current firewall is a web proxy and filter. I don't think this role will ever be fulfilled by AstLinux (though AIF's to-do lists it - http://rocky.eld.leidenuniv.nl/joomla/index.php?option=com_content&view=arti cle&id=48&Itemid=79). I am therefore investigating OpenDNS as a potential filtering route. However, the one remaining function for which our current firewall is invaluable is SMTP-level spam protection. We are currently only using two techniques available on the box (RBL and greylisting, no content scanning at all), but that is blocking around 45,000 spams a day, and letting in our approx. 1000 legit emails. These numbers show you how crucial this function is for us. I've had a very quick look at Arno's Firewall, and can see no mention of these features. Is this something anyone has looked at? Or can anyone suggest an approach which might help us? Many thanks as always Tom ---------------------------------------------------------------------------- -- Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected]. ---------------------------------------------------------------------------- -- Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected]. ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
