On Thu, Jul 10, 2003 at 12:05:43PM -0400, Doug Lee wrote:
> I seek a good system (or systems) for filtering out mail spam, email
> viruses, and web pop-up ads and such at our FreeBSD Internet gateway.

For adverts I run Squid with adzap (in the ports).  I find it pretty
good, although I find the pop-up support a little less advanced.

The email situation is different (since not everybody runs the same MTA
(although /almost/ all people running proxies I know do use squid)) and
depends heavily on your MTA.  I have tried quite a few (although for
very low volume) and am now settled on Exim (althogh Postfix would suit
my needs just as well).  Whatever you do (imho) do /not/ use Courier,
because it is slightly pedantic about standards.

I run Exim with Julian Page's MailScanner (http://mailscanner.info/),
which I find suits my purposes nicely.  It supports many virus scanners
and uses SpamAssassin for spam checks (SpamAssassin also supports
Bayesian filtering).  You can use more than one virus scanner, too.

If you're using Qmail, there is the excellent Qmail-scanner, which does
a similar job.  MailScanner will also work with Qmail, though, and I
like the way it works.  Postfix and Sendmail are also supported.

Another cross-MTA scanner is amavis (incld. amavis, amavisd and
amavisd-new -- who knows which to pick?).

SpamAssassian can either add headers to ``considered spam mails'' and
you can filter them on a per-user basis with procmail (or even allow the
user to do it from the MUA -- possibly changing the Subject instead of
the header), or just delete the mail.

> mailscanner


> Spam Assassin

Used by MailScanner.

> Vipul's Razor (the razor-agents port)

See above.

> 2.  Minimal upkeep time required from admin.

Since setup I've not had to look at MailScanner (or adzap) again.

> 3.  Simplicity of use by user (users can mail spam to an address I set
> up so it's flagged as spam, but I don't want users to have to know a
> lot of tech stuff like procmail just to filter spam).

You could easily do something yourself to create a procmailrc, or just
provide a stock one, and allow more advanced users to modify it, if they

> Virus protection at the gateway is a lower priority since we protect
> individual computers, but it wouldn't hurt.

For mail it's more important to do it at the gateway, I would have
thought.  Especially where Outlook is concerned... :)

  Best wishes,


Don't feed the bats tonight.
-| msn:[EMAIL PROTECTED] | jab:[EMAIL PROTECTED] | url:http://lewiz.net |-

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to