>> I haven't set up any antivirus measures on my Gentoo systems so I >> think I should. Is clamav run as a scheduled filesystem scanner on >> each system and as an email scanner on the mail server all that's >> necessary? > > > Nobody (as far as I know?) scans linux filesystems unless there's a legal > requirement or the files might wind up on a Windows box.
Very cool. I found out clamscan and avgfree scan the filesystem so I thought I should set it up, but if it's not necessary I won't bother. All of my mail users are on Gentoo so do I need to bother having clamav scan my incoming mail? >> I'm currently greylisting email to prevent spam from getting through. >> It catches a lot, but more and more gets through. I'm not using any >> mailfilters now and If I set up a clamav mailfilter I think I may as >> well set up a spamassassin mailfilter to take the place of >> greylisting. Is this the best guide for clamav and spamassassin: > > > SpamAssassin shouldn't take the place of greylisting; they reject different > stuff. Keep the greylisting unless the delays bother you, but use postscreen > to do it (see below). I just did some reading on postscreen but it doesn't sound like a greylister. Should I use postscreen in addition to postgrey, or are they substitutes for each other? >> http://www.gentoo.org/doc/en/mailfilter-guide.xml >> >> Could I run into any problems with clamav or spamassassin that might >> make we wish I hadn't implemented them? > > > Yeah. The first is false positives. The second, related problem is that > you'll have to manage a quarantine unless you stick amavisd-new in front of > the postfix queue. Now that sounds like a hassle. Greylisting leaves me with about 50/50 spam/legit mail and maybe incorporating postscreen I'll do even better. Deleting spam in my inbox might be easier than dealing with false positives and managing a quarantine. - Grant > It's in that respect that the tutorial is outdated; otherwise, it looks good > (I just skimmed it). > > There is great benefit to the before-queue setup: mail will never disappear. > Senders either get a rejection, or the mail is delivered. With the > after-queue setup, you can no longer reject or else you'll be > backscattering. So, you either deliver the spam, or you quarantine it (very > bad if it's a false positive). > > The downside is that you use more resources: one amavisd-new per connection. > However, the addition of postscreen to postfix has largely ameliorated this. > Since postscreen rejects most of the junk, amavis only gets started for > smtpd sessions that are likely to succeed. > > The easiest way to migrate is through incremental improvement. We used to > use a system like the one in that guide. I enabled postscreen over the > course of a week, and retired postgrey, which we had been using for > greylisting. Once that was working properly, I simply dropped the > content_filter in favor of smtpd_proxy_filter to move amavis in front of the > queue.
