Hello, Sorry for being late in replying. I was very busy with a Project deadline.
For a setup as large as yours, you will definitely have to run some sort of a content scanner. Since whitelisting and blacklisting can only stop 40-50%of all spam, I would suggest you rethink your anti-spam strategy. 1. Setup a Content-Scanner at the periphery of your setup. Have a qmail/postfix box along with Spamassassin ( properly configured) which accepts mails for the domains and forwards them to the internal mail-servers. Use a combination of RBL Servers at the anti-spam box. You might also want to use tarpitting as well, and manage the incoming bandwidth at that server for connections to port 25 from IPs without reverse DNS. Add some rule-based filters as well. You can also add Bayesian or Markovian Filtering on top of this to have a more spam free setup, though you will have to spend a lot of time maintaining it or even setting it up. But there are certain newer spamming concepts like image tunneling, dictionary salads, etc, which bypass traditional filtering techniques. It all depends on the amount of flexibility your server farm has and hhow much you can do about adding in newer features. I use qmail, on Linux, FreeBSD and so do many of our clients, and also people/companies I know. You will be surprised at the possibilites that qmail has wrt flexibility. HTH, Cheers, Animesh -- Animesh Bansriyar <[EMAIL PROTECTED]> Chief Scientist, NeoLinux Solutions. http://neolinuxsolutions.com, +91-651-3112497. On Sat, 2004-10-02 at 02:50, [EMAIL PROTECTED] wrote: > Let me explain you about my configuration. First of all my servers are not > supporting open relays (RFC2505 & RFC2635), relay only allowed from the > server ips and loop back ip, phpsuexec and suexec not enabled (to disable > formmail.cgi & mailnull senders), X-PopBeforeSMTP added (to track down > headers), not tracking the origin of messages sent though the mail server by > adding the X-Source headers (to avoid unroutable mail domain messages), > denying any messages from black listed domain, unauthenticated users. > > Now let me tell you about whitelisted domains. There are some domains rather > group of ips mainly from dsl - dialups or may be statics who run open > relays, open proxys for may be any reason you say are listed in white listed > domain (dnsbl.njabl.org). Considered as harmless but know to public. > > I can avoid +whitelisted_domains by denying messages from all mails from > white/black lists. But after that the main problem I'll face is huge CPU > cause MTA will check each and every mail before sending to :blackhole or > :fail or /dev/null, so I'm just droping the messages. It is showing 'unknown > named domain' cause it is unable to do a reverse DNS on the ips. I'm already > using RBL sevrers. BTW I'm using exim as MTA. > > Last of all if I delete the spams that will be the best but can't do because > my CPU will be then compromised with 100+ though some of my server are quad > processors and even upto 4g RAM. You can imagine I've 30+ servers with 100+ > load and 10000+ users are shouting at me for delayed mails and defunct > process. I'll be screwed. > > Any help will be welcome. > -- To unsubscribe, send mail to [EMAIL PROTECTED] with the body "unsubscribe ilug-cal" and an empty subject line. FAQ: http://www.ilug-cal.org/node.php?id=3
