Spam/AV filtering
Good morning, I am using sendmail/qpopper and need a way to do spam and virus filtering. There seems to be a number of ports I can use in the ports collection. I was hoping to get some advice on which one you prefer. I am a bit of a novice so something easy to install would be preferable and I am also on a budget so cheap/free is preferable as well. Thanks. --Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Spam/AV filtering
Charles Lamb wrote: I am using sendmail/qpopper and need a way to do spam and virus filtering. There seems to be a number of ports I can use in the ports collection. I was hoping to get some advice on which one you prefer. Start with amavisd-new + spamassassin + clamav. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Spam/AV filtering
Would I want to enable milter with clamav? Also does amavisd-new actually do the handling? I had clamav installed and it scanned like a champ but that's all it did. It showed me a bunch of viruses/malware but did nothing about it. Thanks. -Original Message- From: Chuck Swiger [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 17, 2005 10:02 AM To: Charles Lamb Cc: freebsd-questions@freebsd.org Subject: Re: Spam/AV filtering Charles Lamb wrote: I am using sendmail/qpopper and need a way to do spam and virus filtering. There seems to be a number of ports I can use in the ports collection. I was hoping to get some advice on which one you prefer. Start with amavisd-new + spamassassin + clamav. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Spam/AV filtering
On Tue, 17 May 2005 10:06:22 -0400 Charles Lamb [EMAIL PROTECTED] wrote: Would I want to enable milter with clamav? Also does amavisd-new actually do the handling? amavisd-new works as a sort of in-between tool between the MTA and clamav I had clamav installed and it scanned like a champ but that's all it did. It showed me a bunch of viruses/malware but did nothing about it. Thanks. without something like amavis (there's more than just amavisd-new) that's not gonna help, unless you use e.g. the clamav-plugin from sylpheed-claws if that latter would be your mail-client personally i'm quite happy with postfix+clamsmtp+spamassassin+procmail, (clamsmtp is also in the ports-collection) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Spam/AV filtering
Charles Lamb wrote: Would I want to enable milter with clamav? Also does amavisd-new actually do the handling? I had clamav installed and it scanned like a champ but that's all it did. It showed me a bunch of viruses/malware but did nothing about it. Thanks. That depends on whether you want to callout to clamav directly or via amavisd, which will then call SA amd clamav if needed. But yes, if you are using sendmail as the MTA, it would be a good idea to enable milter so you can change your mind and still have it work. If you use amavisd, viral and spammy messages get placed in /var/quarantine (or some such path). -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Spam/AV filtering
On Tue, 17 May 2005, Charles Lamb wrote: Would I want to enable milter with clamav? Depending on your needs, maybe. The clamav-milter lets sendmail reject mail containing viruses immediately, rather than having to receive them and then filter them later. You should also investigate greylisting, which has very little downside and is the most effective antispam measure I've seen yet. Here's something I wrote on that a while back. It needs to be updated, but it should give an idea: http://www.wonkity.com/~wblock/greylist.pdf The default delay introduced by milter-greylist is 30 minutes. From what I've seen in log files, this could probably be reduced to even five minutes and still be effective. Most spamware and viruses don't retry even once. -Warren Block * Rapid City, South Dakota USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Spam/AV filtering
I'm going to butt my nose in where it doesn't belong and insert my opinion here. :) Here's the setup we run, and it works incredibly well. Sendmail mail/p5-Mail-SpamAssassin mail/spamass-milter mail/spamass-rules mail/spamass-rules_du_jour sysutils/clamav (built with miltering) Add to your .mc file: INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clamav/clmilter.sock, F=, T=S:4m;R:4m') INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m') crontab nightly /usr/local/bin/rules_du_jour Make sure your ports tree is cron'ed to update regularly, have the freshclam daemon running, and I'd strong suggest subscribing to the RSS feed at http://www.freshports.org/sysutils/clamav Just my 2 cents. ;) On Tue, 17 May 2005, Warren Block wrote: On Tue, 17 May 2005, Charles Lamb wrote: Would I want to enable milter with clamav? Depending on your needs, maybe. The clamav-milter lets sendmail reject mail containing viruses immediately, rather than having to receive them and then filter them later. You should also investigate greylisting, which has very little downside and is the most effective antispam measure I've seen yet. Here's something I wrote on that a while back. It needs to be updated, but it should give an idea: http://www.wonkity.com/~wblock/greylist.pdf The default delay introduced by milter-greylist is 30 minutes. From what I've seen in log files, this could probably be reduced to even five minutes and still be effective. Most spamware and viruses don't retry even once. -Warren Block * Rapid City, South Dakota USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Spam/AV filtering
Oops, that should be security/clamav. Where my mind is this morning... On Tue, 17 May 2005, Tony Shadwick wrote: I'm going to butt my nose in where it doesn't belong and insert my opinion here. :) Here's the setup we run, and it works incredibly well. Sendmail mail/p5-Mail-SpamAssassin mail/spamass-milter mail/spamass-rules mail/spamass-rules_du_jour sysutils/clamav (built with miltering) Add to your .mc file: INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clamav/clmilter.sock, F=, T=S:4m;R:4m') INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m') crontab nightly /usr/local/bin/rules_du_jour Make sure your ports tree is cron'ed to update regularly, have the freshclam daemon running, and I'd strong suggest subscribing to the RSS feed at http://www.freshports.org/sysutils/clamav Just my 2 cents. ;) On Tue, 17 May 2005, Warren Block wrote: On Tue, 17 May 2005, Charles Lamb wrote: Would I want to enable milter with clamav? Depending on your needs, maybe. The clamav-milter lets sendmail reject mail containing viruses immediately, rather than having to receive them and then filter them later. You should also investigate greylisting, which has very little downside and is the most effective antispam measure I've seen yet. Here's something I wrote on that a while back. It needs to be updated, but it should give an idea: http://www.wonkity.com/~wblock/greylist.pdf The default delay introduced by milter-greylist is 30 minutes. From what I've seen in log files, this could probably be reduced to even five minutes and still be effective. Most spamware and viruses don't retry even once. -Warren Block * Rapid City, South Dakota USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Spam/AV filtering
On Tue, May 17, 2005 at 09:37:22AM -0400, Charles Lamb wrote: I am using sendmail/qpopper and need a way to do spam and virus filtering. There seems to be a number of ports I can use in the ports collection. I was hoping to get some advice on which one you prefer. I am a bit of a novice so something easy to install would be preferable and I am also on a budget so cheap/free is preferable as well. Thanks. Since I installed and trained bogofilter, I hardly get spam and viruses anymore. Around 100 messages are /dev/null-ed by bogofilter every day, and I get 2 to 5 messages in the unsure mailbox per week. However, a large number of spam and non-spam emails (say 1000 of each) is a prequisite for training bogofilter well. If you want I could send you my wordlist.db. It's around 8 MB. When I just started using bogofilter, I saved the spam in a separate mailbox, to check for false positives. But I dropped that after about a month. Roland -- R.F.Smith (http://www.xs4all.nl/~rsmith/) Please send e-mail as plain text. public key: http://www.xs4all.nl/~rsmith/pubkey.txt pgpbofUfXL3yW.pgp Description: PGP signature
RE: Spam/AV filtering
On Tue, 17 May 2005, Warren Block wrote: Here's something I wrote on that a while back. It needs to be updated, but it should give an idea: Okay, I updated it. I also moved it into a directory where it should have been, so there's an Apache redirect. The old URL should work, but here's the correct new one: http://www.wonkity.com/~wblock/docs/greylist.pdf -Warren Block * Rapid City, South Dakota USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Spam/AV filtering
Well I have amavisd and clamav installed and running but they aren't filtering the viruses I pick up when I do a clamdscan. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Swiger Sent: Tuesday, May 17, 2005 10:27 AM To: Charles Lamb Cc: freebsd-questions@freebsd.org Subject: Re: Spam/AV filtering Charles Lamb wrote: Would I want to enable milter with clamav? Also does amavisd-new actually do the handling? I had clamav installed and it scanned like a champ but that's all it did. It showed me a bunch of viruses/malware but did nothing about it. Thanks. That depends on whether you want to callout to clamav directly or via amavisd, which will then call SA amd clamav if needed. But yes, if you are using sendmail as the MTA, it would be a good idea to enable milter so you can change your mind and still have it work. If you use amavisd, viral and spammy messages get placed in /var/quarantine (or some such path). -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Spam/AV filtering
Charles Lamb wrote: Well I have amavisd and clamav installed and running but they aren't filtering the viruses I pick up when I do a clamdscan. There's quite a lot of RTFMming to do on these issues. For example, a whole boatload of README.foo under /usr/local/share/doc/amavis*. I've tried a number of different approaches with varying degrees of success. The greylisting idea is interesting (relaydelay.pl? --- I need to go check Warren's updated article), but I've found there's quite a few really dumb MTA out there (that don't know a 451 from a hole in the ground) ... I've got a box or two that I've used Sendmail+amavisd-new+Spamassassin+ clamav in a Dual Sendmail setup. Pretty darn effective ... AAMOF when I got too draconian with my .conf, my wife didn't get email from anyone for a good long time, and now thinks her correspondents have all given up. The downside on the Dual Sendmail is that you really, really, need a moderate chunk of Sendmail-fu. I think that probably my knowledge of Sendmail is == 1.5 hill o' beans, and there've been a couple of times I had to shell in and unstick a queue In that particular setup, one instance of Sendmail handles the SMTP (exterior) stuff, and passes everything to amavisd on localhost TCP:10024. The 2nd sendmail is listening on 10025 and gets the good stuff from amavisd for local delivery. I'll have to admit ignorance of Milter technology sounds like there might be some advantages I should find time to look into ... HTH, Kevin Kinsey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
