At 12:28 02-09-2007, Joe Pranevich wrote:
I maintain a large webmail host (I bet you can figure out which one) for
free/paid accounts that sends out tens of thousands of emails a day. We're
not quite Yahoo Mail or Hotmail, but we're pretty big. We're looking to scan
outbound mail using SpamAssassin and I'm hoping that someone here might have
some suggestions or feedback on what the best way to configure this would
be. I've seen a handful of posts about this in the archive, so I know it's
come up before.
SpamAssassin can be called on the outgoing MTA. As you doing
webmail, it doesn't make sense to perform tests on the Received
headers or try to detect compromised hosts using the usual
DNSBLs. You will surely have other mechanisms in place to handle
that. You may decide to have a different setup for free and for paid
accounts as traffic may be somewhat different.
My plan is to scan all outbound mail and drop all mails that match to a log
file or a separate directory where they can be hand-reviewed by someone in
our customer service department. We also wouldn't want to actually modify
the mails on the way out-- so we wouldn't add the spamassassin mail headers.
That may be a lot of email to review. You don't have to rewrite the
headers. If the message is detected as spam, it's better to stop it
before it leaves your network.
Does anyone here have practical experience or advice, tweaks, etc. that
would help us to implement this sort of thing? (I know the volume will be
fairly high, but a nice farm of machines all running spamd should be able to
load balance that part fairly well. It's the rules I'm worried about and how
to make the log/discard work the way I want.)
You'll need a DB backend that can handle the load. Depending on your
user-base, you may need to add/remove rules, especially if they use a
non-English language. You'll need DNSBL feeds for the network tests
because of the volume of the queries. Basically your setup would
evaluate the message content and return the score. From there you
can log or take whatever action you deem appropriate.
Regards,
-sm
