Frontend AntiSpam Gateway ???

Started by nexus, February 27, 2005, 11:33:40 PM

Previous topic - Next topic

nexus

I'd like to deploy Mail::Toaster as a frontend mail server to offload spam/virus scanning from my main mail server. What is the easiest way to set this up?

Pointing me to links is sufficient. I've looked but not found a clear explanation.

Seems at a glance that most of this filtering is done on a per user basis. I need it to occur to all mail coming through.

matt

The most effective way to fight spam is on a per-user basis. Who else can make a definitive decision regarding whether or not a message truly is spam? Without that, your bayesian filters are of limited utility.

Of course, the blacklists, virus filtering, and SpamAssassin network tests will still catch a huge portion of the spam (maybe 90% or so).

One of the most effective spam fighting tools is the ability to reject messages destined to users that don't exist. If the Mail::Toaster has no way of knowing (ie, it's a dumb forwarder) then it severely limits how effective it can be at filtering spam. You'll never achieve 99.8% as I have with my mail server.

Having said that, it can make an effective spam filter to stick in front of your (exchange?) server. Simply configure it to accept mail for your domain (rcpthosts) and forward it to your domain via the smtproutes config file.

Depending on how many users you have, it might be worth it to add all the users on the Mail::Toaster and then forward each mailbox to your internal server. Then you can set up a honeypot to automatically drop all messages destined to invalid users into the honeypot, which you have SpamAssassin regularly learning as spam.

You could also set up special mailboxes on the toaster that automatically delivers any messages to mailto:spam@yourdomain.com" target="_blank">spam@yourdomain.com to a special mailbox that SpamAssassin learns from.

Matt

jg

Having said that, it can make an effective spam filter to stick in front of your (exchange?) server. Simply configure it to accept mail for your domain (rcpthosts) and forward it to your domain via the smtproutes config file.

Depending on how many users you have, it might be worth it to add all the users on the Mail::Toaster and then forward each mailbox to your internal server. Then you can set up a honeypot to automatically drop all messages destined to invalid users into the honeypot, which you have SpamAssassin regularly learning as spam.

Matt,

I need more detailed documentation for the second paragraph above.  Can you point me to it?

thanks

John

jg

Matt said:

"The most effective way to fight spam is on a per-user basis. Who else can make a definitive decision regarding whether or not a message truly is spam? Without that, your bayesian filters are of limited utility".

I have a catch-all user for an old domain name that gets mail from spammers who have known about it for up to 10 years.  Most of the spam that goes there is identified as such and eventually blocked by the Bayesian filter after I put it in the Spam folder (but maybe that has nothing to do with the Spam folder at all, I'm not sure) and some of it isn't.  I put certain types of spam in the Spam folder every single day and it still comes in, every single day.  That's why I've been trying to find a way to write a manual filter for example that will block all mail from forbesdigital.com, still without success.  After getting those emails and certain others for over a year I have come to believe that the Baysian filter isn't going to let me decide what is spam and what isn't.  If anyone can offer guidance about this, of course I'd love to see it.

thanks

John
 

Nick Cockinos

in /var/qmail/control edit the following:

smtproutes
mybigdomain.com:mail.mybigdomain.com


rcpthosts
mybigdomain.com


in DNS MX 10 your gateway toaster and MX 20 your destination server.

Should work a treat.

btsteve

There is no smtprouts file in my /var/qmail/control do i just creat one???

D3s7

I'm trying this myself on a brand new box w/ FreeBSD 6 and lastest toaster

mail is being passed on but I can't find any evidance that it's being scanned w/ spamassassin / clam before it is sent..

setup to use simscan and filter metod is set to tcpserver.

spamassassin is set to site

filtering debug is set on....

any additional help would be appreciated

Thanks

D3s7

actually.. i figured it out... helps when I reread the docs.

Thanks

jerm

Then you can set up a honeypot to automatically drop all messages destined to invalid users into the honeypot, which you have SpamAssassin regularly learning as spam.

i like this idea a lot, but i've read warnings about having bayesian DBs with too much spam and not enough ham having a propensity to turn up false positives.  This sounds like a recipie for that situation.  So you know of a good solution, or is the assertion bunk in the first place?

thanks matt.

jerm

matt

The cautions about making sure your ham and spam corpuses are of comparable scale is quite valid. I actually have several honeypot addresses, but I don't worry about the balance because I keep all the spam folders (including honeypots) cleaned out by automatically removing messages more than 30 days old.