wolf-raven
November 17th, 2004, 15:57
Greetings, I've been searching threads on internet and reading documentation for a while trying to figure out how to filter spam on an e-mail server that already exists.
I would like to setup another server that just does the spam filtering and then "puts it back" on the e-mail server.
So a sort of filter server for an e-mail server.
Here is more definition:
These two servers are/would be in one network, the e-mail server can use the MX record, I don't want the spam filter server to use the MX record(I just want it to sneek in and do it's job).
I am running sendmail and Imap on a RedHat server using Horde/IMP ...works great, cept the spam.
Am I correct in thinking that if I create another server running procmail and spamassassin that this would do the trick? Does anyone know where I could read some good documentation using this approach?
Thank you for your comments and help,
Wolf-raven
:Eyecrazy:
bmw
November 17th, 2004, 20:11
That's a very unorthodox anti-spam setup you are proposing. Can you explain why you wish to do it that way?
The most effective place to install anti-spam filtering is at the egress point for your mail, inline with the flow. That gives the anti-spam software the most information about the email (sender-IP, envelope addresses, etc.). So that means interposing the anti-spam filter bwteeen the Internet and your internal mail server. Typical example would be a *BSD box (OpenBSD favoured if it's also connected/exposed to the Inet) running SpamAssassin.
Your plan suggests that you want the A-S s/w to read the Imap mailboxes and snatch away the spam from them. I'd say you might as well simply enable Bayesian A-S on the client mail readers themselves, that'd do about as well. You can get plugins for Outlook, and Thunderbird has decent stuff built-in. (I use it myself.)
elmore
November 17th, 2004, 20:42
I have to agree with BMW above wolf-raven. At my office which receives about 25,000 delivery attempt a day (minor to what BMW builds mail systems to handle) I have three mail servers. An external gateway which does xbl-sbl checks at spamhaus, greylisting and other various buitlins with postifx (i.e. - hostname checks, valid recipient checks, etc.)
If things pass there that mail server passes it off to another server which does all virus checking, runs Spam Assassin, DCC, and Vipuls razor.
If that passes mail is then sent to our internal exchange servers. :( I know, I know, I feel dirty enough. At least I peel my mail off and run thunderbird off a local imap server :)
Outgoing mail also passes through the virus/spam server before being delivered. Though only virus mails are applicable on outgoing mail.
We've received great success with this, currently we're catching over 99% of attempted spam deliveries, with a reported false positive rate of .002%.
Amicus
November 18th, 2004, 11:46
I have three mail servers. An external gateway which does xbl-sbl checks...
Note: My question comes from the viewpoint of a small business network since that's what I manage :)
What would be the downside of running two? i.e. external that does spam and virus scans and then passes it off to exchange.
Since we too have Exchange at my office, I wanted to protect the exchange server from the internet or rather protect the internet from the exchange server, so I installed an external gateway. Is the reasoning behind having two more so that you can offload some of the duties, drop some emails before they reach the other mailrelay, and in turn reduce the overall traffic seen?
Like I said in the note above, I manage a small network. Depending on the size of the network, would it be possible to merge all duties onto one machine? I know that single point of failure is not a good idea...but what if you don't want 5 machines for email(1 or 2 +/-exchange), dns, web, firewall, etc. It seems to me that jails would come in handy for this.
elmore
November 18th, 2004, 11:56
you could do everything on one Amicus, without issue. I broke mine out mainly because the External gateway has very little in the way of packages on it. I.E. Essentially a base install of OBSD with postfix. That relays through an stunnel to our internal gateway which has loads of packages on it as I mentioned above.
This is really personal preference I guess. I just like to minimize what runs on a public machine as much as possible.
wolf-raven
November 18th, 2004, 16:16
Thank you for all your replies. My main reason in doing this was to not disrupt e-mail by implementing a new server ...the reason I would have to implement a new server is because I am running a version of Sendmail that is not compatible with newer version of other software. I would not be able to run anti-spam on thunderbird or outlook since I have everyone use Horde/Imp webmail ...the users of the Imap e-mail would have no idea how to setup there accounts at home, even if I did screenshots of what they were supposed to do ...I'm not kidding don't laugh :)
I think I have no choice but to create a temporary new e-mail server ...erase the old e-mail server and re-build it ...probably the best thing to do any how.
Thank you all very very much ...I will be asking question later once I map this plan out. ;)
elmore
November 18th, 2004, 17:55
You could implement everything we talked about wolf-raven with minimal to no downtime. We'll be happy to help out once you're ready. Just let us know! :)
bmw
November 18th, 2004, 20:17
wolf-raven, you are probably very wise to replace/upgrade your old sendmail server config. If you haven't done that in a while, you may be exposed to many old sendmail vulnerabilities. If it's really old, you could find yourself being used as an open relay (old-school spammers using the '!' or '%' hacks).
If you ask around here you'll be heartily encouraged to go with Postfix. I can't argue with that! :-) However, if you have a lot invested in sendmail (eg you own a bat-book) then you could do just fine to upgrade to the latest and greatest. If you were directly hacking sendmail.cf before, take the time to learn and switch to the m4 config file: sendmail.mc.
You could also have a hybrid system ala elmore's: stick with sendmail on your main mailbox server, but install a server running Postfix that relays mail between the Inet and your mailbox server. That's where you would do your anti-spam and A/V scanning. That would allow you to do a controlled, phased-in approach.