[aclug-L] Re: Looking for suggestions
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
On Fri 22 Feb 2002 03:14, Matt Pankratz wrote:
> Greetings,
>
> I'm looking for some suggestions concerning an SMTP project I'm working
> on.
>
> I'd like to implement an SMTP gateway with the following functionality:
>
> Virus Protection / Scanning
> Content Filtering
> Spam Filtering
>
> I've had experience with this in the past but with traditional commercial
> software. I'd like to be able to do a cost analysis between the two and
> present it.
>
> I've done a bit of research on some of the available open-source software
> packages. But I'd like any input / experiences that might be out there.
>
> I'd like to stay with SendMail for the MTA because I'm familiar with it
> and it seems to have good support and security.
>
> What I am not familiar with is the Virus Protection / Filtering side of
> things.
>
> Thanks in advance for any input.
>
> Matt Pankratz
Sendmail needs a local delivery agent to put mail into mailboxes, and
Procmail is the most commonly used. Procmail itself has a lot of powerful
features for creating spam filtering rules; if you have it installed, try
reading "man 5 procmailrc". Building a good anti-spam Procmail ruleset
that minimizes both false positives and false negatives takes time and
effort, but there are some projects out there to create a good anti-spam
ruleset to start from.
Also, Sendmail has some nifty anti-spamming tools available. The access_db
feature can be quite handy, because it outright bounces messages from any
unsavory domains which you specify. Add "FEATURE(access_db)dnl" to your
sendmail.mc, re-build it into sendmail.cf, then add lines of the following
form to /etc/mail/access:
pm0.net<tab>ERROR:5.7.1:550 We don't accept mail from spammers
For sendmail to recognize your access_db, you will have to makemap it (e.g.
"makemap hash access < access" from /etc/mail) whenever you change the text
file. You can also enable one or more of the various DNS-based spam
blacklists, using lines like "FEATURE(dnsbl,`bl.spamcop.net')dnl".
For content filtering, I'm currently working on a project that acts as a
filter in Procmail. It currently uses Perl's MIME::Parser package, which
is terribly slow; I eventually intend to put some finishing touches on a
MIME parsing and generating library that I'm writing in C, then use that to
create an e-mail filter. There are some similar projects already in
existence, but I like to roll my own. Your best bet is to ask Google.
Some that I've seen recently mentioned on Bugtraq in a positive light
include <http://www.roaringpenguin.com/mimedefang/> (I've used it and liked
it) and <http://qmail-scanner.sourceforge.net/> (if you ever switch to
qmail, which I personally found to be a more annoying MTA than even
Sendmail).
I recommend avoiding virus scanning whenever possible, since viruses can
easily slip past scanners if your signature database isn't up-to-date, and
all but the most famous trojans will slip through undetected. Rely on
content filtering instead, and disallow all executable content from passing
through the firewall without at least being quarantined.
--
Donald King, a.k.a. Chronos Tachyon
http://chronos.dyndns.org/ -- WWED?
Guardian of Eristic Paraphernalia
Gatekeeper of the Region of Thud
12:17pm up 118 days, 16:12, 2 users, load average: 0.01, 0.02, 0.05
-- This is the discussion@xxxxxxxxx list. To unsubscribe,
visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
|
|
